2025-09-14 21:52:36 +00:00
# 【XJ-NPM现场】APP sketch中Unknown Application情况
| ID | Creation Date | Assignee | Status |
|----|----------------|----------|--------|
| OMPUB-472 | 2022-04-20T12:02:19.000+0800 | 贾依蒙 | 已关闭 |
---
新疆IDC环境中, , :
{code:java}
description:
Unknown is a virtual protocol created for DPI that represents flows that are not recognized by the system. Most of the time, its presence is due to the existence of a business application whose specifications are not made available to the public. Such flows can be defined in the system by means of a User Defined Application
{code}
!image-2022-04-20-11-49-03-101.png|width=579,height=247!
查看APP详情页发现, , ,
**lizhao** commented on *2022-04-21T16:32:10.967+0800* :
该问题已移至ompub,
---
**jiayimeng** commented on *2022-04-29T12:56:37.231+0800* :
1、通过CN界面中unknown --> 流量 中相关域名排名 TOP10的域名是kwimgs.com, , , , , , , , , ,
2、识别为unknown的 TOP10 域名中, , , , , , , , , , , , , ,
识别为douyin APP的 TOP10域名 douyinvod.com, , , , , , , , ,
识别为unknown APP的 TOP10域名 kwimgs.com, , , , , , , , ,
其中 kwimgs.com和douyincdn.com同时出现在douyin和unknown 中,
---
**jiayimeng** commented on *2022-04-29T17:33:35.323+0800* :
初步将unknown中TOP100的域名根据备案公司名称 配置到新的自定义APP中, , ,
---
**jiayimeng** commented on *2022-04-29T19:29:06.415+0800* :
使用联通手机号拨测douyin的流量, , ;
4次抓包, , , ,
PCAP与导出的会话日志:
---
**lizhao** commented on *2022-04-29T20:12:53.695+0800* :
# app识别不会完全准确,
# 目前存在一些未识别的APP流量, ,
# 目前只支持增加新APP修正这部分流量, ,
---
**fengweihao** commented on *2022-05-05T14:46:37.249+0800* :
||抓包次数||数据包||数据包中会话数||APP识别连接数||APP识别结果||
|第一次|[第一次抓包.pcap|https://files.geedge.net/d/084c3b79b96648b6b889/files/?p=%2F%E7%AC%AC%E4%B8%80%E6%AC%A1%2F%E7%AC%AC%E4%B8%80%E6%AC%A1%E6%8A%93%E5%8C%85.pcap]|1|1|douyin|
|第二次|[cucc-idc-2.pcap|https://files.geedge.net/d/084c3b79b96648b6b889/files/?p=%2F%E7%AC%AC%E4%BA%8C%E6%AC%A1%2Fcucc-idc-2.pcap]|19|19|douyin|
|第三次|[第三次抓包.pcap|https://files.geedge.net/d/084c3b79b96648b6b889/files/?p=%2F%E7%AC%AC%E4%B8%89%E6%AC%A1%2F%E7%AC%AC%E4%B8%89%E6%AC%A1%E6%8A%93%E5%8C%85.pcap]|25|24|douyin|
|第四次|[第四次抓包.pcap|https://files.geedge.net/d/084c3b79b96648b6b889/files/?p=%2F%E7%AC%AC%E5%9B%9B%E6%AC%A1%2F%E7%AC%AC%E5%9B%9B%E6%AC%A1%E6%8A%93%E5%8C%85.pcap]|30|30|douyin|
结论:
以上数据包,第三方识别引擎能正常识别,不存在误识别现象
---
**yangwei** commented on *2022-05-05T15:49:41.555+0800* :
[~jiayimeng] 看前述描述,我理解现在存在的问题如下:
背景:
现象:
# 观察整体App识别结果, ,
# 通过四次拨测, , , , ,
可能的问题:
: , , , ,
: , ,
后续操作:
: , ,
: ( ) , , ,
---
**fengweihao** commented on *2022-05-05T18:04:17.653+0800* :
现象一:
目前从现场提供的日志, :
# 在抖音直播过程中产生的HTTP请求,
# ipv6地址的抖音,
# HTTP请求,
需要和第三方沟通后,进一步定位
---
**jiayimeng** commented on *2022-05-05T18:34:31.406+0800* :
现象2:
今日拨测5次, , , , :
待明日继续拨测
---
**lizhao** commented on *2022-05-06T14:17:03.027+0800* :
后续操作建议:
# TSG增加功能,
# XJ现场, , ,
---
**jiayimeng** commented on *2022-05-06T17:40:02.855+0800* :
XJ现场, , , , , , ; , , , , ,
---
**jiayimeng** commented on *2022-05-18T10:47:07.189+0800* :
XJ现场, ,
---
2025-09-14 22:26:17 +00:00
# Attachments
2025-09-14 21:52:36 +00:00
2025-09-14 22:26:17 +00:00
Attachment: image-2022-04-20-11-49-03-101.png
2025-09-14 22:27:11 +00:00
2025-09-14 22:26:17 +00:00
2025-09-14 21:52:36 +00:00
2025-09-14 22:26:17 +00:00
Attachment: image-2022-04-20-12-01-34-024.png
2025-09-14 22:27:11 +00:00
2025-09-14 22:26:17 +00:00
2025-09-14 21:52:36 +00:00
2025-09-14 22:26:17 +00:00
Attachment: image-20220429122249102.png
2025-09-14 22:27:11 +00:00
2025-09-14 22:26:17 +00:00
2025-09-14 21:52:36 +00:00
2025-09-14 22:26:17 +00:00
Attachment: image-2022-04-29-12-55-35-415.png
2025-09-14 22:27:11 +00:00
2025-09-14 22:26:17 +00:00
2025-09-14 21:52:36 +00:00
2025-09-14 22:26:17 +00:00
Attachment: image-2022-05-05-14-41-06-885.png
2025-09-14 22:27:11 +00:00
2025-09-14 22:26:17 +00:00
Attachment: image-2022-05-05-14-43-20-912.png
2025-09-14 22:27:11 +00:00
2025-09-14 22:26:17 +00:00
Attachment: image-2022-05-05-14-44-43-675.png
2025-09-14 22:27:11 +00:00
2025-09-14 22:26:17 +00:00
2025-09-14 21:52:36 +00:00
