Documentation>Cisco IoT Operations Dashboard
Cisco IoT Operations Dashboard

Capture modes

The Capture mode feature lets you choose which network communications will be analyzed by the sensors. You can set it during the sensor application configuration or when redeploying a sensor. Capture mode in Cisco Cyber Vision improves performance on large networks.

This feature allows you to monitor relevant traffic and reduce the load on the sensor. For example, a common filter in a sensor can consist of removing the network management flows (SNMP). Set a filter like "not (port 161 and host 10.10.10.10)" where "10.10.10.10" is the network management platform.

Capture modes apply filters on each sensor. Set filters to define which types of incoming packets the sensors will analyze. Set a different filter on each sensor according to your needs.

The following are the capture modes:

  • ALL: No filter is applied. The sensor analyzes all incoming flows.

  • OPTIMAL (Default): The applied filter selects the most relevant flows according to Cisco's expertise. Multicast flows are not recorded. We recommend this capture mode for long-term capture and monitoring.

  • INDUSTRIAL ONLY: The filter selects industrial protocols only like Modbus, S7, EtherNet/IP, etc. This means that IT flows of the monitored network won't be analyzed by the sensor and won't appear in the GUI.

  • CUSTOM (Advanced users): Use this capture mode to fully customize the applied filter. Use the tcpdump syntax to define the filtering rules.

Next