Extreme Analytics Custom Fingerprint - Can you define a port range?

  • 1
  • Idea
  • Updated 7 months ago
  • Under Consideration
  • (Edited)
Perhaps this should be a feature request, but I feel like I am just doing this wrong.

I have an application, GE Centricity, which likes to use a wide range of ports from 6000-6060. Sometimes it is talking directly to one of two servers. Since those two servers only run this one application, I can easily make a Fingerprint based on *address*. However - this application also loves to broadcast (yuck) and since the source IP can be one of a dozen VLAN's on my wireless network, and the destination is going to be *something* ending in 255 ... that leaves me a little lost.

I am trying to define a Fingerprint for a port range but I don't see a way to do that. What is the preferred method to handle this? Should I create 60 different rules, one for each port number, but all with the same application name and application group? Seems like the wrong way to do it.

EDIT: Here are some flow example screenies' ...



Photo of Steve Ballantyne

Steve Ballantyne

  • 5,682 Points 5k badge 2x thumb

Posted 7 months ago

  • 1
Photo of Dudley, Jeff

Dudley, Jeff, Employee

  • 934 Points 500 badge 2x thumb
Hi Steve.

Sorry for the delayed response.  This is an interesting point.  I do not believe it is currently an option but feel it is a very valid request.  Let me check to make sure and if necessary submit an enhancement request.  Will keep you posted.   

Thanks
Jeff
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,682 Points 5k badge 2x thumb
Thanks Jeff! I think it would be a very useful enhancement.