![]() ![]() Unknown-p2p matches generic P2P heuristics. ![]() Unknown-udp consists of unknown udp traffic. This may be due to the use of a custom application for which the firewall does not have signatures. Unknown-tcp means the firewall captured the three-way TCP handshake, but the application was not identified. So for example, if the three-way TCP handshake completed and there was one data packet after the handshake but that one data packet was not enough to match any of our signatures, then user will see insufficient data in the application field of the traffic log. Insufficient data means not enough data to identify the application. Insufficient data in the application field: ![]() One example is, if a client sends a server a SYN and the Palo Alto Networks device creates a session for that SYN, but the server never sends a SYN ACK back to the client, then that session is incomplete. In other words that traffic being seen is not really an application. Incomplete means that either the three-way TCP handshake did not complete OR the three-way TCP handshake did complete but there was no enough data after the handshake to identify the application. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |