App-Dictionary
These scenarios check the application dictionary support provided by app-detect feature.
Local Storage Application Dictionary
Description
DUT0 configures HTTP and DNS detection. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. Traffic is first generated without a dictionary and connections are verified to be classified only by below-L7 detectors. Then a local dictionary file is loaded and statistics are checked to be empty. An HTTP download verifies FQDN match with local dictionary and performs IP-cache population. A second download verifies IP-cache match. An SSH connection verifies static IP address range match. Finally a DNS lookup and ping verify DNS-host detection with IP-cache lookup.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set system conntrack app-detect dns-host set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.556 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.556/0.556/0.556/0.000 ms
Step 5: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 3808 0 --:--:-- --:--:-- --:--:-- 4111
Step 6: Init an SSH connection from DUT0 to IP address 10.215.168.66 with the user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.8.4 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Feb 19 10:52:34 2026 from 40.0.0.2 admin@osdx$
Step 7: Ping IP address 10.215.168.64 from DUT1:
admin@DUT1$ ping 10.215.168.64 count 1 size 56 timeout 1Show output
PING 10.215.168.64 (10.215.168.64) 56(84) bytes of data. 64 bytes from 10.215.168.64: icmp_seq=1 ttl=64 time=0.322 ms --- 10.215.168.64 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.322/0.322/0.322/0.000 ms
Step 8: Run command system conntrack show at DUT0 and expect this output:
Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=59570 dport=22 packets=22 bytes=4928 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=59570 packets=21 bytes=4848 [ASSURED] mark=0 use=1 appdetect[L4:22] icmp 1 29 src=192.168.2.101 dst=10.215.168.1 type=8 code=0 id=535 packets=1 bytes=84 src=10.215.168.1 dst=10.215.168.64 type=0 code=0 id=535 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] icmp 1 29 src=192.168.2.101 dst=10.215.168.64 type=8 code=0 id=536 packets=1 bytes=84 src=10.215.168.64 dst=192.168.2.101 type=0 code=0 id=536 packets=1 bytes=84 mark=0 use=1 appdetect[L3:1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=59782 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59782 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 4 flow entries have been shown.
Step 9: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 9234k 0 --:--:-- --:--:-- --:--:-- 9511k
Note
The dictionary file contains the following test entries used in this scenario:
Show output
<app id="30" name="Teldat Test" version="1"> <fqdn_list> <fqdn>10.215.168.1</fqdn> </fqdn_list> </app> <app id="31" name="Teldat Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.64</net_address> <net_mask>255.255.255.192</net_mask> </range> </address_list> </app>
Step 10: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://user-data/test_dict.gz' set system conntrack app-detect enable_dict_match_priv_ip
Step 11: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 12: Run command system conntrack clear at DUT0.
Step 13: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5263 0 --:--:-- --:--:-- --:--:-- 6166
Step 14: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U128:30\shttp-host:10.215.168.1\]Show output
tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=59790 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59790 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] conntrack v1.4.7 (conntrack-tools): 1 flow entries have been shown.
Step 15: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run command file copy http://10.215.168.1/~robot/test_file running://user-data/ force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 1079 0 --:--:-- --:--:-- --:--:-- 1088
Step 17: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 18: Init an SSH connection from DUT0 to IP address 10.215.168.66 with the user admin:
admin@DUT0$ ssh admin@10.215.168.66 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.215.168.66' (ECDSA) to the list of known hosts. admin@10.215.168.66's password: Welcome to Teldat OSDx v4.2.8.4 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Feb 19 12:52:31 2026 from 10.215.168.64 admin@osdx$
Step 19: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
src=10.215.168.64\sdst=10.215.168.66.*appdetect\[U128:31]Show output
tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=59790 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59790 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=59806 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59806 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=59580 dport=22 packets=25 bytes=5084 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=59580 packets=22 bytes=4944 [ASSURED] mark=0 use=1 appdetect[U128:31] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 20: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 1 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Ping IP address static.opentok.com from DUT1:
admin@DUT1$ ping static.opentok.com count 1 size 56 timeout 1Show output
PING static.opentok.com (192.168.2.100) 56(84) bytes of data. 64 bytes from static.opentok.com (192.168.2.100): icmp_seq=1 ttl=64 time=0.390 ms --- static.opentok.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.390/0.390/0.390/0.000 ms
Step 22: Run command system conntrack show at DUT0 and expect this output:
Show output
tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=59790 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59790 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] icmp 1 29 src=192.168.2.101 dst=192.168.2.100 type=8 code=0 id=537 packets=1 bytes=84 src=192.168.2.100 dst=192.168.2.101 type=0 code=0 id=537 packets=1 bytes=84 mark=0 use=1 appdetect[U128:12] tcp 6 18 TIME_WAIT src=10.215.168.64 dst=10.215.168.1 sport=59806 dport=80 packets=6 bytes=583 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=59806 packets=4 bytes=504 [ASSURED] mark=0 use=1 appdetect[U128:30 http-host:10.215.168.1] tcp 6 19 TIME_WAIT src=10.215.168.64 dst=10.215.168.66 sport=59580 dport=22 packets=25 bytes=5084 src=10.215.168.66 dst=10.215.168.64 sport=22 dport=59580 packets=22 bytes=4944 [ASSURED] mark=0 use=1 appdetect[U128:31] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=45863 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=45863 packets=1 bytes=64 mark=0 use=1 appdetect[U128:31] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=35337 dport=53 packets=1 bytes=72 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35337 packets=1 bytes=104 mark=0 use=1 appdetect[U128:31] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=52953 dport=53 packets=1 bytes=64 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=52953 packets=1 bytes=80 mark=0 use=1 appdetect[U128:31 dns-host:static.opentok.com] conntrack v1.4.7 (conntrack-tools): 7 flow entries have been shown.
Step 23: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 4 Matches in IP-cache 2 Modifications in IP-cache 2 Matches in dynamic dictionaries 3 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
CLI Custom Application Dictionary
Description
DUT0 configures HTTP detection with a custom dictionary defined via CLI. DUT1 acts as a client behind DUT0 and downloads a file via HTTP. The connection is verified to be classified with the custom App-ID on the first request through FQDN match, and on subsequent requests through IP-cache.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set system conntrack app-detect dictionary 1 custom app-id 42 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 1 custom app-id 42 name 'Teldat Test' set system conntrack app-detect dictionary 2 custom app-id 43 fqdn enterprise.opentok.com set system conntrack app-detect dictionary 2 custom app-id 43 name 'Teldat Test' set system conntrack app-detect http-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.451 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.451/0.451/0.451/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 0 Matches in dynamic dictionaries 0 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 7: Run command system conntrack clear at DUT0.
Step 8: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5270 0 --:--:-- --:--:-- --:--:-- 6166
Step 9: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U6:42\shttp-host:enterprise.opentok.com\]Show output
tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=36224 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=36224 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U6:42 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=36766 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=36766 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=51837 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=51837 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 3 flow entries have been shown.
Step 10: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 11: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 7825 0 --:--:-- --:--:-- --:--:-- 9250
Step 12: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Remote Application Dictionary
Description
DUT0 configures HTTP detection with a remote application dictionary served by a categorization server. DUT1 acts as a client behind DUT0 and DUT2 runs a DNS server. A traffic policy drops uncategorized traffic until the remote dictionary classifies it. Traffic belonging to the remote dictionary protocol is allowed.
