How can Identify Microsoft System Center Configuration Manager Traffic?

5

I'm establishing some rules for filtering my traffic based on HTTP request. In the process I noticed some packets with the http method CCM_POST. A quick search turned up this question on Server Fault and thus lead me to the Microsoft System Center Configuration Manager.

Is there anyway I can prevent my filter from capturing this traffic? It would seem to me this would be as easy as ignoring all http methods with CCM in them but I can't find any definitions of the associated protocol to ensure this is the case.

tzenes

Posted 2010-10-18T23:49:01.207

Reputation: 359

Do you still have this problem? What program are you configuring the rules in? – Tamara Wijsman – 2011-08-28T00:24:55.700

Answers

1

What are you using to capture the packets?

Using wireshark you could filter this traffic from the display using:

!(http.request.method == "CCM_POST")

However to prevent it's capture completely you would need to filter is based on the destination IP port of the message. The CCM_POST is sent to System Center Configuration Manager or System Management Server Management Points.

Bernie White

Posted 2010-10-18T23:49:01.207

Reputation: 140

I realize I had forgotten about this question. Since I was using tshark (a cli version of wireshark) this is ultimately what I did. I think What I was looking for was: "Does all CCM have an http method with the string 'CCM'" in it. Turns out the answer is yes. – tzenes – 2012-03-14T14:54:59.730

0

You can use Windows network monitor tool that comes with Windows. Its so simple and easy.

user101466

Posted 2010-10-18T23:49:01.207

Reputation: 1

Asked: 2010-10-18T23:49:01.207

Viewed: 581 times

Active: 2011-10-14T15:41:40.480