Flex ParsersFlex Parsers

There are two kinds of Flex parsers:

• Service identification based solely on port. These are parsers that use only the source or destination ports to identify the session application type (service). These are the most basic and easiest to define.
• Service identification based on a found token(s). These parsers use tokens to identify the service type. This is also an easy way to expand which service types are identified. These are important when identifying non‐internet standard applications. These parsers require that the protocol has a definable token that can uniquely identify the service type.

Five common parser operations are:

• Match Port and Identify Immediately
• Match Port and Delay Identification
• Match Token and Identify Immediately
• Match Multiple Tokens
• Match Token and Create Metadata

Detailed language information and samples are provided in this topic. This topic describes the XML schema used to define a FlexParse file. The SML node, attribute, and values referenced in descriptive text are bold. The root node of every file must be the parsers node. Under that node there can be any number of parser nodes. Each parser node defines a single parser. A parser node can have an optional declaration node and any number of match nodes.

Topics

• Arithmetic Functions
• Common Parser Operations
• General Functions
• Logging Functions
• Nodes
• Payload Functions
• Regex
• String Functions