Benutzer-Werkzeuge

Webseiten-Werkzeuge


english:application-fingerprinting-iperf

Leverage Application-Fingerprinting to detect iPerf TCP/UDP traffic

This TechTip describes how to leverage „Application-Fingerprinting“ (AppFP) to detect iPerf traffic (UDP/TCP) in your network and e.g. apply a bandwidth shaping policy.

To detect „iPerf“ you first need to create an REGEX (Regular Expression) and apply it.

AOS R7 comes with pre-defined signatures, which are stored in „/flash/app-signature/app-regex.txt“.

Modify or add the following to your file:

app-regex.txt
App-name: iperf-udp
Description: iPerf UDP-based transfer
\.?.?\xff\xff\xfc\x18\x36\x37\x38\x39\x30
 
App-name: iperf-tcp
Description: iPerf TCP-based transfer
\x32\x33\x34\x35\x36\x37\x38\x39\x30\x31
 
App-group: iperf = iperf-udp iperf-tcp

Once you saved the file, you need to instruct the OmniSwitch to reload it:

OmniSwitch-> app-fingerprint reload-signature-file 

Now that you can detect the application (in this case iPerf) you need to define a policy set:

! QOS:
policy condition c4 appfp-group iperf 
policy action a4 maximum bandwidth 10.0M 
policy rule r4 condition c4 action a4 no default-list  
policy list iperf type appfp
policy list iperf rules r4  
qos apply

In this step you'll tell the OmniSwitch on which port it should apply the Application-Fingerprinting (+ instruct to send an SNMP trap if done):

! APP-FINGERPRINT:
app-fingerprint trap enable
app-fingerprint port 1/11 policy-list-name iperf

This REGEX is far from being optimal (especially for TCP), it was created for a simple POC.

english/application-fingerprinting-iperf.txt · Zuletzt geändert: 2024/06/09 10:29 von 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki