This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Applipedia - search by port number?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Applipedia - search by port number?

dagibbs
L4 Transporter

‎12-13-2010 06:09 PM

Does anyone know if it's possible to search for an application by port number instead of name, to see if you can find a match?

I have some connections using an application that shows a known - and recognised - PORT number when I run a packet capture, vis-a-vis

12:49:53.009216 IP (tos 0x0, ttl 128, id 47750, offset 0, flags [none], proto: UDP (17), length: 260) www.xxx.yyy.zzz.epnsdp > someone.else.somewhere.net.62395: [udp sum ok] UDP, length 232

which shows the proocol as epnsdp (UDP 2051, which matches the descriptions I can find for this port by JFGI) but I can't find if there's already a defined application which I might be able to use for this traffic in a policy (rather than the app-override I've got now) before I bother PA with a request for a new application.

I don't want to go through all 1200-odd applications looking for this port so I can try applications and see if they match under some other name than what the guys using it know it as.

Hope this isn't as muddled as it sounds to me. Oh well. Maybe someone will have an idea.

Cheers

Labels:
0 Likes Likes
3 REPLIES 3

kbrazil
L4 Transporter

‎12-13-2010 06:50 PM

Hi there,

You can search applications by port in the Applipedia:  http://ww2.paloaltonetworks.com/applipedia/

I didn't find anything using port 2051.

Even if you did find a matching port, it may not be the same application since App-ID's don't use port numbers for the signatures.

If you allow the port through via security policy the firewall will still do App-ID so you can check the identified application in the logs.  If it comes up as "unknown-udp" then you will need to open a case to have the application added to in a future content release.  A PCAP may be requested to get the signature written.

Cheers,

Kelly

dagibbs
L4 Transporter
In response to kbrazil

‎12-13-2010 07:16 PM 

kbrazil wrote:
Hi there,
You can search applications by port in the Applipedia:  http://ww2.paloaltonetworks.com/applipedia/
I didn't find anything using port 2051.
Even if you did find a matching port, it may not be the same application since App-ID's don't use port numbers for the signatures.
If you allow the port through via security policy the firewall will still do App-ID so you can check the identified application in the logs.  If it comes up as "unknown-udp" then you will need to open a case to have the application added to in a future content release.  A PCAP may be requested to get the signature written.
Cheers,
Kelly

I gave up on this one and just put in an any/any rule to allow the traffic out - it's one weird app. I've got a single packet captured, so I might chuck it into an app request and see if one of the fellas with brains at PA can make head or tails or it.

Thanks.

0 Likes Likes

rob.burgoyne
L3 Networker
In response to kbrazil

‎09-22-2011 11:34 AM

Thanks this helped out a lot!

0 Likes Likes
  • 2727 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks