https://live.paloaltonetworks.com/t5/general-topics/applipedia-search-by-port-number/m-p/38057#M27867 <HTML><HEAD></HEAD><BODY><P>Does anyone know if it's possible to search for an application by port number instead of name, to see if you can find a match?</P><P></P><P>I have some connections using an application that shows a known - and recognised - PORT number when I run a packet capture, vis-a-vis</P><P></P><P>12:49:53.009216 IP (tos 0x0, ttl 128, id 47750, offset 0, flags [none], proto: UDP (17), length: 260) www.xxx.yyy.zzz.epnsdp &gt; someone.else.somewhere.net.62395: [udp sum ok] UDP, length 232</P><P></P><P>which shows the proocol as epnsdp (UDP 2051, which matches the descriptions I can find for this port by JFGI) but I can't find if there's already a defined application which I might be able to use for this traffic in a policy (rather than the app-override I've got now) before I bother PA with a request for a new application.</P><P></P><P>I don't want to go through all 1200-odd applications looking for this port so I can try applications and see if they match under some other name than what the guys using it know it as.</P><P></P><P>Hope this isn't as muddled as it sounds to me. Oh well. Maybe someone will have an idea.</P><P></P><P>Cheers</P></BODY></HTML> Tue, 14 Dec 2010 02:09:43 GMT dagibbs 2010-12-14T02:09:43Z https://live.paloaltonetworks.com/t5/general-topics/applipedia-search-by-port-number/m-p/38057#M27867 <HTML><HEAD></HEAD><BODY><P>Does anyone know if it's possible to search for an application by port number instead of name, to see if you can find a match?</P><P></P><P>I have some connections using an application that shows a known - and recognised - PORT number when I run a packet capture, vis-a-vis</P><P></P><P>12:49:53.009216 IP (tos 0x0, ttl 128, id 47750, offset 0, flags [none], proto: UDP (17), length: 260) www.xxx.yyy.zzz.epnsdp &gt; someone.else.somewhere.net.62395: [udp sum ok] UDP, length 232</P><P></P><P>which shows the proocol as epnsdp (UDP 2051, which matches the descriptions I can find for this port by JFGI) but I can't find if there's already a defined application which I might be able to use for this traffic in a policy (rather than the app-override I've got now) before I bother PA with a request for a new application.</P><P></P><P>I don't want to go through all 1200-odd applications looking for this port so I can try applications and see if they match under some other name than what the guys using it know it as.</P><P></P><P>Hope this isn't as muddled as it sounds to me. Oh well. Maybe someone will have an idea.</P><P></P><P>Cheers</P></BODY></HTML> Tue, 14 Dec 2010 02:09:43 GMT https://live.paloaltonetworks.com/t5/general-topics/applipedia-search-by-port-number/m-p/38057#M27867 dagibbs 2010-12-14T02:09:43Z https://live.paloaltonetworks.com/t5/general-topics/applipedia-search-by-port-number/m-p/38058#M27868 <HTML><HEAD></HEAD><BODY><P>Hi there,</P><P></P><P><SPAN>You can search applications by port in the Applipedia:&nbsp; </SPAN><A class="jive-link-external-small" href="http://ww2.paloaltonetworks.com/applipedia/">http://ww2.paloaltonetworks.com/applipedia/</A></P><P></P><P>I didn't find anything using port 2051.</P><P></P><P>Even if you did find a matching port, it may not be the same application since App-ID's don't use port numbers for the signatures.</P><P></P><P>If you allow the port through via security policy the firewall will still do App-ID so you can check the identified application in the logs.&nbsp; If it comes up as "unknown-udp" then you will need to open a case to have the application added to in a future content release.&nbsp; A PCAP may be requested to get the signature written.</P><P></P><P>Cheers,</P><P></P><P>Kelly</P></BODY></HTML> Tue, 14 Dec 2010 02:50:16 GMT https://live.paloaltonetworks.com/t5/general-topics/applipedia-search-by-port-number/m-p/38058#M27868 kbrazil 2010-12-14T02:50:16Z https://live.paloaltonetworks.com/t5/general-topics/applipedia-search-by-port-number/m-p/38059#M27869 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>kbrazil wrote:</P><P></P><P>Hi there,</P><P></P><P><SPAN>You can search applications by port in the Applipedia:&nbsp; </SPAN><A class="jive-link-external-small" href="http://ww2.paloaltonetworks.com/applipedia/">http://ww2.paloaltonetworks.com/applipedia/</A></P><P></P><P>I didn't find anything using port 2051.</P><P></P><P>Even if you did find a matching port, it may not be the same application since App-ID's don't use port numbers for the signatures.</P><P></P><P>If you allow the port through via security policy the firewall will still do App-ID so you can check the identified application in the logs.&nbsp; If it comes up as "unknown-udp" then you will need to open a case to have the application added to in a future content release.&nbsp; A PCAP may be requested to get the signature written.</P><P></P><P>Cheers,</P><P></P><P>Kelly</P></PRE><P></P><P>I gave up on this one and just put in an any/any rule to allow the traffic out - it's one weird app. I've got a single packet captured, so I might chuck it into an app request and see if one of the fellas with brains at PA can make head or tails or it.</P><P></P><P>Thanks.</P></BODY></HTML> Tue, 14 Dec 2010 03:16:01 GMT https://live.paloaltonetworks.com/t5/general-topics/applipedia-search-by-port-number/m-p/38059#M27869 dagibbs 2010-12-14T03:16:01Z https://live.paloaltonetworks.com/t5/general-topics/applipedia-search-by-port-number/m-p/38060#M27870 <HTML><HEAD></HEAD><BODY><P style="text-align: left;">Thanks this helped out a lot!</P></BODY></HTML> Thu, 22 Sep 2011 18:34:45 GMT https://live.paloaltonetworks.com/t5/general-topics/applipedia-search-by-port-number/m-p/38060#M27870 rob.burgoyne 2011-09-22T18:34:45Z