Juniper Secure Analytics Application Configuration Guide · 13-09-2017 · Malware(fraud) > > > > > > > > > > > > > > > > > > > >

Juniper SecureAnalyticsApplicationConfigurationGuide

Release

7.3.0

Modified: 2017-09-13

Copyright © 2017, Juniper Networks, Inc.

Juniper Networks, Inc.1133 InnovationWaySunnyvale, California 94089USA408-745-2000www.juniper.net

Copyright © 2017 Juniper Networks, Inc. All rights reserved.

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. and/or its affiliates inthe United States and other countries. All other trademarks may be property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.

Juniper Secure Analytics Application Configuration Guide7.3.0Copyright © 2017 Juniper Networks, Inc. All rights reserved.

The information in this document is current as of the date on the title page.

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through theyear 2038. However, the NTP application is known to have some difficulty in the year 2036.

ENDUSER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networkssoftware. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted athttp://www.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of thatEULA.

Copyright © 2017, Juniper Networks, Inc.ii

http://www.juniper.net/support/eula/

Table of Contents

About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii

Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii

Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii

Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x

Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . x

Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x

Chapter 1 Application Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Application Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

What is an Application ID? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

What Tasks Are Required to Map Applications? . . . . . . . . . . . . . . . . . . . . . . . . 13

Defining New Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Defining Application Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Defining Application Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Chapter 2 Default Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Default Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

ICMP Type and Code IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Identifying Default ICMP Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Identifying Default ICMP Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Port IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Protocol IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

iiiCopyright © 2017, Juniper Networks, Inc.

Copyright © 2017, Juniper Networks, Inc.iv

Juniper Secure Analytics Application Configuration Guide

List of Tables

About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii

Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii

Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii

Chapter 1 Application Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Table 3: Application IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Table 4: Application Signatures Default Parameters . . . . . . . . . . . . . . . . . . . . . . . 18

Chapter 2 Default Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Table 5: ICMP Type 3: Destination Unreachable Codes . . . . . . . . . . . . . . . . . . . . . 72

Table 6: ICMP Type 5: Redirect Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Table 7: ICMP Type 11: Time Exceeded Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Table 8: ICMP Type 12: Parameter Problem Codes . . . . . . . . . . . . . . . . . . . . . . . . . 73

vCopyright © 2017, Juniper Networks, Inc.

Copyright © 2017, Juniper Networks, Inc.vi


About the Documentation

• Documentation and Release Notes on page vii

• Documentation Conventions on page vii

• Documentation Feedback on page ix

• Requesting Technical Support on page x

Documentation and Release Notes

To obtain the most current version of all Juniper Networks®technical documentation,

see the product documentation page on the Juniper Networks website at

http://www.juniper.net/techpubs/.

If the information in the latest release notes differs from the information in the

documentation, follow the product Release Notes.

Juniper Networks Books publishes books by Juniper Networks engineers and subject

matter experts. These books go beyond the technical documentation to explore the

nuances of network architecture, deployment, and administration. The current list can

be viewed at http://www.juniper.net/books.

Documentation Conventions

Table 1 on page viii defines notice icons used in this guide.

viiCopyright © 2017, Juniper Networks, Inc.

http://www.juniper.net/techpubs/

http://www.juniper.net/books

Table 1: Notice Icons

DescriptionMeaningIcon

Indicates important features or instructions.Informational note

Indicates a situation that might result in loss of data or hardware damage.Caution

Alerts you to the risk of personal injury or death.Warning

Alerts you to the risk of personal injury from a laser.Laser warning

Indicates helpful information.Tip

Alerts you to a recommended use or implementation.Best practice

Table 2 on page viii defines the text and syntax conventions used in this guide.

Table 2: Text and Syntax Conventions

ExamplesDescriptionConvention

To enter configuration mode, type theconfigure command:

user@host> configure

Represents text that you type.Bold text like this

user@host> show chassis alarms

No alarms currently active

Represents output that appears on theterminal screen.

Fixed-width text like this

• A policy term is a named structurethat defines match conditions andactions.

• Junos OS CLI User Guide

• RFC 1997,BGPCommunities Attribute

• Introduces or emphasizes importantnew terms.

• Identifies guide names.

• Identifies RFC and Internet draft titles.

Italic text like this

Configure themachine’s domain name:

[edit]root@# set system domain-namedomain-name

Represents variables (options for whichyou substitute a value) in commands orconfiguration statements.

Italic text like this

Copyright © 2017, Juniper Networks, Inc.viii


Table 2: Text and Syntax Conventions (continued)

ExamplesDescriptionConvention

• To configure a stub area, include thestub statement at the [edit protocolsospf area area-id] hierarchy level.

• Theconsoleport is labeledCONSOLE.

Represents names of configurationstatements, commands, files, anddirectories; configurationhierarchy levels;or labels on routing platformcomponents.

Text like this

stub <default-metricmetric>;Encloses optional keywords or variables.< > (angle brackets)

broadcast | multicast

(string1 | string2 | string3)

Indicates a choice between themutuallyexclusive keywords or variables on eitherside of the symbol. The set of choices isoften enclosed in parentheses for clarity.

| (pipe symbol)

rsvp { # Required for dynamicMPLS onlyIndicates a comment specified on thesame lineas theconfiguration statementto which it applies.

# (pound sign)

community namemembers [community-ids ]

Encloses a variable for which you cansubstitute one or more values.

[ ] (square brackets)

[edit]routing-options {static {route default {nexthop address;retain;

}}

}

Identifies a level in the configurationhierarchy.

Indention and braces ( { } )

Identifies a leaf statement at aconfiguration hierarchy level.

; (semicolon)

GUI Conventions

• In the Logical Interfaces box, selectAll Interfaces.

• To cancel the configuration, clickCancel.

Representsgraphicaluser interface(GUI)items you click or select.

Bold text like this

In the configuration editor hierarchy,select Protocols>Ospf.

Separates levels in a hierarchy of menuselections.

> (bold right angle bracket)

Documentation Feedback

We encourage you to provide feedback, comments, and suggestions so that we can

improve the documentation. You can provide feedback by using either of the following

methods:

• Online feedback rating system—On any page of the Juniper Networks TechLibrary site

athttp://www.juniper.net/techpubs/index.html, simply click the stars to rate thecontent,

and use the pop-up form to provide us with information about your experience.

Alternately, you can use the online feedback form at

http://www.juniper.net/techpubs/feedback/.

ixCopyright © 2017, Juniper Networks, Inc.


http://www.juniper.net/techpubs/index.html

http://www.juniper.net/techpubs/feedback/

• E-mail—Sendyourcommentsto [email protected]. Includethedocument

or topic name, URL or page number, and software version (if applicable).

Requesting Technical Support

Technical product support is available through the JuniperNetworksTechnicalAssistance

Center (JTAC). If you are a customer with an active J-Care or Partner Support Service

support contract, or are covered under warranty, and need post-sales technical support,

you can access our tools and resources online or open a case with JTAC.

• JTAC policies—For a complete understanding of our JTAC procedures and policies,

review the JTAC User Guide located at

http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.

• Product warranties—For product warranty information, visit

http://www.juniper.net/support/warranty/.

• JTAC hours of operation—The JTAC centers have resources available 24 hours a day,

7 days a week, 365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online

self-service portal called the Customer Support Center (CSC) that provides youwith the

following features:

• Find CSC offerings: http://www.juniper.net/customers/support/

• Search for known bugs: https://prsearch.juniper.net/

• Find product documentation: http://www.juniper.net/documentation/

• Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/

• Download the latest versions of software and review release notes:

http://www.juniper.net/customers/csc/software/

• Search technical bulletins for relevant hardware and software notifications:

http://kb.juniper.net/InfoCenter/

• Join and participate in the Juniper Networks Community Forum:

http://www.juniper.net/company/communities/

• Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/

Toverify serviceentitlementbyproduct serial number, useourSerialNumberEntitlement

(SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/

Opening a Casewith JTAC

You can open a case with JTAC on theWeb or by telephone.

• Use the Case Management tool in the CSC at http://www.juniper.net/cm/.

• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

Copyright © 2017, Juniper Networks, Inc.x


mailto:[email protected]?subject=

http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf

http://www.juniper.net/support/warranty/

http://www.juniper.net/customers/support/

https://prsearch.juniper.net/

http://www.juniper.net/documentation/

http://kb.juniper.net/

http://www.juniper.net/customers/csc/software/

http://kb.juniper.net/InfoCenter/

http://www.juniper.net/company/communities/

http://www.juniper.net/cm/

https://entitlementsearch.juniper.net/entitlementsearch/

http://www.juniper.net/cm/

For international or direct-dial options in countries without toll-free numbers, see

http://www.juniper.net/support/requesting-support.html.

xiCopyright © 2017, Juniper Networks, Inc.


http://www.juniper.net/support/requesting-support.html

Copyright © 2017, Juniper Networks, Inc.xii


CHAPTER 1

Application Mappings

• Application Mappings on page 13

• Defining New Applications on page 14

ApplicationMappings

JSA includes default application IDs. However, you can edit the application mapping file

to ensure that traffic is appropriately classified in JSA.

• What is an Application ID? on page 13

• What Tasks Are Required to Map Applications? on page 13

What is an Application ID?

When JSA detects a flow, it assigns an application ID to the flow. The application ID is

assignedbasedon theprotocol andports that areused for the flow, and the flowcontent.

JSAdefault application IDsareallocatedbasedon theServiceNameandTransportProtocol

Port Number Registry

(http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt).

What Tasks Are Required toMap Applications?

Whenyoucreateor customizeanapplicationmapping, do the following tasks in sequence:

1. Defining New Applications on page 14

The application configuration file contains default applications. To define new

applications, youmust add new applications IDs to the application configuration file.

2. Map traffic to the new applications by using one of the following methods:

• Defining Application Mappings on page 15

Update the application mapping file, which maps applications to application IDs

based on IP address and port number.

• Defining Application Signatures on page 17

Defineapplicationsignatures toapply to flows that thedefault applicationmapping

does not automatically detect. To assign application IDs to flows, this method

requires you to create rules that are based on IP address, port, and content. To

13Copyright © 2017, Juniper Networks, Inc.

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt

define port-only application signatures, configure port mappings in the application

mapping file, not the application signatures file.

RelatedDocumentation

Defining New Applications on page 14•

• Default Applications on page 21

• ICMP Type and Code IDs on page 71

Defining NewApplications

To define new applications, edit the application configuration file.

When you define new applications, the application ID number must not exist in the

apps.conf file. Assign numbers that are in the 15,000 - 20,000 range for custom

applications.

The format of the entry uses the following syntax:

<appname><appid>

The application name<appname> is used in theNetworkActivity andOffenses tabs. You

can specify an application namewith up to five application levels. However, JSA uses

only three levels of the application name. Use a number sign (#) to separate each level

of the application name.

The following example defines the Authentication.Radius-1646 application with an

application ID of 51343:

Authentication#Radius-1646####51343

Five application levels are represented in the application ID. Application levels are

separated by number sign (#). If an application ID contains fewer than five levels, include

the number signs for all five levels.

For example, to add Authentication#Radius-1646####51343as an application ID, insert

the application ID as follows:

Authentication#Radius-1645####51342Authentication#Radius-1646####51343 <- inserted applicationAuthentication#Radius-1812####51344Authentication#Radius-1813####51345

1. Using SSH, log in to JSA as the root user.

2. Open the following file:

/store/configservices/staging/globalconfig/apps.conf

3. Insert new applications and ensure that you insert the new application ID in

alphabetical order.

Copyright © 2017, Juniper Networks, Inc.14


4. Save and exit the file.

5. Log in to JSA as an administrator.

6. Click the Admin tab.

7. On the toolbar, click Deploy Changes.

Choose one of the following options:

• To define application mappings, see “Defining Application Mappings” on page 15.

• To define application signatures, see “Defining Application Signatures” on page 17.

• Defining Application Mappings on page 15

• Defining Application Signatures on page 17

Defining ApplicationMappings

To identify application signatures, create user-defined application mappings that are

based on the IP address and port number.

Youmust add the new application IDs. For more information, see “Defining New

Applications” on page 14.

When you update the application mapping file, follow these guidelines:

• Each line in the file indicatesamappedapplication.Youcanspecifymultiplemappings,

each on a separate line, for the same application.

• Youcan specify awildcard character (*) for any field. Use thewildcard character alone,

and not as part of a comma-separated list. The wildcard character indicates that the

field applies to all flows.

• You can associate a flowwith multiple mappings. A flow is mapped to an application

ID based on themapping order in the file. The first mapping that applies in the file is

assigned to the flow.

• When you add new application ID numbers, youmust create a new and unique

application ID number. The application ID number must not exist in the apps.conf file.

Apply numbers that range 15,000 - 20,000 for custom applications.

• The format of the entry must resemble the following syntax:

<New_ID> <Old_ID> <Source_IP_Address>:<Source_Port> <Dest IP Address>:<Dest_Port> <Name>

<New_ID> specifies the application ID you want to assign to the flow. A value of 1

indicates an unknown application. If the ID youwant to assign does not exist, youmust

create the ID in theapps.conf file. Formore information, see “DefiningNewApplications”

on page 14.


Chapter 1: Application Mappings

<Old_ID> specifies the default application ID of the flow, as assigned by JSA. A value

of * indicates a wildcard character. If multiple application IDs are assigned, the

application IDs are separated by commas.

Table 3: Application IDs

ValuesDescriptionOption

Can contain either a comma-separatedlist of addresses or CIDR values. A valueof * indicatesawildcardcharacter,whichmeans that this field applies to all flows.

Specifies the source IP address of theflow.

Source_IP_Address

Can contain a comma-separated list ofvalues or ranges that are specified in theformat:<lower_port_number>-<upper_port_number>.A value of * indicates a wildcardcharacter, which means that this fieldapplies to all flows.

Specifies the associated port.<Source_Port>

Can contain either a comma-separatedlist of addresses or CIDR values. A valueof * indicatesawildcardcharacter,whichmeans that this field applies to all flows.

Specifies the destination IP address ofthe flow.

<Dest_IP_Address>

Can contain a comma-separated list ofvalues or ranges that are specified in theformat:<lower_port_number>-<upper_port_number>.A value of * indicates a wildcardcharacter, which means that this fieldapplies to all flows.

Specifies theassociateddestinationport.<Dest_Port>

OptionalSpecifiesanamethat youwant toassignto this mapping.

<Name>

The following example of mapping file /user_application_mapping.confmaps all flows

that match the IP addresses and ports for which the JSA flow processor assigned to the

old IDof 1010. It assigns thenew IDof 15000when it originates fromeither of twosubnets

in 10.100.*, and when designated for a specific address and either of two destination

ports:

15000 1010 10.100.100/24,10.100.50.10:* 172.14.33.33:80,443

The following example overrides the assigned name for application ID 1010. It specifies

a new application, ID 15100, based on any traffic that is going to port 33333 or a range of

destination ports for specific addresses or application overrides.

15000 1010 10.100.100/24,10.100.50.10:* 172.14.33.33:80,443 AllowedWebTypeA15000 1010 10.100.30/24:* 172.14.33.20:80 AllowedWebTypeA15100 * *:3333364.35.20/24,64.33/16,64.77.34.12:33333,33350-33400 GameX15100 1,34803,34809 *:33333 *:33333,33350-33400 GameX



The following example shows the assignment of new application names and IDs, based

onmatching three application IDs, one of which is the application identifier (1). These

application IDs match on a basic hit of a specified destination port, for any traffic:

21200 1,34803,34809 *:* *:123 ntp34731 1,34803,34809 *:* *:1241 Nessus2001 1,34803,34809 *:* *:1214 Kazaa

1. Use SSH to log in to JSA as the root user.

2. Access the Network Activity tab.

3. Todetermine thedefault application IDs, hover yourmousepointerover theapplication

field for a flow that is associated with the application you want to update.

4. Choose one of the following options:

• Open the following file:

/store/configservices/staging/globalconfig/user_application_mapping.conf

• If the user_application_mapping.conf does not exist in your system, create the file

and place the empty file in the following directory:

/store/configservices/staging/globalconfig/

5. Update the file, as necessary.


7. Log in to the JSA user interface.


9. Click Deploy Changes.

Defining Application Signatures

Use the application signatures file to create IP address and content-based rules that

assign application IDs to flows that JSA does not automatically detect.

The application signatures file is a definition file that is distributed to all JSA Flow

Processor by the primary JSA console. The file includes source and destination ports,

and ranges.

The application signatures file includes the following characteristics:

• Hex content is delimited with the pipe character (|):

<dstcontent offset="0" depth="4">|45 54|</dstcontent>

<dstcontent offset="0" depth="4">GET</dstcontent>



• A flow can be associated withmultiple signatures. A flow is mapped to an application

ID based on the signature order in the file. The first signature that applies in the file is

assigned to the flow.

• When you edit the signatures.xml file, the data that is inserted between the XML tags

is case-sensitive. For example, when you specify TCP within the XML tags, enter the

value with all capital letters.

• Include the user-defined parameter in your new or updated signature. This parameter

ensures that all modifications are maintained after an automatic update.

The following code is an example of a Signatures.xml file:

<signatures> <signature> <appid>1009</appid> <appname>IMAP</appname> <groupname>Mail</groupname> <colour>#ff0000</colour> <description>IMAP traffic</description> <revision>1</revision> <protocol>TCP</protocol> <srcip>any</srcip> <srcport>any</srcport> <dstip>any</dstip> <dstport>any</dstport> <commondstport>143</commondstport> <srccontent offset="0" depth="128" ignorecase="true">LOGIN</srccontent> <dstcontent offset="0" depth="5">* OK</dstcontent> <weight>30</weight> </signature></signatures>

1. Use SSH to log in to JSA as the root user.

2. To change to the globalconfig directory, type the following command:

cd /store/configservices/staging/globalconfig

3. Open the following file:

signatures.xml

4. Make the necessary changes using the following parameters:

Table 4: Application Signatures Default Parameters

DescriptionParameter

A unique ID for each application that you want to define. Use numbers in the 15,000 -20,000 range for custom applications.

appid

The name of the application. The application name is used in the Network Activity andOffenses tabs.

appname

The group name for the application. Used only with the automatic generation script.groupname



Table 4: Application Signatures Default Parameters (continued)

DescriptionParameter

The long description of the application and any required notes for the particular signature.description

Use for version control.revisi on

If the same signature is required for more than one protocol, define the second signature.protocol

The specific source IP address. Use multiple application identifications whenmore thanone source IP address is required.

srcip

The specific source port for the signature. Use multiple application identifications whenmore than one source port is required.

srcport

The specific destination IP address. Use multiple application identifications whenmoredestination IP addresses are required.

dstip

The specific destination port for the signature to execute. Use multiple applicationidentifications whenmore than one destination port is required.

dstport

The destination port that is most commonly associated with the application.commondstport

The source port that is most commonly associated with the application.commonsrcport

<offset> is the offset in the payload where you want to begin searching for the sourcecontent. If no value is specified, the default is 0.

<depth> is the offset in the payload you want to stop the search.

For example, if you configure the following value, the payload is searched 5-15 bytes:

scrcontent 5 10

scrcontent <offset> <depth>

<offset> is the offset in the payloadwhere youwant to begin searching for the destinationcontent. If no value is specified, the default is 0.

<depth> is the offset in the payload you want to stop the search.

For example, if you configure the following the value, the payload is searched 5-15 bytes:

scrcontent 5 10

dstcontent <offset> <depth>

The weight that you want to assign this application. The weight influences any potentialrules and offenses created based on data using this application. Increasing the value ofthe weight increases the magnitude of the offense when it is created.

weight

Youmust specify to ensure that a new or updated signature is maintained after anautomatic update.

user_defined




6. Log in to JSA.


8. Click Deploy Changes.


• Application Mappings on page 13





CHAPTER 2

Default Applications



• Port IDs on page 73

• Protocol IDs on page 75

Default Applications

JSA includes default application IDs, which you can see in the applications configuration

file /store/configservices/staging/globalconfig/apps.conf. The default application values

apply to all source and destination flows. However, the destination port is specific to the

application.

The following table describes the default Application values for JSA:

DescriptionValueSub-componentsApplication group

LDAP traffic1019LDAPAuthentication

MSG authentication traffic20998MSGAuthenticationAuthentication

NT LANManager SupportProvider (NTLMSSP) traffic

5700NTLMSSPAuthentication

Radius traffic51342RadiusAuthentication



Tacacs traffic21028tacacsAuthentication

Tacacs Database Servicetraffic

21061TACACS-DatabaseServiceAuthentication

CUSeeMe traffic60016CUSeeMeChat

iChat traffic3008iChatChat



ICQ traffic268435456ICQChat



ICQ traffic285212672ICQControlChat

ICQ traffic301989888ICQTalkChat

IRC traffic5669IRCChat




Jabber protocol traffic3004JabberChat



Lotus IM traffic60162Lotus-IMChat

MSN traffic3000MSNChat








MSN folder sharing traffic321650688MSN >MSNFolderShareChat

MSN video traffic321781760MSN >MSNVideoChat

MSN file transfer traffic321650688MSN>MSNFileTransferChat




Windows Messenger Service

Pop-up

60170Windows-POPUPChat

Yahoo traffic1033YahooChat

Citrix IMA traffic60115CitrixIMAClientServer

CVS traffic60150CVSpserverClientServer

CVS traffic60129CVSupClientServer

FIX traffic60057FIXClientServer

FoldingAtHome traffic60121FoldingAtHomeClientServer

RTMS information traffic60102INFOC-RTMSClientServer

INT-1 server traffic60111INT-1ClientServer

MATIP traffic60101MATIPClientServer

Meeting maker traffic60108MeetingMakerClientServer

NetIQ traffic60127NetIQClientServer

PEPGate traffic60104PEPGateClientServer

Unisys TCPA traffic60105Unisys-TCPAClientServer

Ariel content delivery60166Ariel-419ContentDelivery

Ariel content delivery60167Ariel-422ContentDelivery

BackWeb traffic60024BackWebContentDelivery

Chaincast traffic60156ChaincastContentDelivery

EntryPoint traffic60000EntryPointContentDelivery

Kontiki traffic60148KontikiContentDelivery

New stand traffic60146NewsStandContentDelivery

Webshots Desktop traffic60147WebshotsContentDelivery

AFS file system traffic60126AFSDataTransfer


Chapter 2: Default Applications


iTunes traffic60163Apple-iTunesDataTransfer

Background intelligenttransfer service (WindowsUpdates)

60178BITSDataTransfer

CU-dev traffic60070CU-DevDataTransfer

DLS traffic60002DLSDataTransfer

FNA traffic60069FNAonTCPDataTransfer

File Transfer Protocol (FTP)traffic

27720FTPDataTransfer


27719FTPDataTransfer


1002FTPDataTransfer


5787FTPDataTransfer


5788FTPDataTransfer


5789FTPDataTransfer


5820FTPDataTransfer


5833FTPDataTransfer


5821FTPDataTransfer


5845FTPDataTransfer


5844FTPDataTransfer


150994944FTPControlDataTransfer


167772160FTPDataDataTransfer




lockd traffic60068lockdDataTransfer

Microsoft directory servertraffic

60142Microsoft-dsDataTransfer

Misc common data trafficports

21919Misc-Transfer-PortsDataTransfer

Misc common data trafficports

22012Misc-Transfer-PortsDataTransfer

MSMQ traffic34806MSMQDataTransfer

Windows/Netbiosnetworking60013NetBIOS-IPDataTransfer

Network File System (NFS)traffic

51349NFSDataTransfer

Network File System (NFS)traffic

1007NFSDataTransfer

NNTP traffic51335NNTPNewsDataTransfer

NNTP traffic1013NNTPNewsDataTransfer

Norton Ghost traffic60194NortonGhostDataTransfer

Netware traffic60078NW5-CMDDataTransfer

Netware traffic60076NW5-NCPDataTransfer

UDP sharing traffic60106SHARESUDPDataTransfer

Sun ND traffic60173SunNDDataTransfer

TFTP traffic251658240TFTPDataTransfer



UUCP traffic60012UUCPDataTransfer

Windows file sharing1014WindowsFileSharingDataTransfer

Windows file sharing1021WindowsFileSharingDataTransfer

NETBIOS. Windowsnetworking

51340WindowsNetworkPortsDataTransfer








ARC server backup34730ARCserverBackupDataWarehousing

BAAN traffic60082BAANDataWarehousing

dbase traffic35298dbaseDataWarehousing

FileMaker traffic60112FileMakerDataWarehousing

Filenet traffic34800FilenetDataWarehousing

GuptaSQLBase traffic34841GuptaSQLBaseDataWarehousing

JDENet traffic60099JDENetDataWarehousing

Oracle list service51249Misc-DBDataWarehousing

Oracle list service39045Misc-DBDataWarehousing

Database MS SQL Server10002MSSQLServerDataWarehousing

MySQL traffic37291MySQLDataWarehousing

ORA traffic37302ORADataWarehousing

Oracle traffic37751OracleDataWarehousing


Oracle traffic37289oracleDataWarehousing












OracleClient traffic60086OracleClientDataWarehousing

Oracle DB traffic37394OracleDBDataWarehousing

Oracle TNS traffic134217728OracleTNSDataWarehousing

Oracle TNS traffic136511488OracleTNS >MsFormsDataWarehousing

Oracle TNS traffic136314880OracleTNS >MsODBCDataWarehousing

Oracle TNS traffic136380416OracleTNS >MsOLEDataWarehousing

Oracle TNS traffic136445952OracleTNS >MsSQLPlusDataWarehousing

Oracle TNS traffic136577024OracleTNS > PeopleSoftDataWarehousing

Orasrv traffic37299orasrvDataWarehousing

PostgreSQL traffic37292PostgreSQLDataWarehousing

Progress traffic60110ProgressDataWarehousing

SAP R/3 application server40695SAPDataWarehousing

SAPGateway Server traffic40456SAPGatewayServerDataWarehousing

SQL-NET traffic34923SQL-NETDataWarehousing

CRS traffic60060CRSDirectoryServices

Ident traffic60059IdentDirectoryServices

LDAP traffic34801LDAPDirectoryServices

LDAP traffic51341LDAPDirectoryServices

mDNS traffic60183mDNSDirectoryServices

RRP traffic60133RRPDirectoryServices

SSDP traffic60158SSDPDirectoryServices

WINS traffic60088WINSDirectoryServices




IPP traffic60097IPPFilePrint

MQDS traffic60195MDQSFilePrint

