unusual_protocol

Suggest Edits

Explanation

The unusual_protocol event is triggered when the Netography Fusion Portal identifies an uncommon IP protocol being used on the network. IP packets encapsulate higher level protocols such as TCP and UDP. There are 256 possible protocols. Some are unusual or rare.

What to Look For

This event is most likely triggered by the use of an uncommon networking technology within your environment. Unexpected or unauthorized use of invalid IP protocols might indicate an attempt by an attacker to hide command and control traffic within a network.

Related MITRE ATT&CK Categories

Protocol Tunneling, Techniques T1572

Updated 13 days ago