Caligare Flow Inspector contains a special application detection module (ADM). The ADM detects dynamically assigned ports.
You can define your own application via the applications
settings menu. One of your applications may contain more
application rules (see picture bellow). The ADM uses
system file /etc/services
to detect non-specified
applications, but in this file you may specify only a single
UDP or TCP port with the application name. The ADM module is
very time-consuming, so be careful when you define more rules.
The ADM module can store a detected application into the field "app". In the raw data you can see "app" field values in these intervals:
Each rule contains priority, protocol (UDP or TCP). Other fields contain the destination port range, source port range, destination IP address range and source IP address range. You can fill up only some of these fields, the others are remain unfilled or have a zero value (it mean match any). In the example above, there are two rules, one is for the UDP and the other one is for the TCP along with a destination port (which has a range from 411 to 413), all other fields are zero. (it mean match any). The application used for example above is direct connect.