Phase 1: HTTP-host detection triggers a remote dictionary lookup in override mode and the connection is classified with the remote App-ID.
Phase 2: DNS-host detection is added so classification happens at DNS resolution time and populates the IP-cache.
Phase 3: App-detect chained storage mode is enabled and the full App-ID chain is verified.
Phase 4: An alarm is configured to detect communication errors with the remote dictionary server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18pB63wyb8Wr38OgFPJ3Bu8oq97j+mzsuE= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX18N0IaREKlEW7Awt/izfv9WNx97Q47qUedTih2MdNPudSevfJJ+Kds+ set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+YD3WpcqUgSVI0fg6LxTdGhzK94Lp+ECw= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18atw7KEzqWP2QSOsXGqDmn3JYU6u2VI8WqcOdRagLVTsVAOWdiVHnm set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.538 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.538/0.538/0.538/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run command system journal show | tail -n 200 at DUT0 and expect this output:
Show output
Feb 19 12:54:01.000058 osdx systemd[1]: Started systemd-timedated.service - Time & Date Service. Feb 19 12:54:01.000339 osdx systemd-timedated[638619]: Changed local time to Thu 2026-02-19 12:54:01 UTC Feb 19 12:54:01.002171 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'set date 2026-02-19 12:54:01'. Feb 19 12:54:01.003646 osdx systemd-journald[2186]: Time jumped backwards, rotating. Feb 19 12:54:01.319872 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.6M, max 17.2M, 14.6M free. Feb 19 12:54:01.323652 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 12:54:01.323752 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 12:54:01.332357 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 12:54:01.583819 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 12:54:01.851137 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:54:01.956546 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.2.100/24'. Feb 19 12:54:02.028834 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Feb 19 12:54:02.135020 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic nat source rule 1 address masquerade'. Feb 19 12:54:02.192206 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out POL'. Feb 19 12:54:02.450103 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action accept'. Feb 19 12:54:02.518386 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector RDICT'. Feb 19 12:54:02.615356 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 action drop'. Feb 19 12:54:02.680781 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 selector RESOLVING'. Feb 19 12:54:02.787961 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic selector RDICT rule 1 mark 5555'. Feb 19 12:54:02.855878 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state detecting'. Feb 19 12:54:02.953076 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state host-detected'. Feb 19 12:54:03.065001 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote url ******'. Feb 19 12:54:03.151443 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote key ******'. Feb 19 12:54:03.227374 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote ssl-allow-insecure'. Feb 19 12:54:03.282486 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote property category'. Feb 19 12:54:03.402743 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote url ******'. Feb 19 12:54:03.469777 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote key ******'. Feb 19 12:54:03.571842 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote ssl-allow-insecure'. Feb 19 12:54:03.637227 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote property reputation'. Feb 19 12:54:03.743608 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote mark 5555'. Feb 19 12:54:03.831707 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote mark 5555'. Feb 19 12:54:03.931669 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect http'. Feb 19 12:54:04.043008 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 19 12:54:04.104951 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect refresh-flow-appid'. Feb 19 12:54:04.201435 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Feb 19 12:54:04.262343 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect debug'. Feb 19 12:54:04.394338 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:54:04.477419 osdx ubnt-cfgd[638683]: inactive Feb 19 12:54:04.547214 osdx INFO[638721]: FRR daemons did not change Feb 19 12:54:04.723651 osdx kernel: nfUDPlink: module init Feb 19 12:54:04.723720 osdx kernel: app-detect: module init Feb 19 12:54:04.723735 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 12:54:04.723747 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Feb 19 12:54:04.723763 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Feb 19 12:54:04.723776 osdx kernel: app-detect: expression init Feb 19 12:54:04.723793 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Feb 19 12:54:04.723805 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Feb 19 12:54:04.739662 osdx kernel: app-detect: set target dict _remote_ priority 1 type unknown (new,empty) Feb 19 12:54:04.739729 osdx kernel: app-detect: linked list of enabled dicts: Feb 19 12:54:04.739743 osdx kernel: app-detect: (empty, no dicts) Feb 19 12:54:04.739754 osdx kernel: app-detect: linked list of disabled dicts: Feb 19 12:54:04.739765 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type unknown (target_dict) Feb 19 12:54:04.739777 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Feb 19 12:54:04.739789 osdx kernel: app-detect: set type of dict _remote_ to remote Feb 19 12:54:04.739805 osdx kernel: app-detect: user set num_hash_entries=40000 Feb 19 12:54:04.739822 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Feb 19 12:54:04.739834 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Feb 19 12:54:04.739845 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Feb 19 12:54:04.739856 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Feb 19 12:54:04.739867 osdx kernel: app-detect: enable remote dictionary _remote_ Feb 19 12:54:04.739878 osdx kernel: app-detect: dictionary _remote_ enabled Feb 19 12:54:04.739889 osdx kernel: app-detect: linked list of enabled dicts: Feb 19 12:54:04.739900 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Feb 19 12:54:04.739910 osdx kernel: app-detect: linked list of disabled dicts: Feb 19 12:54:04.739920 osdx kernel: app-detect: (empty, no dicts) Feb 19 12:54:04.739931 osdx kernel: app-detect: set target dict _remote_ priority 2 type unknown (new,empty) Feb 19 12:54:04.739944 osdx kernel: app-detect: linked list of enabled dicts: Feb 19 12:54:04.739954 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Feb 19 12:54:04.739965 osdx kernel: app-detect: linked list of disabled dicts: Feb 19 12:54:04.739977 osdx kernel: app-detect: (0) dictionary _remote_, priority 2 type unknown (target_dict) Feb 19 12:54:04.739987 osdx kernel: app-detect: initialized expiration timer for REMOTE dict _remote_ Feb 19 12:54:04.740007 osdx kernel: app-detect: set type of dict _remote_ to remote Feb 19 12:54:04.740018 osdx kernel: app-detect: user set num_hash_entries=40000 Feb 19 12:54:04.740029 osdx kernel: app-detect: selected hash dict hash table with 16 hash bits and 65536 buckets for max 40000 entries (supported range 2^8...2^20) Feb 19 12:54:04.740041 osdx kernel: app-detect: allocated memory for hash table with 65536 buckets (524288 bytes) Feb 19 12:54:04.740051 osdx kernel: app-detect: allocated memory for 40000 hash entries (4160000 bytes) Feb 19 12:54:04.740062 osdx kernel: app-detect: set dictionary _remote_ hash_key d46225f3cb7730441efc28f7ad6acf2604ffe1719e801afac8457b3bf45deec3 Feb 19 12:54:04.740073 osdx kernel: app-detect: enable remote dictionary _remote_ Feb 19 12:54:04.740083 osdx kernel: app-detect: dictionary _remote_ enabled Feb 19 12:54:04.740096 osdx kernel: app-detect: linked list of enabled dicts: Feb 19 12:54:04.740106 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Feb 19 12:54:04.740116 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Feb 19 12:54:04.740127 osdx kernel: app-detect: linked list of disabled dicts: Feb 19 12:54:04.740138 osdx kernel: app-detect: (empty, no dicts) Feb 19 12:54:04.748074 osdx INFO[638758]: Updated /etc/default/osdx_tcatd.conf Feb 19 12:54:04.748111 osdx INFO[638758]: Restarting Traffic Categorization (TCATD) service ... Feb 19 12:54:04.775932 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Feb 19 12:54:05.073197 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Feb 19 12:54:05.074265 osdx osdx-tcatd[638762]: Dict_client. rdict_num 2 mark 5555 local-vrf Feb 19 12:54:05.074353 osdx osdx-tcatd[638762]: Dict_client. ERROR (dict 2) 7 (Couldn't connect to server): Unable to connect to server Feb 19 12:54:05.074427 osdx osdx-tcatd[638762]: Dict_client. rdict_num 1 mark 5555 local-vrf Feb 19 12:54:05.074459 osdx osdx-tcatd[638762]: Dict_client. ERROR (dict 1) 7 (Couldn't connect to server): Unable to connect to server Feb 19 12:54:05.107654 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Feb 19 12:54:05.148710 osdx WARNING[638852]: No supported link modes on interface eth1 Feb 19 12:54:05.150084 osdx modulelauncher[638852]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Feb 19 12:54:05.150096 osdx