Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Packet Capture of Unknown Application Traffic Overview

 

You can use the packet capture of unknown applications feature to gather more details about an unknown application on your security device. Unknown application traffic is the traffic that does not match an application signature.

Once you’ve configured packet capture options on your security device, the unknown application traffic is gathered and stored on the device in a packet capture file (.pcap). You can use the packet capture of an unknown application to define a new custom application signature. You can use this custom application signature in a security policy to manage the application traffic more efficiently.

You can send the .pcap file to Juniper Networks for analysis in cases where the traffic is incorrectly classified, or to request creation of an application signature.

Benefits of Packet Capture of Unknown Application Traffic

You can use the packet capture of unknown application traffic to:

  • Gather more insight about an unknown application

  • Analyze unknown application traffic for potential threats

  • Assist in creation of security policy rules

  • Enable custom application signature creation

Note

Implementing security policies that block all unknown application traffic could cause issues with network-based applications. Before applying these types of policies, be sure to validate that this approach does not cause issues in your environment. You must carefully analyze the unknown application traffic, and define the security policy accordingly.