Custom Applications
Custom Applications are documented in the following topics:
About Applications
Custom Applications enables you to attribute the flow records generated by your organization's traffic to an application that you define in Kentik based on a combination of one or more of the following factors: protocol, port number, IP address, and ASN. These custom-defined applications exist within the overall context of the Application dimension, which enables your Kentik queries (in Data Explorer, Library dashboards, Alerting, etc.) to group by or filter on applications (services).
The value of a given record's Application field is determined by evaluating flow data at ingest in the following order of precedence (the evaluation is discontinued once a match is found):
- Custom Application: If the combination of ASN, IP, Protocol, and/or Port information in the flow data matches a custom application defined in your organization, the value of the Application dimension will be the name of that custom application.
- Cisco NBAR: If the flow source is a Cisco network device (e.g. ISR-G2, ASR1K, ASA-CX, or Wireless LAN Controller) running NBAR2 (Network Based Application Recognition), the value of the Application dimension will be the value of the applicationName entity in the NBAR data.
- OTT Service: If flow data evaluation results in populating the KDE flow record with an OTT Service value, then the value of the Application dimension will be that same value.
- Well-known services: Kentik maintains a list of the service names of common protocol/port combinations (based on the Nmap list of services). If the protocol/port (source or destination) combination in the flow data matches a combination in this list, then the value of the Application dimension will be the corresponding service name.
- Protocols: If the above evaluations don't result in the assignment of an application, Kentik checks if the flow uses any of the protocols in the table below and if so, assigns the protocol keyword as the name of the application.
Keyword | Protocol Number | Protocol | References/RFC |
HOPOPT | 0 | IPv6 Hop-by-Hop Option | RFC 8200 |
ICMP | 1 | Internet Control Message Protocol | RFC 792 |
IGMP | 2 | Internet Group Management Protocol | RFC 1112 |
IP-in-IP | 4 | IP in IP (encapsulation) | RFC 2003 |
EGP | 8 | Exterior Gateway Protocol | RFC 888 |
HMP | 20 | Host Monitoring Protocol | RFC 869 |
MFE-NSP | 31 | MFE Network Services Protocol | |
IL | 40 | IL Transport Protocol | |
IPv6 | 41 | IPv6 Encapsulation | RFC 2473 |
RSVP | 46 | Resource Reservation Protocol | RFC 2205 |
GREs | 47 | Generic Routing Encapsulation | RFC 2784, RFC 2890 |
ESP | 50 | Encapsulating Security Payload | RFC 4303 |
AH | 51 | Authentication Header | RFC 4302 |
IPv6-ICMP | 58 | ICMP for IPv6 | RFC 4443, RFC 4884 |
ETHERIP | 97 | Ethernet-within-IP Encapsulation | RFC 3378 |
PIM | 103 | Protocol Independent Multicast | |
ARIS | 104 | IBM's ARIS (Aggregate Route IP Switching) Protocol | |
SCPS | 105 | SCPS (Space Communications Protocol Standards) | SCPS-TP[4] |
VRRP | 112 | Virtual Router Redundancy Protocol, Common Address Redundancy Protocol (not IANA assigned) | VRRP:RFC 3768 |
L2TP | 115 | Layer Two Tunneling Protocol Version 3 | RFC 3931 |
SCTP | 132 | Stream Control Transmission Protocol | RFC 4960 |
pfsync | 240 | Packet filter state table logging interface |
Custom Applications Page
The Custom Applications page is documented in the following topics:
Custom Applications Page UI
The Custom Applications page lists all of your organization’s custom applications. To view the Custom Applications page, choose Settings from the main menu, then Custom Applications (under Data Enrichment). While Members can view the list of Custom Applications, only Administrators can add new ones.
The Custom Applications page has the following main UI elements:
- Filter field: Enter text to filter the Custom Application List. The Application Name, Protocol, Port Number, IP Address, and ASN columns of the list are searched for a match on the string entered in this field.
