Testing a Custom Application Protocol Detector

If you have a packet capture (pcap) file that contains packets with traffic from the application protocol you want to detect, you can test a custom application protocol detector against that pcap file. Cisco recommends using a simple, clean pcap file without unnecessary traffic.

Pcap files must be 256 KB or smaller; if you try to test your detector against a larger pcap file, the management center automatically truncates it and tests the incomplete file. You must fix the unresolved checksums in a pcap before using the file to test a detector.

Before you begin

Configure your custom application protocol detector as described in Configuring Custom Application Detectors.

Procedure

Step 1

On the Create Detector page, in the Packet Captures section, click Add.

Step 2

Browse to the pcap file in the pop-up window and click OK.

Step 3

To test your detector against the contents of the pcap file, click evaluate next to the pcap file. A message indicates whether the test succeeded.

Step 4

Optionally, repeat steps 1 to 3 to test the detector against additional pcap files.

Tip	To delete a pcap file, click Delete () next to the file you want to delete.

What to do next

Continue configuring your custom application protocol detector as described in Configuring Custom Application Detectors. You must save and activate the detector before the system can use it to analyze traffic.