Observer Analyzer : Observer Analyzer : Network and Application Discovery : Defining applications differently per IP address
Defining applications differently per IP address
Sometimes, you may want to treat server application definitions differently depending on the IP address that is discovered in tandem with the port(s).
For example, if you know an FTP server is hosted on 192.168.0.90 on port 63245 (a non-standard port), you could force Server Application Discovery to report all server application discoveries that use port 63245 as FTP—but only if it is destined to 192.168.0.90. This specific rule does not apply to other IP addresses; meaning, the standard port of 21 is recognized as FTP for all other IP addresses.
To define application definitions differently depending on the IP address seen, complete the following steps:
1. Click the File tab, and click Options > Protocol Definitions.
2. Click an applications definitions tab that interests you.
Application definition tabs are located below Start and Stop.
3. Scroll through the list of application definitions, and find one that you want to associate non-standard ports with per IP address.
4. Click an application definition to select it.
5. Click Add Ports.
6. Type the port number or port range to be associated with the selected application.
7. Select Use Specific IP Address, and type the IP address you want to treat differently.
8. Click OK.
9. Click Apply Changes.
 
Now, as server applications are discovered, those matching an IP address and port combination are correctly recognized by the Server Application Discovery tool.
 
 
 
Figure 15: A completed example of FTP ports being recognized differently per IP address