Tip: Anonymous and Unknown Users


#1

In the Users field of certain protocols such as Database and Storage, the usernames Anonymous and Unknown may appear. These usernames are described below.

Anonymous - This means that the login was encrypted, so the ExtraHop could not get the username. This can be overcome by loading the server certificate into the ExtraHop.

Unknown - This means that the ExtraHop missed the login, most likely because of desyncs.

Also of note, there is a Username of Pre-Login - which is ExtraHop counting login type messages before it has seen the username packet. For more information on this, please see the article on The Pre-Login User.


#2

Is there a link to the article “The Pre-Login User”?