Printer traffic60051PrinterFilePrint

tn3287 traffic60062tn3287FilePrint

tn5250p traffic60064tn5250pFilePrint

DCOM traffic51336DCOMFileTransfer

Windows/Netbiosnetworking51337NETBIOSFileTransfer

NetCp traffic35159netcpFileTransfer

National Instruments FileTransfer Protocol traffic

21879NIFTPFileTransfer

Private File Service traffic21910PrivateFileServiceFileTransfer

XFER traffic21984xferFileTransfer

AsheronsCall traffic60122AsheronsCallGames

Battle.net traffic60116BattleNetGames

Doom traffic60039DoomGames

Half-life traffic60119Half-LifeGames

Kali traffic60042KaliGames

LucasArts traffic60157LucasArtsGames

MSN-Zone traffic60123MSN-ZoneGames

Mythic traffic60149MythicGames

Quake traffic60040QuakeGames

SonyOnline traffic60138SonyOnlineGames

Tribes traffic60124TribesGames

Unreal traffic60117UnrealGames

YahooGames traffic60120YahooGamesGames




DICOM traffic60143DICOMHealthcare

HL7 traffic60154HL7Healthcare

Flow traffic o51334Common-PortsInnerSystem

Flow Collector and flowtraffic

1023FlowgenInnerSystem

Update Daemon traffic1024UpdateDaemonInnerSystem

ActiveX traffic60056ActiveXInternetProtocol

IPHeaderCompression traffic34843IPHeaderCompressionInternetProtocol

SOAP-HTTP traffic60179SOAP-HTTPInternetProtocol

AFP traffic60058AFPLegacy

FNA traffic60008FNALegacy

IPX traffic34837IPXLegacy

LAT traffic60030LATLegacy

MOP-DL traffic60130MOP-DLLegacy

MOP-RC traffic60131MOP-RCLegacy

NETBEUI traffic60006NETBEUILegacy

PPP traffic34846PPPLegacy

PPPoE traffic60137PPPoELegacy

SLP traffic60077SLPLegacy

SNA traffic60007SNALegacy

biff traffic60083biffMail

ccmail traffic27668ccmailMail

ESMTP traffic5673ESMTPMail

Groupwise traffic60084GroupwiseMail

IMAP traffic5794IMAPMail








Misc-Mail-Port traffic22079Misc-Mail-PortMail




MSExchange traffic34817MSExchangeMail

MSSQ traffic60048MSSQMail

OSI traffic60071OSIMail

Mail POP3 traffic1008POPMail

Mail POP3 traffic5687POPMail

POP-port traffic22315POP-portMail

POP2 traffic22314pop2Mail

Mail SMTP request5812SMTPMail







SMTP-port traffic22080SMTP-portMail

AltaVista Firewall 97 traffic34054AltaVistaFirewall97Misc




AltaVista Firewall 97 traffic34057AltaVistaFirewall97Misc

Anet traffic34812AnetMisc

AppleOUI traffic34819AppleOUIMisc

Appletalk-IP traffic51326Appletalk-IPMisc







at-nbp traffic34813at-nbpMisc

Authentication traffic21140AuthenticationMisc






BGMP traffic21470bgmpMisc

BootPctraffic21065bootpcMisc

BootPs traffic21064bootpsMisc

CHAOSnet traffic34822CHAOSnetMisc

ctf traffic21116ctfMisc

Daynachip traffic34815DaynachipMisc

daytime traffic20912daytimeMisc




dcp traffic21130dcpMisc

discard traffic20909discardMisc

DNS traffic1017DNSMisc

dnsix traffic21125dnsixMisc

domain traffic21036domainMisc

dsp traffic21003dspMisc

dsp3270 traffic34816dsp3270Misc

echo traffic20908echoMisc

Finger traffic21081fingerMisc

giop traffic39042giopMisc

giop traffic39043giopMisc

Gopher traffic21069gopherMisc

GSM traffic34830GSMMisc

GSS-SPNEGO traffic5861GSS-SPNEGOMisc

hostname traffic21147hostnameMisc

Hosts2-Ns traffic34804Hosts2-NsMisc

Ingres traffic34805IngresMisc

IPIX traffic34826IPIXMisc

IPv4 traffic34844IPv4Misc

IPv6 traffic34845IPv6Misc

JPEG traffic34840JPEGMisc

Kerberos traffic34810KerberosMisc

