Specifying Detection Patterns in Basic Detectors
You can configure a custom application protocol detector to search application protocol packet headers for a particular pattern string. You can also configure detectors to search for multiple patterns; in that case the application protocol traffic must match all of the patterns for the detector to positively identify the application protocol.
Application protocol detectors can search for ASCII or hexadecimal patterns, using any offset.
Before you begin
-
Begin configuring your custom application protocol detector as described in Configuring Custom Application Detectors.
Procedure
Step 1 | On the Create Detector page, in the Detection Patterns section, click Add. | ||
Step 2 | Choose protocol type from the Application drop-down list. | ||
Step 3 | Choose pattern type from the Type drop-down list. | ||
Step 4 | Type a Pattern string that matches the Type you specified. | ||
Step 5 | Optionally, type the Offset (in bytes). | ||
Step 6 | Optionally, to identify application protocol traffic based on the port it uses, type a port from 1 to 65535 in the Port(s) field. To use multiple ports, separate them by commas. | ||
Step 7 | Click a Direction: Client or Server. | ||
Step 8 | Click OK.
|
What to do next
-
Continue configuring your custom application protocol detector as described in Configuring Custom Application Detectors. You must save and activate the detector before the system can use it to analyze traffic.