Trying to create a new analytics fingerprint where it will classify flows based on the IP being the server in the flow. In my testing now, it seems that it will classify the flow as the new custom fingerprint regardless if it's client or server.
Thanks for any help,
here is an example of the signature that should do the similar task to what you want:
<Signature protocol="tcp" name="APP:MY-TEST" confidence="30" group="streaming" onAP="yes" createdDate="2013101100" modifiedDate="2013101100"> <AppID>99999</AppID> <DisplayName value="MY-TEST"/> <ExtendedLanguage dst-ip="126.96.36.199" dst-mask="22"> </ExtendedLanguage> <Description><![CDATA[This fingerprint looks for IP traffic in the 12.34.56/22 range]]></Description> <Enabled value="yes"/> </Signature>
Be aware this is not an officially supported procedure = you can crash your system if you insert garbage