modulelauncher[638852]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Feb 19 12:54:05.151263 osdx modulelauncher[638852]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:54:05.151273 osdx modulelauncher[638852]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:54:05.187649 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 12:54:05.230008 osdx WARNING[638932]: No supported link modes on interface eth0 Feb 19 12:54:05.231368 osdx modulelauncher[638932]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 19 12:54:05.231381 osdx modulelauncher[638932]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 19 12:54:05.232595 osdx modulelauncher[638932]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:54:05.232605 osdx modulelauncher[638932]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:54:05.436172 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:54:05.450871 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:54:05.476768 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:54:08.350930 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system conntrack clear'. Feb 19 12:54:08.500992 osdx kernel: app-detect: field http-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:36514/10.215.168.1:80 Feb 19 12:54:08.501056 osdx kernel: app-detect: http detected. Org(src/dst) 192.168.2.101:36514/10.215.168.1:80 Feb 19 12:54:08.501066 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Feb 19 12:54:08.501075 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 19 12:54:08.501090 osdx kernel: app-detect: search in dict _remote_, prio 2 Feb 19 12:54:08.501036 osdx osdx-tcatd[638762]: UDP_Server. Read 27 bytes Feb 19 12:54:08.501042 osdx osdx-tcatd[638762]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com Feb 19 12:54:08.501065 osdx osdx-tcatd[638762]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Feb 19 12:54:08.501080 osdx osdx-tcatd[638762]: UDP_Server. Read 27 bytes Feb 19 12:54:08.501082 osdx osdx-tcatd[638762]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com Feb 19 12:54:08.501097 osdx osdx-tcatd[638762]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Feb 19 12:54:09.459869 osdx osdx-tcatd[638762]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Feb 19 12:54:09.459887 osdx osdx-tcatd[638762]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 Feb 19 12:54:09.459961 osdx osdx-tcatd[638762]: UDP_Server. Sent 38 bytes Feb 19 12:54:09.463645 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Feb 19 12:54:09.463698 osdx kernel: app-detect: linked list of enabled dicts: Feb 19 12:54:09.463715 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Feb 19 12:54:09.463729 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Feb 19 12:54:09.463738 osdx kernel: app-detect: linked list of disabled dicts: Feb 19 12:54:09.463746 osdx kernel: app-detect: (empty, no dicts) Feb 19 12:54:09.463754 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Feb 19 12:54:09.469813 osdx osdx-tcatd[638762]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Feb 19 12:54:09.469829 osdx osdx-tcatd[638762]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 Feb 19 12:54:09.469887 osdx osdx-tcatd[638762]: UDP_Server. Sent 38 bytes Feb 19 12:54:09.471652 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Feb 19 12:54:09.471711 osdx kernel: app-detect: linked list of enabled dicts: Feb 19 12:54:09.471729 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Feb 19 12:54:09.471745 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Feb 19 12:54:09.471758 osdx kernel: app-detect: linked list of disabled dicts: Feb 19 12:54:09.471769 osdx kernel: app-detect: (empty, no dicts) Feb 19 12:54:09.471782 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds
Step 8: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443Show output
tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57444 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57444 packets=11 bytes=3514 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=34288 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=34288 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=57612 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=57612 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 59 FIN_WAIT src=192.168.2.101 dst=10.215.168.1 sport=36514 dport=80 packets=8 bytes=1789 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=36514 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57432 dport=443 packets=12 bytes=1711 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57432 packets=11 bytes=3514 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=59511 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59511 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 9: Run command traffic selector RDICT show at DUT0 and check if output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth1 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 23 40 3370 6011 ----------------------------------------------------- Total 23 40 3370 6011
Step 10: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dport=80.*packets=[1-9].*appdetect\[L4:80\shttp-host:enterprise.opentok.com\]Show output
tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57444 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57444 packets=11 bytes=3514 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=34288 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=34288 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=57612 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=57612 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 59 FIN_WAIT src=192.168.2.101 dst=10.215.168.1 sport=36514 dport=80 packets=8 bytes=1789 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=36514 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57432 dport=443 packets=12 bytes=1711 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57432 packets=11 bytes=3514 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=59511 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59511 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 11: Run command system conntrack clear at DUT1.
Step 12: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 8354 0 --:--:-- --:--:-- --:--:-- 9250 admin@osdx$
Step 13: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 3596 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57444 dport=443 packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57444 packets=11 bytes=3514 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=36526 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=36526 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=34288 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=34288 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 26 src=127.0.0.1 dst=127.0.0.1 sport=57612 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=57612 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 28 LAST_ACK src=192.168.2.101 dst=10.215.168.1 sport=36514 dport=80 packets=9 bytes=2114 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=36514 packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=49284 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=49284 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3596 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=57432 dport=443 packets=12 bytes=1711 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=57432 packets=11 bytes=3514 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=59511 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59511 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 14: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 4m57s928ms
Step 15: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 0 Modifications in IP-cache 1 Matches in dynamic dictionaries 1 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 16: Run command system conntrack clear at DUT0.
Step 17: Run command system conntrack clear at DUT1.
Step 18: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5383 0 --:--:-- --:--:-- --:--:-- 6166
Step 19: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=48183 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=48183 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=36538 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=36538 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 2 flow entries have been shown.
Step 20: Run command system conntrack app-detect show at DUT0 and expect this output:
Show output
--------------------------------------------------- App-detect Stats # --------------------------------------------------- Matches in static dictionaries 0 Matches in IP-cache 1 Modifications in IP-cache 1 Matches in dynamic dictionaries 2 Times appid has been refreshed 0 Ips blacklisted from cache due to appid flapping 0 Matches in DNS CNAME cache 0 Entries in DNS CNAME cache 0
Step 21: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect app-id-storage override set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18pB63wyb8Wr38OgFPJ3Bu8oq97j+mzsuE= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX18N0IaREKlEW7Awt/izfv9WNx97Q47qUedTih2MdNPudSevfJJ+Kds+ set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+YD3WpcqUgSVI0fg6LxTdGhzK94Lp+ECw= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18atw7KEzqWP2QSOsXGqDmn3JYU6u2VI8WqcOdRagLVTsVAOWdiVHnm set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 22: Run command system conntrack clear at DUT0.
Step 23: Run command nslookup enterprise.opentok.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 24: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 25: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 26: Run command system conntrack show at DUT0 and expect this output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=34663 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=34663 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 299 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=52104 dport=443 packets=8 bytes=1017 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=52104 packets=6 bytes=1367 [ASSURED] mark=0 use=1 appdetect[U130:7] udp 17 29 src=127.0.0.1 dst=127.0.0.1 sport=57612 dport=49000 packets=4 bytes=222 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=57612 packets=4 bytes=266 mark=0 use=1 appdetect[L4:49000] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=56718 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=56718 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3599 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=52092 dport=443 packets=8 bytes=1017 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=52092 packets=5 bytes=1315 [ASSURED] mark=0 use=1 appdetect[U130:7] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=38653 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38653 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=59540 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59540 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=39198 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=39198 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=56490 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=56490 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] conntrack v1.4.7 (conntrack-tools): 9 flow entries have been shown.
Step 27: Run command nslookup enterprise.opentok.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: enterprise.opentok.com Address: 10.215.168.1 ** server can't find enterprise.opentok.com: REFUSED
Step 28: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 29: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 30: Run command system conntrack show at DUT0 and expect this output:
Show output
udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=33295 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=33295 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=34663 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=34663 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=53435 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=53435 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=40314 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40314 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=41513 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=41513 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=52104 dport=443 packets=8 bytes=1017 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=52104 packets=6 bytes=1367 [ASSURED] mark=0 use=1 appdetect[U130:7] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=57612 dport=49000 packets=4 bytes=222 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=57612 packets=4 bytes=266 mark=0 use=1 appdetect[L4:49000] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=56718 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=56718 packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=52092 dport=443 packets=8 bytes=1017 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=52092 packets=5 bytes=1315 [ASSURED] mark=0 use=1 appdetect[U130:7] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=46663 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=46663 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=38653 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=38653 packets=1 bytes=69 mark=0 use=1 appdetect[L4:53] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=43655 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=43655 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=59540 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59540 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:enterprise.opentok.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=39198 dport=53 packets=1 bytes=69 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=39198 packets=1 bytes=85 mark=0 use=1 appdetect[L4:53 dns-host:www.newspaperteldat.com] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=56490 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=56490 packets=1 bytes=84 mark=0 use=1 appdetect[L4:53 dns-host:www.gamblingteldat.com] conntrack v1.4.7 (conntrack-tools): 15 flow entries have been shown.
Step 31: Run command system journal show | tail -n 200 at DUT0 and expect this output:
Show output
Feb 19 12:54:05.476768 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:54:08.350930 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system conntrack clear'. Feb 19 12:54:08.500992 osdx kernel: app-detect: field http-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:36514/10.215.168.1:80 Feb 19 12:54:08.501056 osdx kernel: app-detect: http detected. Org(src/dst) 192.168.2.101:36514/10.215.168.1:80 Feb 19 12:54:08.501066 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Feb 19 12:54:08.501075 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 19 12:54:08.501090 osdx kernel: app-detect: search in dict _remote_, prio 2 Feb 19 12:54:08.501036 osdx osdx-tcatd[638762]: UDP_Server. Read 27 bytes Feb 19 12:54:08.501042 osdx osdx-tcatd[638762]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN enterprise.opentok.com Feb 19 12:54:08.501065 osdx osdx-tcatd[638762]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Feb 19 12:54:08.501080 osdx osdx-tcatd[638762]: UDP_Server. Read 27 bytes Feb 19 12:54:08.501082 osdx osdx-tcatd[638762]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN enterprise.opentok.com Feb 19 12:54:08.501097 osdx osdx-tcatd[638762]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["enterprise.opentok.com"],"xml": 0} Feb 19 12:54:09.459869 osdx osdx-tcatd[638762]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Feb 19 12:54:09.459887 osdx osdx-tcatd[638762]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN enterprise.opentok.com TTL 172800 AppID:82000007 Feb 19 12:54:09.459961 osdx osdx-tcatd[638762]: UDP_Server. Sent 38 bytes Feb 19 12:54:09.463645 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Feb 19 12:54:09.463698 osdx kernel: app-detect: linked list of enabled dicts: Feb 19 12:54:09.463715 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Feb 19 12:54:09.463729 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Feb 19 12:54:09.463738 osdx kernel: app-detect: linked list of disabled dicts: Feb 19 12:54:09.463746 osdx kernel: app-detect: (empty, no dicts) Feb 19 12:54:09.463754 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Feb 19 12:54:09.469813 osdx osdx-tcatd[638762]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "enterprise.opentok.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 88, "lcp": "opentok.com", "cats": [{"catid": 7, "conf": 95}]}, "getrepinfo": {"reputation": 88, "country": "", "popularity": 0, "a ge": 0, "threathistory": 0}}}]} Feb 19 12:54:09.469829 osdx osdx-tcatd[638762]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN enterprise.opentok.com TTL 172800 AppID:83000058 Feb 19 12:54:09.469887 osdx osdx-tcatd[638762]: UDP_Server. Sent 38 bytes Feb 19 12:54:09.471652 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Feb 19 12:54:09.471711 osdx kernel: app-detect: linked list of enabled dicts: Feb 19 12:54:09.471729 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Feb 19 12:54:09.471745 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Feb 19 12:54:09.471758 osdx kernel: app-detect: linked list of disabled dicts: Feb 19 12:54:09.471769 osdx kernel: app-detect: (empty, no dicts) Feb 19 12:54:09.471782 osdx kernel: app-detect: set fqdn hash 46b26ca475a30e2c2b54f5356b2738abe73ead8a02742c712c9e645e233e9d74, hash table index=0018098 (0x046b2) (16 bits), ttl 172800 seconds Feb 19 12:54:10.560607 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal show | tail -n 200'. Feb 19 12:54:10.760817 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system conntrack show'. Feb 19 12:54:10.903846 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'traffic selector RDICT show'. Feb 19 12:54:10.982344 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system conntrack show'. Feb 19 12:54:11.220676 osdx kernel: app-detect: field http-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:36526/10.215.168.1:80 Feb 19 12:54:11.220769 osdx kernel: app-detect: http detected. Org(src/dst) 192.168.2.101:36526/10.215.168.1:80 Feb 19 12:54:11.220780 