Identification of Application Protocols in the Web Interface

The following table outlines how the system identifies detected application protocols:

System Identification of Application Protocols
Identification	Description
application protocol name	The management center identifies an application protocol with its name if the application protocol was: positively identified by the system identified using NetFlow data and there is a port-application protocol correlation in `/etc/sf/services` manually identified using the host input feature identified by Nmap or another active source
`pending`	The management center identifies an application protocol as `pending` if the system can neither positively nor negatively identify the application. Most often, the system needs to collect and analyze more connection data before it can identify a pending application. In the Application Details and Servers tables and in the host profile, the `pending` status appears only for application protocols where specific application protocol traffic was detected (rather than inferred from detected client or web application traffic).
`unknown`	The management center identifies an application protocol as `unknown` if: the application does not match any of the system’s detectors. the application protocol was identified using NetFlow data, but there is no port-application protocol correlation in `/etc/sf/services`. Snort has closed the session but it still persists in the device. Here, the traffic is allowed to pass through the firewall, but the application is not detected.
blank	All available detected data has been examined, but no application protocol was identified. In the Application Details and Servers tables and in the host profile, the application protocol is left blank for non-HTTP generic client traffic with no detected application protocol.