- Add Custom Application button: Opens the Add Custom Application dialog (see Custom Application Dialogs).
- Custom Application List: A table listing your organization’s currently defined custom applications (see Custom Application List).
Custom Application List
The Custom Application List is a table that lists all previously saved custom applications. Click a column heading to sort the list (ascending or descending). The table provides the following information and actions for each custom application:
- Application Name: The name of the custom application (specified at creation).
- Protocol: The number of the protocol (see https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers) to match for the custom application.
- Port Number: The layer 4 source/destination port (e.g. 80, 443) to match for the custom application.
- IP Address: The source/destination IP address, either IPv4 or IPv6, to match for the custom application.
- ASN: The origin AS number, associated with the source/destination IP of the flow, to match for the custom application.
- View in Data Explorer (icon): Opens Data Explorer with a filter that includes all traffic matching the application.
- Edit (icon): Opens an edit dialog for the corresponding application (see Custom Application Dialogs).
- Remove (icon): Opens a confirming dialog that allows you to remove the custom application.
Custom Application Dialogs
Two nearly identical dialogs are used to manage custom applications, Add Custom Application and Edit Custom Application. These admin dialogs are covered in the following topics:
Notes:
- Custom Application admin dialogs are visible only to users whose level is Administrator.
- Custom Applications can also be added and edited with the Custom Application API.
- Changes to the configuration of a custom application may take up to 90 minutes to propagate.
Custom Application Dialogs UI
The Custom Application admin dialogs share the following common UI elements:
- Close button: Click the X in the upper right corner to close the dialog. All elements will be restored to their values at the time the dialog was opened.
- Cancel button: Cancel the add application or edit application operation and exit the dialog. All elements will be restored to their values at the time the dialog was opened.
- Add Custom Application button (Add Custom Application dialog only): Save settings for the new custom application and exit the dialog.
- Save button (Edit Custom Application dialog only): Save changes to custom application settings and exit the dialog.
Custom Application Settings
In addition to the UI elements described in Custom Application Dialogs UI, the Custom Application dialogs contain the following fields:
- Name (required): The name of the custom application.
- Description: An optional description of the custom application.
- Protocol: The number of the protocol (see https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers) to match for the custom application.
- Port number: The layer 4 source/destination port (e.g. 80, 443) to match for the custom application.
- IP Address: The source/destination IP address, either IPv4 or IPv6, to match for the custom application.
- ASN: The origin AS number, associated with the source/destination IP of the flow, to match for the custom application.
A value must be provided for at least one of the Protocol, Port Number, IP Address, or ASN fields. To build the definition of the custom application, the values in each individual field are ORed, and all fields with values are ANDed. When the values specified in the definition are matched at ingest with the data for a given flow, then the value of the application field in the corresponding KDE flow record will be set to the name of this custom application.
Manage Custom Applications
Custom Applications are added and edited via the Custom Applications page. The add/edit process is documented in the following topics:
Note: Custom application changes may take up to 90 minutes to propagate.
Add a Custom Application
To add a custom application:
- Navigate to the Custom Applications page (Settings » Custom Applications).
- Click the Add Custom Application button at the upper right, which opens the Add Custom Application dialog (see Custom Application Dialogs).
- Enter a name and description for the new custom application.
- Specify at least one of the following fields for the new custom application: Protocol, Port Number, IP Address, or ASN. When the values specified in these fields are matched at ingest with the data for a given flow, the value of the application field in the corresponding KDE flow record will be set to the name of this custom application.
- To save the new custom application, click the Add Custom Application button. The application will be added to your organization's collection of custom applications and the dialog will close, returning you to the Custom Applications page.
Edit a Custom Application
To edit a custom application:
- Navigate to the Custom Applications page (Settings » Custom Applications).
- In the Custom Application List, click the Edit button (pencil icon) in the row of the custom application that you want to edit. The Edit Custom Application dialog will open.
- Change the necessary fields in the dialog (see Custom Application Settings).
- Click the Save button to save the changes.