Custom Applications

Prev Next

This article discusses Custom Applications in the Kentik portal.

Custom applications are defined based on protocol, port number, IP address, and ASN.    

About Applications

Custom Applications enables you to attribute the flow records generated by your organization's traffic to an application that you define in Kentik based on a combination of one or more of the following factors: protocol, port number, IP address, and ASN. These custom-defined applications exist within the overall context of the Application dimension, which enables your Kentik queries (in Data Explorer, Library dashboards, Alerting, etc.) to group by or filter on applications (services).

The value of a given record's Application field is determined by evaluating flow data at ingest in the following order of precedence (the evaluation is discontinued once a match is found):

  1. Custom Application: If the combination of ASN, IP, Protocol, and/or Port information in the flow data matches a custom application defined in your organization, the value of the Application dimension will be the name of that custom application.

  2. Cisco NBAR: If the flow source is a Cisco network device (e.g. ISR-G2, ASR1K, ASA-CX, or Wireless LAN Controller) running NBAR2 (Network Based Application Recognition), the value of the Application dimension will be the value of the applicationName entity in the NBAR data.

  3. OTT Service: If flow data evaluation results in populating the KDE flow record with an OTT Service value, then the value of the Application dimension will be that same value.

  4. Well-known services: Kentik maintains a list of the service names of common protocol/port combinations (based on the Nmap list of services). If the protocol/port (source or destination) combination in the flow data matches a combination in this list, then the value of the Application dimension will be the corresponding service name.

  5. Protocols: If the above evaluations don't result in the assignment of an application, Kentik checks if the flow uses any of the protocols in the table below and if so, assigns the protocol keyword as the name of the application.

Keyword

Protocol Number

Protocol

References/RFC

HOPOPT

0

IPv6 Hop-by-Hop Option

RFC 8200

ICMP

1

Internet Control Message Protocol

RFC 792

IGMP

2

Internet Group Management Protocol

RFC 1112

IP-in-IP

4

IP in IP (encapsulation)

RFC 2003

EGP

8

Exterior Gateway Protocol

RFC 888

HMP

20

Host Monitoring Protocol

RFC 869

MFE-NSP

31

MFE Network Services Protocol

 

IL

40

IL Transport Protocol

 

IPv6

41

IPv6 Encapsulation

RFC 2473

RSVP

46

Resource Reservation Protocol

RFC 2205

GREs

47

Generic Routing Encapsulation

RFC 2784, RFC 2890

ESP

50

Encapsulating Security Payload

RFC 4303

AH

51

Authentication Header

RFC 4302

IPv6-ICMP

58

ICMP for IPv6

RFC 4443, RFC 4884

ETHERIP

97

Ethernet-within-IP Encapsulation

RFC 3378

PIM

103

Protocol Independent Multicast

 

ARIS

104

IBM's ARIS (Aggregate Route IP Switching) Protocol

 

SCPS

105

SCPS (Space Communications Protocol Standards)

SCPS-TP[4]

VRRP

112

Virtual Router Redundancy Protocol, Common Address Redundancy Protocol (not IANA assigned)

VRRP:RFC 3768

L2TP

115

Layer Two Tunneling Protocol Version 3

RFC 3931

SCTP

132

Stream Control Transmission Protocol

RFC 4960

pfsync

240

Packet filter state table logging interface

 

Custom Applications Page

The Custom Applications page is documented in the following topics.

Custom Applications Page UI

The Custom Applications page lists all of your organization’s custom applications. To view the Custom Applications page, choose Settings from the main menu, then Custom Applications (under Data Enrichment). While Members can view the list of Custom Applications, only Administrators can add new ones.

The Custom Applications page has the following main UI elements:

  • Filter field: Enter text to filter the Custom Application list. The Application Name, Protocol, Port Number, IP Address, and ASN columns of the list are searched for a match on the string entered in this field.

  • Add Custom Application button: Opens the Add Custom Application dialog (see Custom Application Dialogs).

  • Custom Application List: A table listing your organization’s currently defined custom applications (see Custom Application List).

Custom Application List

The Custom Application list is a table that lists all previously saved custom applications. Click a column heading to sort the list (ascending or descending). The table provides the following information and actions for each custom application:

  • Application Name: The name of the custom application (specified at creation).

  • Protocol: The number of the protocol (see https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers) to match for the custom application.

  • Port Number: The layer 4 source/destination port (e.g., 80, 443) to match for the custom application.

  • IP Address: The source/destination IP address, either IPv4 or IPv6, to match for the custom application.

  • ASN: The origin AS number, associated with the source/destination IP of the flow, to match for the custom application.

  • View in Data Explorer (icon): Opens Data Explorer with a filter that includes all traffic matching the application.

  • Edit (icon): Opens an edit dialog for the corresponding application (see Custom Application Dialogs).

  • Remove (icon): Opens a confirming dialog that allows you to remove the custom application.

The table lists the custom applications created in your organization and shows the flow fields that must be matched for each.

Custom Application Dialogs

Two nearly identical dialogs are used to manage custom applications, Add Custom Application and Edit Custom Application.

Notes:

  • Custom Application admin dialogs are visible only to users whose level is Administrator.

  • Custom Applications can also be added and edited with the Custom Application API.

  • Changes to the configuration of a custom application may take up to 90 minutes to propagate.

Custom Application Dialogs UI

The Custom Application admin dialogs share the following common UI elements:

  • Close button: Click the X in the upper right corner to close the dialog. All elements will be restored to their values at the time the dialog was opened.

  • Cancel button: Cancel the add application or edit application operation and exit the dialog. All elements will be restored to their values at the time the dialog was opened.

  • Add Custom Application button (Add Custom Application dialog only): Save settings for the new custom application and exit the dialog.

  • Save button (Edit Custom Application dialog only): Save changes to custom application settings and exit the dialog.

Custom Application Settings

In addition to the UI elements described in Custom Application Dialogs UI, the Custom Application dialogs contain the following fields:

  • Name (required): The name of the custom application.

  • Description: An optional description of the custom application.

  • Protocol: The number of the protocol (see https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers) to match for the custom application.

  • Port number: The layer 4 source/destination port (e.g., 80, 443) to match for the custom application.

  • IP Address: The source/destination IP address, either IPv4 or IPv6, to match for the custom application.

  • ASN: The origin AS number, associated with the source/destination IP of the flow, to match for the custom application.

A value must be provided for at least one of the Protocol, Port Number, IP Address, or ASN fields. To build the definition of the custom application, the values in each individual field are ORed, and all fields with values are ANDed. When the values specified in the definition are matched at ingest with the data for a given flow, then the value of the application field in the corresponding KDE flow record will be set to the name of this custom application.

Manage Custom Applications

Custom Applications are added and edited via the Custom Applications page. The add/edit process is documented in the following topics:

Note: Custom application changes may take up to 90 minutes to propagate.

Add a Custom Application

To add a custom application:

  1. Navigate to the Custom Applications page (Settings » Custom Applications).

  2. Click the Add Custom Application button at the upper right, which opens the Add Custom Application dialog (see Custom Application Dialogs).

  3. Enter a name and description for the new custom application.

  4. Specify at least one of the following fields for the new custom application: Protocol, Port Number, IP Address, or ASN. When the values specified in these fields are matched at ingest with the data for a given flow, the value of the application field in the corresponding KDE flow record will be set to the name of this custom application.

  5. To save the new custom application, click the Add Custom Application button. The application will be added to your organization's collection of custom applications and the dialog will close, returning you to the Custom Applications page.

Edit a Custom Application

To edit a custom application:

  1. Navigate to the Custom Applications page (Settings » Custom Applications).

  2. In the Custom Application List, click the Edit button (pencil icon) in the row of the custom application that you want to edit. The Edit Custom Application dialog will open.

  3. Change the necessary fields in the dialog (see Custom Application Settings).

  4. Click the Save button to save the changes.


© 2014-25 Kentik