Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 1 reply
  • Subscribers 4 subscribers
  • Views 1145 views
  • Users 0 members are here
Options
Suggested

Bug: Xstream SSL always show me the application detected is FTP (instead of HTTP for example)

Jaime Tan

Observed behavior:

In the log viewer and Control Center "SSL/TLS inspection" Report,  show me allways  the FTP application.

 

Desired:

the correct application detected must be HTTP or XMPP for example

Reproduce it:

Browse in internet any web page,  open the Log Viewer , Go to SSL/TLS inspection,  it show always FTP application.

 

Supporting logs:

messageid="19004" log_type="SSL" log_component="SSL" severity="Information" user="" src_ip="172.16.16.100" bytes_sent="4088" bytes_received="5952" dst_ip="172.217.192.84" user_group="" src_country="R1" dst_country="USA" src_port="1185" dst_port="443" app_name="FTP" app_id="0" category="Information Technology" category_id="29" con_id="0" rule_id="3" profile_id="1" rule_name="Decrypt" profile_name="Maximum compatibility" bitmask="Valid" key_type="KEY_TYPE__RSA" fingerprint="2a:73:1e:c3:0f:7f:db:8c:1d:a7:d" session="0" cert_chain_served="TRUE" cipher_suite="TLS_AES_128_GCM_SHA256" sni="accounts.google.com" tls_version="TLS version - 1.3" reason="" exception="" message=""

 

messageid="19004" log_type="SSL" log_component="SSL" severity="Information" user="" src_ip="172.16.16.100" bytes_sent="1001" bytes_received="6332" dst_ip="52.201.19.143" user_group="" src_country="R1" dst_country="USA" src_port="1257" dst_port="443" app_name="FTP" app_id="0" category="News" category_id="41" con_id="0" rule_id="3" profile_id="1" rule_name="Decrypt" profile_name="Maximum compatibility" bitmask="Valid" key_type="KEY_TYPE__RSA" fingerprint="46:f9:5b:ca:7a:bc:b6:ed:7d:cb:5" session="0" cert_chain_served="TRUE" cipher_suite="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" sni="especial.elcomercio.pe" tls_version="TLS version - 1.2"

 

messageid="19004" log_type="SSL" log_component="SSL" severity="Information" user="" src_ip="172.16.16.100" bytes_sent="4982" bytes_received="477198" dst_ip="xxxxx" user_group="" src_country="R1" dst_country="PER" src_port="32697" dst_port="5222" app_name="FTP" app_id="0" category="General Business" category_id="6" con_id="0" rule_id="3" profile_id="1" rule_name="Decrypt" profile_name="Maximum compatibility" bitmask="Invalid issuer" key_type="KEY_TYPE__RSA" fingerprint="ce:ec:63:8a:59:82:37:02:f2:f2:0" session="0" cert_chain_served="FALSE" cipher_suite="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" sni="chasqui.yachay.pe" tls_version="TLS version - 1.2" reason="" exception="" message=""

Unfiltered HTML