"OTHER" Protocol

Does anybody know the definition of packets being categorized as “OTHER”? We are seeing a lot of “white noise” in the environment with “OTHER”.

Hi @josche. Where is “OTHER” showing up? L7 Protocols page? Database Methods page? Elsewhere?

Hi @lipsum. Yes it’s in the L7 Protocol page.

Are you able to look at the L7 Details page, find “OTHER” in the list, and then click in to see what systems are associated with this traffic?

Does that help you narrow down what is going on?

The problem is, we believe we know the APP that is generating “OTHER”. However it’s sending traffic between all nodes, so for now we want to ignore “OTHER” traffic. What I’m trying to understand is what else would we be excluding by ignoring “OTHER”.

Thanks,

Josche

I observe the same here. I see DCHP, but I do not understand why I see UDP-67 also (which is supposed to be DHCP?) . All the outbound traffic are “OTHER” which means I am missing almost all of DHCP_RESPONSE traffic. Any suggestions? This appears to be a bug.

Josche,

L7 traffic labeled “OTHER” is commonly non-TCP and non-UDP traffic such as ICMP, ICMPv6, IGMP and so forth.

If you are inclined toward triggers, the following trigger can help you verify that’s what’s happening. You’d assign it to the FLOW_CLASSIFY event for interesting devices and then inspect the trigger runtime log to see what you caught.

if(Flow.l7proto == "OTHER") {
     log (Flow.ipproto);
}

It’s very likely you’ll find things like ICMP.

1 Like

I’m also experiencing “OTHER” entries on many devices. I created the trigger above and assigned several devices that are showing “OTHER” in the L7 protocol list, but I’m not seeing anything in the trigger runtime log. I’d really like to verify what “OTHER” means. Any other ideas (no pun intended!) :slight_smile: ?