====== Leverage Application-Fingerprinting to detect iPerf TCP/UDP traffic ======

This TechTip describes how to leverage "Application-Fingerprinting" (AppFP) to detect iPerf traffic (UDP/TCP) in your network and e.g. apply a bandwidth shaping policy.

To detect "iPerf" you first need to create an REGEX (Regular Expression) and apply it. 

AOS R7 comes with pre-defined signatures, which are stored in "/flash/app-signature/app-regex.txt".

**Modify or add the following to your file:**

<file txt app-regex.txt>
App-name: iperf-udp
Description: iPerf UDP-based transfer
\.?.?\xff\xff\xfc\x18\x36\x37\x38\x39\x30

App-name: iperf-tcp
Description: iPerf TCP-based transfer
\x32\x33\x34\x35\x36\x37\x38\x39\x30\x31

App-group: iperf = iperf-udp iperf-tcp

</file>

**Once you saved the file, you need to instruct the OmniSwitch to reload it:**
<code>
OmniSwitch-> app-fingerprint reload-signature-file 
</code>

**Now that you can detect the application (in this case iPerf) you need to define a policy set:**
<code>
! QOS:
policy condition c4 appfp-group iperf 
policy action a4 maximum bandwidth 10.0M 
policy rule r4 condition c4 action a4 no default-list  
policy list iperf type appfp
policy list iperf rules r4  
qos apply
</code>

**In this step you'll tell the OmniSwitch on which port it should apply the Application-Fingerprinting (+ instruct to send an SNMP trap if done):**
<code>
! APP-FINGERPRINT:
app-fingerprint trap enable
app-fingerprint port 1/11 policy-list-name iperf
</code>

<WRAP center round tip 60%>
This REGEX is far from being optimal (especially for TCP), it was created for a simple POC.
</WRAP>