cancel
Showing results for 
Search instead for 
Did you mean: 

Creating a custom fingerprint with IP as server

Creating a custom fingerprint with IP as server

Chad5
New Contributor III

Hi All,

Trying to create a new analytics fingerprint where it will classify flows based on the IP being the server in the flow. In my testing now, it seems that it will classify the flow as the new custom fingerprint regardless if it's client or server.

Thanks for any help,

1 REPLY 1

Zdeněk_Pala
Valued Contributor III

Hi Chad

here is an example of the signature that should do the similar task to what you want:

 

  <Signature protocol="tcp" name="APP:MY-TEST" confidence="30" group="streaming" onAP="yes" createdDate="2013101100" modifiedDate="2013101100">
    <AppID>99999</AppID>
    <DisplayName value="MY-TEST"/>
    <ExtendedLanguage dst-ip="12.34.56.0" dst-mask="22">
        </ExtendedLanguage>
    <Description><![CDATA[This fingerprint looks for IP traffic in the 12.34.56/22 range]]></Description>
    <Enabled value="yes"/>
  </Signature>

You should:

  1. Backup your configuration
  2. Create new fingerprint by GUI
  3. Investigate the APPID of your fingerprint
  4. Hold CTRL while clicking on the hamburger menu and select "Create Fingerprint from XML..."
  5. Then insert your XML based fingerprint.

Be aware this is not an officially supported procedure = you can crash your system if you insert garbage

 

 

Regards Zdeněk Pala
GTM-P2G8KFN