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Feb 19 12:54:11.220788 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 19 12:54:11.220796 osdx kernel: app-detect: appid 82000007 found in hash dictionary Feb 19 12:54:13.223371 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system conntrack show'. Feb 19 12:54:13.297906 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system conntrack app-detect show ip-cache'. Feb 19 12:54:13.406183 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system conntrack app-detect show'. Feb 19 12:54:13.501125 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system conntrack clear'. Feb 19 12:54:13.750229 osdx kernel: app-detect: field http-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:36538/10.215.168.1:80 Feb 19 12:54:13.750320 osdx kernel: app-detect: http detected. Org(src/dst) 192.168.2.101:36538/10.215.168.1:80 Feb 19 12:54:13.750335 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Feb 19 12:54:13.750356 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 19 12:54:13.750364 osdx kernel: app-detect: appid 82000007 found in hash dictionary Feb 19 12:54:13.881763 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system conntrack show'. Feb 19 12:54:14.017740 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system conntrack app-detect show'. Feb 19 12:54:14.240348 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:54:14.310926 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'delete system conntrack app-detect'. Feb 19 12:54:14.475375 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.2.100/24'. Feb 19 12:54:14.556947 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Feb 19 12:54:14.688090 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic nat source rule 1 address masquerade'. Feb 19 12:54:14.782689 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out POL'. Feb 19 12:54:14.834693 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action accept'. Feb 19 12:54:14.954688 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector RDICT'. Feb 19 12:54:15.071570 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 action drop'. Feb 19 12:54:15.155124 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic policy POL rule 2 selector RESOLVING'. Feb 19 12:54:15.269857 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic selector RDICT rule 1 mark 5555'. Feb 19 12:54:15.365421 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state detecting'. Feb 19 12:54:15.422147 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic selector RESOLVING rule 1 app-detect state host-detected'. Feb 19 12:54:15.540066 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote url ******'. Feb 19 12:54:15.604781 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote key ******'. Feb 19 12:54:15.685678 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote ssl-allow-insecure'. Feb 19 12:54:15.741180 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote property category'. Feb 19 12:54:15.850774 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote url ******'. Feb 19 12:54:15.923841 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote key ******'. Feb 19 12:54:16.004664 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote ssl-allow-insecure'. Feb 19 12:54:16.059717 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote property reputation'. Feb 19 12:54:16.190265 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 remote mark 5555'. Feb 19 12:54:16.308450 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 2 remote mark 5555'. Feb 19 12:54:16.408362 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect http'. Feb 19 12:54:16.474900 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 19 12:54:16.617847 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect refresh-flow-appid'. Feb 19 12:54:16.739685 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Feb 19 12:54:16.836566 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect debug'. Feb 19 12:54:16.929670 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dns'. Feb 19 12:54:17.025859 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dns-host'. Feb 19 12:54:17.088110 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect app-id-storage override'. Feb 19 12:54:17.207125 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:54:17.305666 osdx ubnt-cfgd[639136]: inactive Feb 19 12:54:17.338822 osdx INFO[639144]: FRR daemons did not change Feb 19 12:54:17.371649 osdx kernel: app-detect: expression destroy Feb 19 12:54:17.415649 osdx kernel: app-detect: expression init Feb 19 12:54:17.415719 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Feb 19 12:54:17.415734 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Feb 19 12:54:17.469027 osdx INFO[639169]: Updated /etc/default/osdx_tcatd.conf Feb 19 12:54:17.469063 osdx INFO[639169]: Restarting Traffic Categorization (TCATD) service ... Feb 19 12:54:17.475883 osdx osdx-tcatd[638762]: UDP_Server. Received STOP signal. Cleanup Feb 19 12:54:17.475922 osdx osdx-tcatd[638762]: Dict_client. Cleanup Feb 19 12:54:17.475925 osdx systemd[1]: Stopping osdx-tcatd.service - App-Detect Traffic Categorization daemon... Feb 19 12:54:17.477736 osdx systemd[1]: osdx-tcatd.service: Deactivated successfully. Feb 19 12:54:17.477849 osdx systemd[1]: Stopped osdx-tcatd.service - App-Detect Traffic Categorization daemon. Feb 19 12:54:17.496057 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Feb 19 12:54:17.848090 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Feb 19 12:54:17.849502 osdx osdx-tcatd[639173]: Dict_client. rdict_num 2 mark 5555 local-vrf Feb 19 12:54:17.918534 osdx osdx-tcatd[639173]: Dict_client. rdict_num 1 mark 5555 local-vrf Feb 19 12:54:18.057005 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:54:18.061149 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:54:18.083378 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:54:18.296804 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system conntrack clear'. Feb 19 12:54:20.428287 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:59540/10.215.168.66:53 Feb 19 12:54:20.431667 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:59540/10.215.168.66:53 Feb 19 12:54:20.431740 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Feb 19 12:54:20.431755 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com Feb 19 12:54:20.431767 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 19 12:54:20.431780 osdx kernel: app-detect: appid 82000007 found in hash dictionary Feb 19 12:54:20.431791 osdx kernel: app-detect: add address 10.215.168.1, appids 82000007 to cache Feb 19 12:54:20.536246 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:56490/10.215.168.66:53 Feb 19 12:54:20.536519 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:56490/10.215.168.66:53 Feb 19 12:54:20.536544 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com Feb 19 12:54:20.536555 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com Feb 19 12:54:20.536565 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 19 12:54:20.536575 osdx kernel: app-detect: search in dict _remote_, prio 2 Feb 19 12:54:20.536616 osdx osdx-tcatd[639173]: UDP_Server. Read 27 bytes Feb 19 12:54:20.536624 osdx osdx-tcatd[639173]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.gamblingteldat.com Feb 19 12:54:20.536651 osdx osdx-tcatd[639173]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} Feb 19 12:54:20.536665 osdx osdx-tcatd[639173]: UDP_Server. Read 27 bytes Feb 19 12:54:20.536669 osdx osdx-tcatd[639173]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.gamblingteldat.com Feb 19 12:54:20.536676 osdx osdx-tcatd[639173]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.gamblingteldat.com"],"xml": 0} Feb 19 12:54:20.552368 osdx osdx-tcatd[639173]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} Feb 19 12:54:20.552392 osdx osdx-tcatd[639173]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.gamblingteldat.com TTL 172800 AppID:8200000F Feb 19 12:54:20.552470 osdx osdx-tcatd[639173]: UDP_Server. Sent 38 bytes Feb 19 12:54:20.554788 osdx osdx-tcatd[639173]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.gamblingteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 25, "lcp": "gamblingteldat.com", "cats": [{"catid": 15, "conf": 93}]}, "getrepinfo": {"reputation": 25, "country": "", "popularity ": 0, "age": 0, "threathistory": 0}}}]} Feb 19 12:54:20.554802 osdx osdx-tcatd[639173]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.gamblingteldat.com TTL 172800 AppID:83000019 Feb 19 12:54:20.554852 osdx osdx-tcatd[639173]: UDP_Server. Sent 38 bytes Feb 19 12:54:20.555645 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Feb 19 12:54:20.555682 osdx kernel: app-detect: linked list of enabled dicts: Feb 19 12:54:20.555700 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Feb 19 12:54:20.555714 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Feb 19 12:54:20.555729 osdx kernel: app-detect: linked list of disabled dicts: Feb 19 12:54:20.555743 osdx kernel: app-detect: (empty, no dicts) Feb 19 12:54:20.555753 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds Feb 19 12:54:20.555762 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Feb 19 12:54:20.555770 osdx kernel: app-detect: linked list of enabled dicts: Feb 19 12:54:20.555779 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Feb 19 12:54:20.555789 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Feb 19 12:54:20.555797 osdx kernel: app-detect: linked list of disabled dicts: Feb 19 12:54:20.555804 osdx kernel: app-detect: (empty, no dicts) Feb 19 12:54:20.555818 osdx kernel: app-detect: set fqdn hash 95d7d9863609db9ccc870c2d2b6f3048a307595f4ee206f3a041baa9f588fc85, hash table index=0038359 (0x095d7) (16 bits), ttl 172800 seconds Feb 19 12:54:20.640273 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:39198/10.215.168.66:53 Feb 19 12:54:20.647618 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:39198/10.215.168.66:53 Feb 19 12:54:20.647693 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com Feb 19 12:54:20.647742 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com Feb 19 12:54:20.647752 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 19 12:54:20.647764 osdx kernel: app-detect: search in dict _remote_, prio 2 Feb 19 12:54:20.647721 osdx osdx-tcatd[639173]: UDP_Server. Read 28 bytes Feb 19 12:54:20.647727 osdx osdx-tcatd[639173]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 1 FQDN www.newspaperteldat.com Feb 19 12:54:20.647750 osdx osdx-tcatd[639173]: Dict_client. Send query (dict 1): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} Feb 19 12:54:20.647762 osdx osdx-tcatd[639173]: UDP_Server. Read 28 bytes Feb 19 12:54:20.647765 osdx osdx-tcatd[639173]: UDP_Server. Kernel_Message parse. Read message addressed to dictionary 2 FQDN www.newspaperteldat.com Feb 19 12:54:20.647772 osdx osdx-tcatd[639173]: Dict_client. Send query (dict 2): {"requestid": "besafepro_request_id","oemid": "Teldat","deviceid": "develop","uid": "","queries": ["getinfo", "getrepinfo"],"fqdns": ["www.newspaperteldat.com"],"xml": 0} Feb 19 12:54:20.649297 osdx osdx-tcatd[639173]: Dict_client. Received answer (dict 2): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularit y": 0, "age": 0, "threathistory": 0}}}]} Feb 19 12:54:20.649312 osdx osdx-tcatd[639173]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 2 FQDN www.newspaperteldat.com TTL 172800 AppID:8300005C Feb 19 12:54:20.649800 osdx osdx-tcatd[639173]: UDP_Server. Sent 39 bytes Feb 19 12:54:20.651753 osdx kernel: app-detect: set target dict _remote_ priority 2 type remote (existing,enabled) Feb 19 12:54:20.651793 osdx kernel: app-detect: linked list of enabled dicts: Feb 19 12:54:20.651806 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote Feb 19 12:54:20.651843 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote (target_dict) Feb 19 12:54:20.651856 osdx kernel: app-detect: linked list of disabled dicts: Feb 19 12:54:20.651868 osdx kernel: app-detect: (empty, no dicts) Feb 19 12:54:20.651878 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds Feb 19 12:54:20.683736 osdx osdx-tcatd[639173]: Dict_client. Received answer (dict 1): {"status": 200, "requestid": "besafepro_request_id", "type": "fqdns", "TTL": 172800, "results": [{"fqdns": "www.newspaperteldat.com", "queries": {"getinfo": {"a1cat": 0, "reputation": 92, "lcp": "newspaperteldat.com", "cats": [{"catid": 4, "conf": 93}]}, "getrepinfo": {"reputation": 92, "country": "", "popularit y": 0, "age": 0, "threathistory": 0}}}]} Feb 19 12:54:20.683752 osdx osdx-tcatd[639173]: UDP_Server. Kernel_Message format. Write message addressed to dictionary 1 FQDN www.newspaperteldat.com TTL 172800 AppID:82000004 Feb 19 12:54:20.687754 osdx kernel: app-detect: set target dict _remote_ priority 1 type remote (existing,enabled) Feb 19 12:54:20.687790 osdx kernel: app-detect: linked list of enabled dicts: Feb 19 12:54:20.687802 osdx kernel: app-detect: (0) dictionary _remote_, priority 1 type remote (target_dict) Feb 19 12:54:20.687861 osdx kernel: app-detect: (1) dictionary _remote_, priority 2 type remote Feb 19 12:54:20.687875 osdx kernel: app-detect: linked list of disabled dicts: Feb 19 12:54:20.687886 osdx kernel: app-detect: (empty, no dicts) Feb 19 12:54:20.687897 osdx kernel: app-detect: set fqdn hash f32edeb00a440e970fb18ad576d01b83fe00cd767533ed3c53233a2aaaa9dce8, hash table index=0062254 (0x0f32e) (16 bits), ttl 172800 seconds Feb 19 12:54:20.687853 osdx osdx-tcatd[639173]: UDP_Server. Sent 39 bytes Feb 19 12:54:20.763364 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system conntrack show'. Feb 19 12:54:21.858505 osdx kernel: app-detect: field dns-host detected: enterprise.opentok.com. Org(src/dst) 192.168.2.101:41513/10.215.168.66:53 Feb 19 12:54:21.859221 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:41513/10.215.168.66:53 Feb 19 12:54:21.859255 osdx kernel: app-detect: dictionary search for enterprise.opentok.com Feb 19 12:54:21.859339 osdx kernel: app-detect: search in CNAMEs db for enterprise.opentok.com Feb 19 12:54:21.859352 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 19 12:54:21.859392 osdx kernel: app-detect: appid 82000007 found in hash dictionary Feb 19 12:54:21.859423 osdx kernel: app-detect: add address 10.215.168.1, appids 82000007 to cache Feb 19 12:54:21.984623 osdx kernel: app-detect: field dns-host detected: www.gamblingteldat.com. Org(src/dst) 192.168.2.101:33295/10.215.168.66:53 Feb 19 12:54:21.984940 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:33295/10.215.168.66:53 Feb 19 12:54:21.984961 osdx kernel: app-detect: dictionary search for www.gamblingteldat.com Feb 19 12:54:21.984974 osdx kernel: app-detect: search in CNAMEs db for www.gamblingteldat.com Feb 19 12:54:21.985006 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 19 12:54:21.985031 osdx kernel: app-detect: appid 8200000f found in hash dictionary Feb 19 12:54:21.985042 osdx kernel: app-detect: add address 192.168.2.10, appids 8200000f to cache Feb 19 12:54:22.147648 osdx kernel: app-detect: field dns-host detected: www.newspaperteldat.com. Org(src/dst) 192.168.2.101:43655/10.215.168.66:53 Feb 19 12:54:22.148167 osdx kernel: app-detect: dns detected, continuing detection for further analysis. Org(src/dst) 192.168.2.101:43655/10.215.168.66:53 Feb 19 12:54:22.148201 osdx kernel: app-detect: dictionary search for www.newspaperteldat.com Feb 19 12:54:22.148215 osdx kernel: app-detect: search in CNAMEs db for www.newspaperteldat.com Feb 19 12:54:22.148228 osdx kernel: app-detect: search in dict _remote_, prio 1 Feb 19 12:54:22.148240 osdx kernel: app-detect: appid 82000004 found in hash dictionary Feb 19 12:54:22.148252 osdx kernel: app-detect: add address 192.168.2.20, appids 82000004 to cache Feb 19 12:54:22.305668 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system conntrack show'.
Step 32: Run command system conntrack app-detect show ip-cache at DUT0 and expect this output:
Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s868ms 192.168.2.10 U130:15 27s996ms 192.168.2.20 U130:4 28s160ms
Step 33: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*U130:7Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s780ms 192.168.2.10 U130:15 27s908ms 192.168.2.20 U130:4 28s72ms
Step 34: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.10\s*.*U130:15Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s592ms 192.168.2.10 U130:15 27s720ms 192.168.2.20 U130:4 27s884ms
Step 35: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.20\s*.*U130:4Show output
---------------------------------------- IP Application ID Expires in ---------------------------------------- 10.215.168.1 U130:7 27s488ms 192.168.2.10 U130:15 27s616ms 192.168.2.20 U130:4 27s780ms
Step 36: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set system conntrack app-detect app-id-storage chained set system conntrack app-detect debug set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18pB63wyb8Wr38OgFPJ3Bu8oq97j+mzsuE= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX18N0IaREKlEW7Awt/izfv9WNx97Q47qUedTih2MdNPudSevfJJ+Kds+ set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+YD3WpcqUgSVI0fg6LxTdGhzK94Lp+ECw= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18atw7KEzqWP2QSOsXGqDmn3JYU6u2VI8WqcOdRagLVTsVAOWdiVHnm set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dns set system conntrack app-detect dns-host set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 mark 5555 set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 37: Run command system conntrack clear at DUT0.
