Creating Custom App-ID for an unknown TCP session that is encrypted or doesn't seem to have a pattern.

Reply
L0 Member

Creating Custom App-ID for an unknown TCP session that is encrypted or doesn't seem to have a pattern.

How do i create a custom App-ID if i can't see any pattern on the captured packets? The pcap data seems to be encrypted. For example, i was trying to create a custom app-id for the game Clash Of Clans and i can't seem to find any pattern at all.

L7 Applicator

Re: Creating Custom App-ID for an unknown TCP session that is encrypted or doesn't seem to have a pattern.

App ID works of regular expression so you do have to find a pattern of some sort.

I would submit a request for a new official App-ID using these instructions.

How to Request a new App-ID

Then contact your sales engineer to see if there is a way they can goose the process.

You can also look to use old fashion methods.  See if the game has a known set of ip addresses you can simply block with a standard rule in the mean time.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!