How to view layer 7 application running on Network

The best you can do is guess by ports in use or Deep Packet Inspection as noted by @eduperez.

Actually yes - full stop. A DPI device knowing a lot of patterns could see/copy/download all unencrypted traffic and it's contents/payload (i.e. normal DNS requests, HTTP, SMTP, etc. This is already resource intensive. It may even be able tell you what encrypted application is in use (i.e. VPN).

If it's encrypted or unknown, then it's unknown, I assume you'd want to simply block it.†


†- So unless you're "State Actor" and know of a more advanced method, that's it. Most other technologies require a man-in-the-middle device and a [recognized public certificate] company that will issue you a certificate for a wildcard in The DNS Root Zone - depicted as:

*.

The dot not being used in our normal use, for example:

www.example.com. :point_left:

observe the dot - the dot following the m is the root zone, having no name. The root zone is owned by ICANN and operated by the DNS Root Server System Advisory Committee.
(That is a valid cert - but in most countries, it would likely be a crime to issue it - or open such company to serious legal liability.)
(An example of an organization recording public serial numbers to observe differences is linked below.)
Therefore, I believe there is a plugin to mitigate such an attack while web browsing - by checking the SSL Observatory for a serial number match.

:warning: If you don't have explicit permission of users, please be advised that doing any of this can be illegal in some circumstances - in some nations. Lastly, if the certificate is not based on PKI, it cannot be decrypted anyways.


See:

2 Likes