Custom Applications

Custom Applications are documented in the following topics:

Custom applications are defined based on protocol, port number, IP address, and ASN.
 

About Applications

Custom Applications enables you to attribute the flow records generated by your organization's traffic to an application that you define in Kentik based on a combination of one or more of the following factors: protocol, port number, IP address, and ASN. These custom-defined applications exist within the overall context of the Application dimension, which enables your Kentik queries (in Data Explorer, Library dashboards, Alerting, etc.) to group by or filter on applications (services).

The value of a given record's Application field is determined by evaluating flow data at ingest in the following order of precedence (the evaluation is discontinued once a match is found):

  1. Custom Application: If the combination of ASN, IP, Protocol, and/or Port information in the flow data matches a custom application defined in your organization, the value of the Application dimension will be the name of that custom application.
  2. Cisco NBAR: If the flow source is a Cisco network device (e.g. ISR-G2, ASR1K, ASA-CX, or Wireless LAN Controller) running NBAR2 (Network Based Application Recognition), the value of the Application dimension will be the value of the applicationName entity in the NBAR data.
  3. OTT Service: If flow data evaluation results in populating the KDE flow record with an OTT Service value, then the value of the Application dimension will be that same value.
  4. Well-known services: Kentik maintains a list of the service names of common protocol/port combinations (based on the Nmap list of services). If the protocol/port (source or destination) combination in the flow data matches a combination in this list, then the value of the Application dimension will be the corresponding service name.
  5. Protocols: If the above evaluations don't result in the assignment of an application, Kentik checks if the flow uses any of the protocols in the table below and if so, assigns the protocol keyword as the name of the application.
Keyword Protocol Number Protocol References/RFC
HOPOPT 0 IPv6 Hop-by-Hop Option RFC 8200
ICMP 1 Internet Control Message Protocol RFC 792
IGMP 2 Internet Group Management Protocol RFC 1112
IP-in-IP 4 IP in IP (encapsulation) RFC 2003
EGP 8 Exterior Gateway Protocol RFC 888
HMP 20 Host Monitoring Protocol RFC 869
MFE-NSP 31 MFE Network Services Protocol  
IL 40 IL Transport Protocol  
IPv6 41 IPv6 Encapsulation RFC 2473
RSVP 46 Resource Reservation Protocol RFC 2205
GREs 47 Generic Routing Encapsulation RFC 2784, RFC 2890
ESP 50 Encapsulating Security Payload RFC 4303
AH 51 Authentication Header RFC 4302
IPv6-ICMP 58 ICMP for IPv6 RFC 4443, RFC 4884
ETHERIP 97 Ethernet-within-IP Encapsulation RFC 3378
PIM 103 Protocol Independent Multicast  
ARIS 104 IBM's ARIS (Aggregate Route IP Switching) Protocol  
SCPS 105 SCPS (Space Communications Protocol Standards) SCPS-TP[4]
VRRP 112 Virtual Router Redundancy Protocol, Common Address Redundancy Protocol (not IANA assigned) VRRP:RFC 3768
L2TP 115 Layer Two Tunneling Protocol Version 3 RFC 3931
SCTP 132 Stream Control Transmission Protocol RFC 4960
pfsync 240 Packet filter state table logging interface
 

 

Custom Applications Page

The Custom Applications page is documented in the following topics:

 
top  |  section

Custom Applications Page UI

The Custom Applications page lists all of your organization’s custom applications. To view the Custom Applications page, choose Settings from the main menu, then Custom Applications (under Data Enrichment). While Members can view the list of Custom Applications, only Administrators can add new ones.