Step 38: Run command system conntrack clear at DUT0.
Step 39: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5428 0 --:--:-- --:--:-- --:--:-- 6166 admin@osdx$
Step 40: Run command system conntrack clear at DUT1.
Step 41: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 5718 0 --:--:-- --:--:-- --:--:-- 6166
Step 42: Run command system conntrack clear at DUT1.
Step 43: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6132 0 --:--:-- --:--:-- --:--:-- 7400
Step 44: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
appdetect\[(U130:7;U131:88|U131:88;U130:7);L3:6;L4:80\shttp-host:enterprise.opentok.com\]Show output
tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=33898 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=33898 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=56514 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=56514 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=33892 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=33892 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=3 appdetect[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=33878 dport=80 packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=33878 packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] udp 17 29 src=192.168.2.101 dst=10.215.168.66 sport=35059 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=35059 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=59537 dport=53 packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=59537 packets=1 bytes=68 mark=0 use=1 appdetect[L3:17;L4:53] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 45: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 46: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 47: Run command nslookup www.gamblingteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.gamblingteldat.com Address: 192.168.2.10 ** server can't find www.gamblingteldat.com: REFUSED
Step 48: Run command nslookup www.newspaperteldat.com dns-server 10.215.168.66 at DUT1 and expect this output:
Show output
Server: 10.215.168.66 Address: 10.215.168.66#53 Name: www.newspaperteldat.com Address: 192.168.2.20 ** server can't find www.newspaperteldat.com: REFUSED
Step 49: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
10.215.168.1\s*.*(U130:7;U131:88|U131:88;U130:7)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m52s924ms 192.168.2.10 U130:15;U131:25 28s788ms 192.168.2.20 U130:4;U131:92 28s912ms
Step 50: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.10\s*.*(U130:15;U131:25|U131:25;U130:15)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m52s860ms 192.168.2.10 U130:15;U131:25 28s724ms 192.168.2.20 U130:4;U131:92 28s848ms
Step 51: Run command system conntrack app-detect show ip-cache at DUT0 and check if output matches the following regular expressions:
192.168.2.20\s*.*(U130:4;U131:92|U131:92;U130:4)Show output
----------------------------------------- IP Application ID Expires in ----------------------------------------- 10.215.168.1 U130:7;U131:88 4m52s760ms 192.168.2.10 U130:15;U131:25 28s624ms 192.168.2.20 U130:4;U131:92 28s748ms
Step 52: Modify the following configuration lines in DUT0 :
set system alarm DICTERROR1 set system alarm DICTERROR2 set system conntrack app-detect dictionary 1 remote alarm connection-error DICTERROR1 set system conntrack app-detect dictionary 2 remote alarm connection-error DICTERROR2
Step 53: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
DICTERROR1\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 54: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
DICTERROR2\s+falseShow output
-------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) -------------------------------------------------------------------- DICTERROR1 false 0 0.00 DICTERROR2 false 0 0.00
Step 55: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18pB63wyb8WrycJ6YIPBx8fgo6dYtMq5Y4= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+YD3WpcqUgSYwsEYBYWUW3uPrWurZHqRY=
Step 56: Run command system conntrack clear at DUT0.
Step 57: Run command system conntrack clear at DUT1.
Step 58: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 3 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 59: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+trueShow output
--------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) --------------------------------------------------------------------------------------------- DICTERROR1 true 2026-02-19 12:54:38.917773+00:00 1 68.03 DICTERROR2 true 2026-02-19 12:54:38.917943+00:00 1 68.06
Step 60: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18pB63wyb8Wr38OgFPJ3Bu8oq97j+mzsuE= set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+YD3WpcqUgSVI0fg6LxTdGhzK94Lp+ECw=
Step 61: Run command system conntrack clear at DUT0.
Step 62: Run command system conntrack clear at DUT1.
Step 63: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 3 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 64: Run command system alarm show at DUT0 and check if output matches the following regular expressions:
(DICTERROR1|DICTERROR2)\s+falseShow output
----------------------------------------------------------------------------------------------------------------- Alarm Status Toggled Prev-toggled Toggle-count Time up (%) ----------------------------------------------------------------------------------------------------------------- DICTERROR1 false 2026-02-19 12:54:45.357547+00:00 2026-02-19 12:54:38.917773+00:00 2 46.86 DICTERROR2 false 2026-02-19 12:54:45.357339+00:00 2026-02-19 12:54:38.917943+00:00 2 46.87
Remote Application Dictionary run in a VRF
Description
DUT0 configures HTTP detection with a remote application dictionary running in a separate VRF. DUT1 acts as a client behind DUT0. The test verifies that remote dictionary protocol traffic uses the VRF and HTTP connections are classified.
Phase 1: Using the local-vrf option to specify the VRF for the remote dictionary protocol.
Phase 2: Using the local-interface option with an interface assigned to the VRF.
Phase 3: Using the local-address option to source from an address on an interface in the VRF.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.2.100/24 set interfaces ethernet eth0 vrf MYVRF set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic nat source rule 1 address masquerade set interfaces ethernet eth1 traffic policy out POL set interfaces ethernet eth1 vrf MYVRF set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18yXe/ckpZZhUJ5MDNQWgPzeplBFUtcpK8= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+13YDirUgwrjXlC0UdOf19tg9NAnqycV1s/njfThwEg+QtBLecz3y5 set system conntrack app-detect dictionary 1 remote local-vrf MYVRF set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 1 remote vrf-mark MYVRF set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19k5ddYZdCG96bQtRoeX5YvOn+HzlCWGWg= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/TkZIzE28Llg0up7JNvb2RPrgyP1xzil0EpCasLW6yJHWnrwbek2v4 set system conntrack app-detect dictionary 2 remote local-vrf MYVRF set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote vrf-mark MYVRF set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http set system conntrack app-detect http-host set system conntrack app-detect refresh-flow-appid set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf MYVRF set traffic policy POL rule 1 action accept set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 selector RESOLVING set traffic selector RDICT rule 1 vrf-mark MYVRF set traffic selector RESOLVING rule 1 app-detect state detecting set traffic selector RESOLVING rule 1 app-detect state host-detected
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.2.101/24 set protocols static route 0.0.0.0/0 next-hop 192.168.2.100 set service dns forwarding name-server 10.215.168.66 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.215.168.66/24 set service dns forwarding local-ttl 30 set service dns forwarding name-server 127.0.0.1 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set service dns static host-name static.opentok.com inet 192.168.2.100 set service dns static host-name www.gamblingteldat.com inet 192.168.2.10 set service dns static host-name www.newspaperteldat.com inet 192.168.2.20 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.215.168.1 from DUT1:
admin@DUT1$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=63 time=0.394 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.394/0.394/0.394/0.000 ms
Step 5: Run command system conntrack clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 7: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=57590 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57590 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=52952 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=52952 vrf=MYVRF packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=48089 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=48089 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=39337 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=39337 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=52950 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=52950 vrf=MYVRF packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 59 FIN_WAIT src=192.168.2.101 dst=10.215.168.1 sport=44494 dport=80 vrf=MYVRF packets=8 bytes=1789 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=44494 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 6 flow entries have been shown.
Step 8: Run command traffic selector RDICT show at DUT0 and check if output matches the following regular expressions:
1\s+[1-9]\d*\s+\d+Show output
Selector RDICT (Policy POL -- ifc eth1 -- hook out prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 22 40 3318 5979 ----------------------------------------------------- Total 22 40 3318 5979
Step 9: Run command system conntrack clear at DUT1.
Step 10: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 7069 0 --:--:-- --:--:-- --:--:-- 7400 admin@osdx$
Step 11: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=57590 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=57590 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=37942 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=37942 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=52952 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=52952 vrf=MYVRF packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=48089 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=48089 vrf=MYVRF packets=1 bytes=84 mark=0 use=1 appdetect[L4:53] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=40182 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=40182 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=39337 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=39337 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=52950 dport=443 vrf=MYVRF packets=11 bytes=1659 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=52950 vrf=MYVRF packets=10 bytes=3462 [ASSURED] mark=0 use=1 appdetect[L4:443] tcp 6 28 LAST_ACK src=192.168.2.101 dst=10.215.168.1 sport=44494 dport=80 vrf=MYVRF packets=9 bytes=2114 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=44494 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] conntrack v1.4.7 (conntrack-tools): 8 flow entries have been shown.
Step 12: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-vrf delete system conntrack app-detect dictionary 2 remote local-vrf set system conntrack app-detect dictionary 1 remote local-interface eth1 set system conntrack app-detect dictionary 2 remote local-interface eth1
Step 13: Run command system conntrack clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 15: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
tcp 6 59 FIN_WAIT src=192.168.2.101 dst=10.215.168.1 sport=37958 dport=80 vrf=MYVRF packets=9 bytes=1841 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=37958 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=35412 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=35412 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=39337 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=39337 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=55335 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55335 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 298 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=35428 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=35428 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 5 flow entries have been shown.
Step 16: Run command system conntrack clear at DUT1.
Step 17: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 6745 0 --:--:-- --:--:-- --:--:-- 7400 admin@osdx$
Step 18: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
tcp 6 29 LAST_ACK src=192.168.2.101 dst=10.215.168.1 sport=37958 dport=80 vrf=MYVRF packets=11 bytes=2218 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=37958 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=37972 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=37972 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=35412 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=35412 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 27 src=192.168.2.101 dst=10.215.168.66 sport=52667 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=52667 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=39337 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=39337 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=55335 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=55335 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 295 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=35428 dport=443 vrf=MYVRF packets=4 bytes=532 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=35428 vrf=MYVRF packets=3 bytes=675 [ASSURED] mark=0 use=1 appdetect[L4:443] conntrack v1.4.7 (conntrack-tools): 7 flow entries have been shown.
Step 19: Modify the following configuration lines in DUT0 :
delete system conntrack app-detect dictionary 1 remote local-interface delete system conntrack app-detect dictionary 2 remote local-interface set system conntrack app-detect dictionary 1 remote local-address 10.215.168.64 set system conntrack app-detect dictionary 2 remote local-address 10.215.168.64
Step 20: Run command system conntrack clear at DUT0.
Step 21: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0^C Operation aborted by user. admin@osdx$
Step 22: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
tcp.*dst=10.215.168.1.*dport=443.*vrf=MYVRF.*vrf=MYVRFShow output
udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=42879 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=42879 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 59 FIN_WAIT src=192.168.2.101 dst=10.215.168.1 sport=37978 dport=80 vrf=MYVRF packets=8 bytes=1789 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=37978 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3598 ESTABLISHED src=10.215.168.1 dst=10.215.168.64 sport=443 dport=35432 vrf=MYVRF packets=9 bytes=2088 src=10.215.168.64 dst=10.215.168.1 sport=35432 dport=443 vrf=MYVRF packets=10 bytes=1142 [ASSURED] mark=0 use=1 appdetect[L4:35432] tcp 6 3598 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=35444 dport=443 vrf=MYVRF packets=14 bytes=1875 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=35444 vrf=MYVRF packets=12 bytes=3700 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=127.0.0.1 dst=127.0.0.1 sport=39337 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=39337 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] conntrack v1.4.7 (conntrack-tools): 5 flow entries have been shown.
Step 23: Run command system conntrack clear at DUT1.
Step 24: Run command file copy http://enterprise.opentok.com/~robot/test_file running://user-data/ force at DUT1, press Ctrl+C after 2 seconds and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 37 100 37 0 0 8507 0 --:--:-- --:--:-- --:--:-- 9250 admin@osdx$
Step 25: Run command system conntrack show at DUT0 and check if output matches the following regular expressions:
vrf=MYVRF.*vrf=MYVRF.*appdetect\[U130:7\shttp-host:enterprise.opentok.com\]Show output
udp 17 25 src=192.168.2.101 dst=10.215.168.66 sport=42879 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=42879 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] tcp 6 src=192.168.2.101 dst=10.215.168.1 sport=39842 dport=80 vrf=MYVRF packets=6 bytes=593 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=39842 vrf=MYVRF packets=4 bytes=504 [ASSURED] [OFFLOAD, packets=1 bytes=52 packets=2 bytes=392] mark=0 use=2 appdetect[U130:7 http-host:enterprise.opentok.com] tcp 6 29 LAST_ACK src=192.168.2.101 dst=10.215.168.1 sport=37978 dport=80 vrf=MYVRF packets=9 bytes=2114 src=10.215.168.1 dst=10.215.168.64 sport=80 dport=37978 vrf=MYVRF packets=1 bytes=60 [ASSURED] mark=0 use=1 appdetect[L4:80 http-host:enterprise.opentok.com] tcp 6 3595 ESTABLISHED src=10.215.168.1 dst=10.215.168.64 sport=443 dport=35432 vrf=MYVRF packets=9 bytes=2088 src=10.215.168.64 dst=10.215.168.1 sport=35432 dport=443 vrf=MYVRF packets=10 bytes=1142 [ASSURED] mark=0 use=1 appdetect[L4:35432] tcp 6 3595 ESTABLISHED src=10.215.168.64 dst=10.215.168.1 sport=35444 dport=443 vrf=MYVRF packets=14 bytes=1875 src=10.215.168.1 dst=10.215.168.64 sport=443 dport=35444 vrf=MYVRF packets=12 bytes=3700 [ASSURED] mark=0 use=1 appdetect[L4:443] udp 17 28 src=192.168.2.101 dst=10.215.168.66 sport=33308 dport=53 vrf=MYVRF packets=1 bytes=68 src=10.215.168.66 dst=10.215.168.64 sport=53 dport=33308 vrf=MYVRF packets=1 bytes=68 mark=0 use=1 appdetect[L4:53] udp 17 25 src=127.0.0.1 dst=127.0.0.1 sport=39337 dport=49000 packets=2 bytes=110 src=127.0.0.1 dst=127.0.0.1 sport=49000 dport=39337 packets=2 bytes=132 mark=0 use=1 appdetect[L4:49000] conntrack v1.4.7 (conntrack-tools): 7 flow entries have been shown.