Press "Enter" to skip to content

How does Sourcefire IPS understand which application is sending the packet?

Last updated on December 27, 2018

        I wanted to understand how does the Sourcefire NGIPS understand which application has initiated the traffic. I am aware that the protocol is learned from the ports, but, how does it determine that so and so application has initiated this traffic? 
E.g., RDP traffic being generated by "RDP Client", HTTP traffic being generated by "Mozilla Firefox"

Be First to Comment

Leave a Reply

%d bloggers like this: