Using Wireshark To Identify Application Signatures

Tracking down application signatures in packets can be crucial for network troubleshooting.

Tony Fortunato

January 14, 2016

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

An application signature is a pattern within your packets from an application or task. You may be familiar with application signatures from the security world, where people research worms, viruses, malicious applications or network attacks. In this video, I use the network protocol analyzer Wireshark to focus on application baselining and the network troubleshooting aspect of application signatures, but the concept can be carried through to other disciplines.

Identifying application signatures becomes an important skill when you are troubleshooting what you believe is anomalous traffic.

 

 

To find an application signature using Wireshark, capture packets from your application and look either in the detail pane or in the bytes pane for a pattern. It’s critical that you pay attention to what you were doing when you captured those packets. For example logging in, printing, or querying from your application of choice.

If you’re lucky you will see a pattern; if you’re very lucky that pattern will be in clear text. And if you’re unlucky, that pattern might be in hex or binary, but you should always try to find out if there is a pattern within your application.

If your application is using well-known protocols such as HTTP or SQL, you will find that your protocol analyzer will decode the commands for you and will make life a lot easier. Even when this is the case, you should pay attention because your application data after the command may also contain an application signature.

A good example would be when using HTTP for your web application, but within the payload there may be a signature or pattern identifying the database, application call or task.

About the Author

Tony Fortunato

Sr Network Performance Specialist

Tony Fortunato is a network performance expert who has been designing, implementing and troubleshooting networks since 1989. His company, The Technology Firm, provides clients of all sizes with services ranging from project management, network design, consulting, troubleshooting, designing custom-designed training courses, and assisting with equipment installation. Tony's experience in networking started with financial trading floor networks and ISPs, where he learned to integrate and support equipment from various vendors. Tony has taught and presented at numerous colleges and universities, public forums and private classes. He blogs frequently at NetworkDataPediaand has a popular YouTube channel.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights