4.7. Application settings

Caligare Flow Inspector contains a special application detection module (ADM). The ADM detects dynamically assigned ports.

Figure 4.17. Application settings window.

Application settings window.

You can define your own application via the applications settings menu. One of your applications may contain more application rules (see picture bellow). The ADM uses system file /etc/services to detect non-specified applications, but in this file you may specify only a single UDP or TCP port with the application name. The ADM module is very time-consuming, so be careful when you define more rules.

The ADM module can store a detected application into the field "app". In the raw data you can see "app" field values in these intervals:

Figure 4.18. Application rules window.

Application rules window.

Each rule contains priority, protocol (UDP or TCP). Other fields contain the destination port range, source port range, destination IP address range and source IP address range. You can fill up only some of these fields, the others are remain unfilled or have a zero value (it mean match any). In the example above, there are two rules, one is for the UDP and the other one is for the TCP along with a destination port (which has a range from 411 to 413), all other fields are zero. (it mean match any). The application used for example above is direct connect.