Configuring Application Fingerprinting Configuring AFP
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 30-13
Defining Application REGEX Signatures and Groups
To define a new application signature entry in the REGEX signature file, use the following formatting
conventions:
App-name: application-name
Description: application-description
REGEX-signature
Application signature formatting guidelines:
• The application signature “Description:” field is optional, but the “App-name:” field and REGEX
signature are required.
• Maximum characters allowed for the “App-name:” field is 24.
• Maximum characters allowed for “Description:” field is 64.
• REGEX signature guidelines:
– Signature should be more than 6 characters but less than 256 characters.
– Do not start the signature with the “^” character (because scanning starts at the beginning of the
packet not from the beginning of the packet payload).
– The “.”, “*”, “?”, or any combination of the three characters may not work properly on hex value
data in the packet payload (for example, the .* may not work properly).
– The . * ? represents any single character except carriage return (0xD) and tabs (0x9, 0xB) and may
not work with other non-character hex values.
– Use /x hex notation when possible (for example, instead of "yahoo.com" use "yahoo/x2Ecom" in
the signature - ASCII value for . is 0x2E).
– Be careful about using a space (white space) in the signature.
– Do not use very complex set of REGEX notation, instead, break it down to multiple simple REGEX
signatures.
To define a new signature group in the REGEX signature file, use the following formatting conventions:
App-group: app-group-name = application-name-1 application-name-2 application-name-3 ...
Application signature formatting guidelines:
• Maximum characters allowed for the “App-group:” field is 24.
• Enter a list of application signature names (already defined in the signature file) after the “=” with a
space between each name
To Next Page
Loading...
