Create Custom Fingerprints Based on Flow
The ExtremeAnalytics feature uses fingerprints to identify to which application a network traffic flow belongs. A fingerprint is a description of a pattern of network traffic which can be used to identify an application. ExtremeCloud IQ Site Engine provides thousands of system fingerprints with the ExtremeAnalytics feature. In addition, you can create new custom fingerprints.
Creating Fingerprints Based on a Flow
This example demonstrates how to create a custom fingerprint based on X Window System network traffic.
In the ExtremeCloud IQ Site Engine Flows table (with the Show Unclassified View selected) you notice several flows that had an X Window System source port 6049. Since these flows are not currently identified with a fingerprint, you can create a fingerprint for those flows based on the port that x11 traffic normally runs over.
Use the following steps to create the fingerprint.
- Select the Analytics tab.
- Select the Application Flows tab.
- In the table, select the Show Unclassified View.
- Right-click on a flow with the x11 Source Port and select Fingerprints > Add Fingerprint.
- The Add Fingerprint window opens.
- Use the drop-down list to select matching Portx11 [6049].
- Set the Application Name to X Window System.
- Set the Application Group to Protocols.
- Set the Confidence level to 60 (the default). A fingerprint with a confidence higher than 60 can supersede this fingerprint, if it also matches the flow.
- Select OK to create the fingerprint.
- Enforce to push the new fingerprint to your engines.
For information on related help topics: