Creating Custom App-ID for an unknown TCP session that is encrypted or doesn't seem to have a pattern.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Creating Custom App-ID for an unknown TCP session that is encrypted or doesn't seem to have a pattern.

L0 Member

How do i create a custom App-ID if i can't see any pattern on the captured packets? The pcap data seems to be encrypted. For example, i was trying to create a custom app-id for the game Clash Of Clans and i can't seem to find any pattern at all.

1 REPLY 1

L7 Applicator

App ID works of regular expression so you do have to find a pattern of some sort.

I would submit a request for a new official App-ID using these instructions.

How to Request a new App-ID

Then contact your sales engineer to see if there is a way they can goose the process.

You can also look to use old fashion methods.  See if the game has a known set of ip addresses you can simply block with a standard rule in the mean time.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 1881 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!