User's Guide

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesReal-time Network and Application Insights from the Edge to the Data Center and into the Multi-Cloud

111

112

113

114

115

116

117

118

119

120

Table Of Contents

ExtremeAnalytics® User GuideVersion 8.4
Legal Notices
Trademarks
Contact
Extreme Networks® Software License Agreement
Table of Contents
ExtremeAnalytics™ Help
- Document Version
ExtremeAnalytics Licensing
- Using Licenses to Establish Flow Rate Capacity
- Getting Started with ExtremeAnalytics
- ExtremeAnalytics Access Requirements
- ExtremeAnalytics Engine Configuration
- Enable Flow Collection
- Enable Jumbo Frames
Configuring Enhanced Netflow for Extreme Analytics and Extreme Wireless Contr...
How to Deploy ExtremeAnalytics in an MSP or MSSP Environment
- Configuring Extreme Management Center Behind a NAT Router
- ExtremeAnalytics Application Data Collection
- Data Collection Overview
- Using Sites to Collect In-Network Traffic
- Data Collector Types
  - General Usage Collectors
    - Hourly General Usage Collectors
    - High-Rate General Usage Collectors
  - End-System Details Collector
- Flow Information Sources
  - Enabling ExtremeControl Integration
- Reports
  - Dashboard Report
  - Browser Reports
ExtremeAnalytics Tab Overview
- Dashboard
- Browser
- Application Flows
- Fingerprints
- Packet Captures
- Configuration
- Reports
ExtremeAnalytics Dashboard Overview
- Insights Dashboard Reports
- Client/Server Dashboard Reports
- Applications Browser Dashboard Report
- Industry Dashboards
- IP Reputation Dashboard
- Response Time Dashboard
- Network Service Dashboard
- Tracked Applications Dashboard
ExtremeAnalytics Insights Dashboard
- Insights
  - Ring Chart
  - Custom Dashboard
- How to Create an ExtremeAnalytics Insights Custom Dashboard
  - Custom Dashboard
  - Graphs
- ExtremeAnalytics Response Time Dashboard
- Overview
- Network Response Time Graph
- Application Response Time Graph
- ExtremeAnalytics Network Service Dashboard
- Overview
- Expected Response Time
- Historical Response Time
ExtremeAnalytics Tracked Applications Dashboard
- Overview
- Expected Response Time
- Historical Response Time
ExtremeAnalytics Browser Overview
- Overview
- Data Aggregation
- Options
ExtremeAnalytics Application Flows
- Overview
- Application Flows Tables
- Report Features
- ExtremeAnalytics Bidirectional Flow Table
- ExtremeAnalytics Unidirectional Flow Table
- ExtremeAnalytics Historical Flow Table
ExtremeAnalytics Fingerprints Overview
ExtremeAnalytics Custom Fingerprints
- Fingerprint Table
  - Menu
  - Column Definitions
Delete Custom Fingerprints
- Deleting a Custom Fingerprint
Custom Fingerprint Examples
- Fingerprints Based on a Flow
- Fingerprints Based on an Application or Application Group
- Fingerprints Based on a Destination Address
Create Custom Fingerprints Based on Flow
- Creating Fingerprints Based on a Flow
Create Custom Fingerprints Based on Destination Address
- Creating Fingerprints Based on a Destination Address
Create Custom Fingerprints Based on Application or Application Group
- Creating Fingerprints Based on an Application or Application Group
ExtremeAnalytics Packet Captures
ExtremeAnalytics Configuration Overview
- Engines
  - Status
  - Configuration
- Virtual Sensors
- Fingerprints
- Licenses
- Status
- Configuration
Virtual Sensors
- Virtual Sensors
- Virtual Machines
ExtremeAnalytics Engine Advanced Configuration
- Flow Collection Type
- Collection Privacy Levels
- Client Aggregation
- Slow Client Data
- Max End-Systems in Hourly Details
- Sensor Log Levels
- Store Application Site Data
- ExtremeControl Integration
- Flow Sources/Application Telemetry Sources
- Web Credentials
- Configuration Properties
- Sensor Modules
- Auditing
- Network Settings
ExtremeAnalytics Reports
- Reports
ExtremeAnalytics Report Descriptions
- Report Descriptions
Add and Modify Fingerprints
- Adding a Fingerprint
- Modifying a Fingerprint
- Enabling or Disabling a Fingerprint
- Deleting a Custom Fingerprint
- Updating Fingerprints
  - Perform a Fingerprint Update
  - Schedule Fingerprint Updates
Add Fingerprints
- Add a Fingerprint
Enable or Disable Fingerprints
- Enabling or Disabling a Fingerprint
Modify Fingerprints
- Modifying a Fingerprint
Update Fingerprints
- Updating Fingerprints
  - Perform a Fingerprint Update
  - Schedule Fingerprint Updates
Custom Fingerprint Examples
- Fingerprints Based on a Flow
- Fingerprints Based on an Application or Application Group
- Fingerprints Based on a Destination Address
How to Deploy ExtremeAnalytics in an MSP or MSSP Environment
- Configuring Extreme Management Center Behind a NAT Router
ExtremeAnalytics Virtual Sensor Configuration in Extreme Management Center
- Prerequisites
- Installing the Virtual Sensor Using the Extreme Management Center Server
  - Install Using Extreme Management Center
    - Configuring the VMware vSphere Module in ExtremeConnect
    - Adding the Virtual Sensor to Extreme Management Center
- Adding the Virtual Sensor in ExtremeAnalytics
- Configuring vCenter Settings for the Virtual Sensor
Stream Flow Data from ExtremeAnalytics into Splunk
- Environment
- Overview
- Part 1 – Making File Level Splunk Modifications
- Part 2 – Creating a New Stream using the Splunk web UI
- Part 3 – Configuring each Analytics Engine to Export IPFIX Data to the Splunk...
- Appendix
Stream Flow Data from ExtremeAnalytics into Elastic Stack
- Environment
- Overview
- Part 1 – Installing and Configuring ElastiFlow and Elastic Stack
- Part 2 – Configuring each Analytics Engine to export IPFIX data to the Elasti...
- Appendix: Files

Creating Fingerprints Based on a Destination Address

119 of 218

Create Custom Fingerprints Based on

Destination Address

The ExtremeAnalytics feature uses fingerprints to identify to which application a

network traffic flow belongs. A fingerprint is a description of a pattern of

network traffic which can be used to identify an application. Extreme

Management Center provides thousands of system fingerprints with the

ExtremeAnalytics feature. In addition, you can create new custom fingerprints.

Creating Fingerprints Based on a Destination

Address

Often, you will create a new custom fingerprint to cover a case where no

appropriate fingerprint existed. However, you may also want to create a new

fingerprint for traffic flows already identified as one application, but should be

categorized as something else.

For example, let's say you have a Git repository on your network. Git repositories

(a source code management system used in software development) are

frequently accessed via SSH on port 22 (the standard TCP port assigned for SSH

traffic). In this case, the SSH traffic flows is identified using the system SSH port-

based fingerprint.

But what if you would like to more closely monitor who is accessing the Git

repository? If you know you are running the Git server on a certain system

(10.20.117.102 port 22, for our example), you can create a custom fingerprint to

identify the Git traffic flows.

The fingerprint is based on one of the SSH flows using the IP address/port of the

Git server and have a higher confidence than the system port-based fingerprint.

The higher confidence fingerprint will override the lower confidence fingerprint

when determining a match for the traffic flow.

Use the following steps to create the fingerprint.

1. Select the Analytics tab in Extreme Management Center.

2. Select the Application Flows tab.