Network Computing is part of the Informa Tech Division of Informa PLC
Using Wireshark To Identify Application Signatures
An application signature is a pattern within your packets from an application or task. You may be familiar with application signatures from the security world, where people research worms, viruses, malicious applications or network attacks. In this video, I use the network protocol analyzer Wireshark to focus on application baselining and the network troubleshooting aspect of application signatures, but the concept can be carried through to other disciplines.
Identifying application signatures becomes an important skill when you are troubleshooting what you believe is anomalous traffic.
To find an application signature using Wireshark, capture packets from your application and look either in the detail pane or in the bytes pane for a pattern. It’s critical that you pay attention to what you were doing when you captured those packets. For example logging in, printing, or querying from your application of choice.
If you’re lucky you will see a pattern; if you’re very lucky that pattern will be in clear text. And if you’re unlucky, that pattern might be in hex or binary, but you should always try to find out if there is a pattern within your application.
If your application is using well-known protocols such as HTTP or SQL, you will find that your protocol analyzer will decode the commands for you and will make life a lot easier. Even when this is the case, you should pay attention because your application data after the command may also contain an application signature.
A good example would be when using HTTP for your web application, but within the payload there may be a signature or pattern identifying the database, application call or task.
Recommended For You
Making the jump from outdated legacy technology to a more modern digital infrastructure will allow businesses to innovate at the speed and scale needed in today’s marketplace.
The business world is speeding up. The longer IT leaders wait to get their needs met, the more at risk their businesses and their jobs will be.
By arming SD-WAN networks with end-to-end intelligence, analytics-driven predictions, and predictive automation solutions, IT teams can simplify infrastructure management and assure higher levels of quality experiences for users.