Options
Searching for a hash value
Gegs
Newbie ✭
Is it possible to search for a specific hash value to see if it has transited through a TZ470 firewall? The firewall has APSS licensing and NSM advanced, is set for enhanced security, has inbound inspection enabled on all but CIFS and CATP captures all file types for analysis. Alternatively how can I identify if a particular hash value would be identified by any particular signature?
Category: Entry Level Firewalls
0
Answers
Hash value is computed by the sender and receiver separately and is stored or send to aid later lookup. Whether it will be stored within the two hosts itself or send within the traffic is based on the application function and its respective protocol design. For example, ESP has a protocol header field called Authentication Data field, which contains a variable auth data field based on the Auth algorithm that was chosen to set up the SA and this can be retrieved using packet capture and viewed using Wireshark. But this is related to IPSec and is not how other features function or operate. Is your question related to CATP Hash values or can you explain in detail what traffic are you referring to, and if possible, submit a screenshot or a sample packet capture of it?