this is a capture from a tcp traffic.
i want to make a custom app id because in my log it say my application is an unknown-TCP application
how can i get the signature from the digits (image) ?
can someone thell me or give me tips how i should make a custom app id from a packet capture
Coulds you share PCAPs of this application, preferrably from a few different sessions? That would make it much easier to create a custom signature.
Another option is to create an "empty" AppID (essentially an AppID without a Layer-7 signature). Then you can create an App-Override policy that maps traffic to your custom application server (using both IP Address & TCP Port #) to your newly-created AppID.
As @jvalentine pointed out you'll need to provide PCAPs of the traffic to help build the signature or you can create a custom application. WIthin the application you would simply give it any Properties that you actually want it to have, set the default ports if desired, and then leave the actual 'Signature' section empty.
You can then build an application override policy that lets you specify a wide range of information. If you know that an internal source reaching out to a specific destination server over tcp 41794-41795 is going to be your custom application you can build a policy for that and it will simply map that traffic to the custom application ID that you created.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!