The Custom Applications page has the following main UI elements:

  • Filter field: Enter text to filter the Custom Application List. The Application Name, Protocol, Port Number, IP Address, and ASN columns of the list are searched for a match on the string entered in this field.
  • Add Custom Application button: Opens the Add Custom Application dialog (see Custom Application Dialogs).
  • Custom Application List: A table listing your organization’s currently defined custom applications (see Custom Application List).
 
top  |  section

Custom Application List

The Custom Application List is a table that lists all previously saved custom applications. Click a column heading to sort the list (ascending or descending). The table provides the following information and actions for each custom application:

  • Application Name: The name of the custom application (specified at creation).
  • Protocol: The number of the protocol (see https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers) to match for the custom application.
  • Port Number: The layer 4 source/destination port (e.g. 80, 443) to match for the custom application.
  • IP Address: The source/destination IP address, either IPv4 or IPv6, to match for the custom application.
  • ASN: The origin AS number, associated with the source/destination IP of the flow, to match for the custom application.
  • View in Data Explorer (icon): Opens Data Explorer with a filter that includes all traffic matching the application.
  • Edit (icon): Opens an edit dialog for the corresponding application (see Custom Application Dialogs).
  • Remove (icon): Opens a confirming dialog that allows you to remove the custom application.
The table lists the custom applications created in your organization and shows the flow fields that must be matched for each.
 

Custom Application Dialogs

Two nearly identical dialogs are used to manage custom applications, Add Custom Application and Edit Custom Application. These admin dialogs are covered in the following topics:

Notes:
- Custom Application admin dialogs are visible only to users whose level is Administrator.
- Custom Applications can also be added and edited with the Custom Application API.
- Changes to the configuration of a custom application may take up to 90 minutes to propagate.

 
top  |  section

Custom Application Dialogs UI

The Custom Application admin dialogs share the following common UI elements:

  • Close button: Click the X in the upper right corner to close the dialog. All elements will be restored to their values at the time the dialog was opened.
  • Cancel button: Cancel the add application or edit application operation and exit the dialog. All elements will be restored to their values at the time the dialog was opened.
  • Add Custom Application button (Add Custom Application dialog only): Save settings for the new custom application and exit the dialog.
  • Save button (Edit Custom Application dialog only): Save changes to custom application settings and exit the dialog.
 
top  |  section

Custom Application Settings

In addition to the UI elements described in Custom Application Dialogs UI, the Custom Application dialogs contain the following fields:

  • Name (required): The name of the custom application.
  • Description: An optional description of the custom application.
  • Protocol: The number of the protocol (see https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers) to match for the custom application.
  • Port number: The layer 4 source/destination port (e.g. 80, 443) to match for the custom application.
  • IP Address: The source/destination IP address, either IPv4 or IPv6, to match for the custom application.
  • ASN: The origin AS number, associated with the source/destination IP of the flow, to match for the custom application.

A value must be provided for at least one of the Protocol, Port Number, IP Address, or ASN fields. To build the definition of the custom application, the values in each individual field are ORed, and all fields with values are ANDed. When the values specified in the definition are matched at ingest with the data for a given flow, then the value of the application field in the corresponding KDE flow record will be set to the name of this custom application.

 

Manage Custom Applications

Custom Applications are added and edited via the Custom Applications page. The add/edit process is documented in the following topics:

Note: Custom application changes may take up to 90 minutes to propagate.

 
top  |  section

Add a Custom Application

To add a custom application:

  1. Navigate to the Custom Applications page (Settings » Custom Applications).
  2. Click the Add Custom Application button at the upper right, which opens the Add Custom Application dialog (see Custom Application Dialogs).
  3. Enter a name and description for the new custom application.
  4. Specify at least one of the following fields for the new custom application: Protocol, Port Number, IP Address, or ASN. When the values specified in these fields are matched at ingest with the data for a given flow, the value of the application field in the corresponding KDE flow record will be set to the name of this custom application.
  5. To save the new custom application, click the Add Custom Application button. The application will be added to your organization's collection of custom applications and the dialog will close, returning you to the Custom Applications page.
 
top  |  section

Edit a Custom Application

To edit a custom application:

  1. Navigate to the Custom Applications page (Settings » Custom Applications).
  2. In the Custom Application List, click the Edit button (pencil icon) in the row of the custom application that you want to edit. The Edit Custom Application dialog will open.
  3. Change the necessary fields in the dialog (see Custom Application Settings).
  4. Click the Save button to save the changes.
© 2014- Kentik
In this article:
×