Packet Capture of Unknown Application Traffic Overview
You can use the packet capture of unknown applications feature to gather more details about an unknown application on your security device. Unknown application traffic is the traffic that does not match an application signature.
Once you’ve configured packet capture options on your
security device, the unknown application traffic is gathered and stored
on the device in a packet capture file (
.pcap). You can use the packet capture of an unknown application to define
a new custom application signature. You can use this custom application
signature in a security policy to manage the application traffic more
You can send the
to Juniper Networks for analysis in cases where the traffic is incorrectly
classified, or to request creation of an application signature.
Benefits of Packet Capture of Unknown Application Traffic
You can use the packet capture of unknown application traffic to:
Gather more insight about an unknown application
Analyze unknown application traffic for potential threats
Assist in creation of security policy rules
Enable custom application signature creation
Implementing security policies that block all unknown application traffic could cause issues with network-based applications. Before applying these types of policies, be sure to validate that this approach does not cause issues in your environment. You must carefully analyze the unknown application traffic, and define the security policy accordingly.