Kerberos traffic21624KerberosMisc

linuxconf traffic21139linuxconfMisc




LotusNotesTM traffic34732LotusNotesMisc

ManagementServices traffic34564ManagementServicesMisc









Marimba traffic60015MarimbaMisc

metagram traffic21141metagramMisc

mfcobol traffic34209mfcobolMisc

Misc-Ports traffic21070Misc-PortsMisc




















MiscApplication traffic34847MiscApplicationMisc

MiscProtocol traffic34848MiscProtocolMisc

MITML Device traffic34208MITMLDeviceMisc

MITML Device traffic34205MITMLDeviceMisc

mpm traffic21020mpmMisc

MSGICP traffic20996MSGICPMisc

msp traffic20916mspMisc

mtp traffic22177mtpMisc

name traffic21015nameMisc

Nessus traffic34731NessusMisc

netstat traffic20913netstatMisc

npp traffic51324nppMisc

NSP traffic34842NSPMisc

nsrmp traffic34728nsrmpMisc



NTP traffic1016NTPMisc

NTP traffic34811NTPMisc




ntp traffic21200ntpMisc

objcall traffic34557objcallMisc

qmtp traffic22550qmtpMisc

qotd traffic20915qotdMisc

rap traffic21007rapMisc

RMC traffic22158RMCMisc

RPC traffic21167RPCMisc

snagas traffic21160snagasMisc

snmp traffic21299snmpMisc

snmptrap traffic21300snmptrapMisc

Symantec Ghost traffic34729SymantecGhostMisc

Syslog traffic1015SyslogMisc

time traffic21006timeMisc

tlisrv traffic37309tlisrvMisc

ttc traffic39044ttcMisc



Unknown TCP traffic34803Unknown_TCPMisc

Unknown UDP traffic34809Unknown_UDPMisc

UPnP traffic1018UPnPMisc

VMTP traffic34839VMTPMisc

whois traffic21016whoisMisc

whoisplus traffic21056whoisplusMisc

XNS traffic21042XNSMisc




XNS traffic21039XNSMisc

Intellex traffic6000IntellexMultimedia

VideoFrame traffic60091VideoFrameMultimedia

WebEx traffic60139WebExMultimedia

CiscoDiscovery traffic60055CiscoDiscoveryNetworkManagement

Flow records traffic60176FlowRecordsNetworkManagement

ICMP traffic60009ICMPNetworkManagement

IPComp traffic60161IPCompNetworkManagement

NetFlow v5 traffic60175NetFlowV5NetworkManagement

Flow Collectorr traffic51333Flow CollectorNetworkManagement

RSVP traffic60096RSVPNetworkManagement

SMS traffic60087SMSNetworkManagement

TimeServer traffic60125TimeServerNetworkManagement

VIPC traffic34802VIPCNetworkManagement

Aimster traffic60132AimsterP2P

Audiogalaxy traffic60118AudiogalaxyP2P

BitTorrent traffic2006BitTorrentP2P

Blubster traffic2003BlubsterP2P

Common P2P port traffic33955Common-P2P-PortP2P

DirectConnect traffic5864DirectConnectP2P








EarthStationV traffic60182EarthStationVP2P

FileRogue traffic60145FileRogueP2PS

Filetopia traffic60168FiletopiaP2P

Furthernet traffic60160FurthurnetP2P

Gnutella traffic2000GnutellaP2P

Groove traffic60134GrooveP2P

Hotline traffic60136HotlineP2P

Kazaa traffic2001KazaaP2P

LimeWire traffic2008LimeWireP2P

Morpheus traffic2010MorpheusP2P

Napster traffic2011NapsterP2P

Napster2 traffic60181Napster2P2P

OpenNap traffic2007OpenNapP2P

P2P PeerEnabler traffic2204PeerEnablerP2P

P2P PeerEnabler traffic2004PeerEnablerP2P

Piolet traffic2005PioletP2P

ScourExchange traffic60113ScourExchangeP2P

Soulseek traffic60184SoulseekP2P

Tripnosis traffic60135TripnosisP2P

eDonkey2000 traffic33954eDonkey2000P2P

eDonkey traffic2002eDonkeyP2P

eDonkey2000 traffic33956eDonkey2000P2P

iMesh traffic60114iMeshP2P

GnuCleusLan traffic2009GnucleuslanP2P




ATSTCP traffic60107ATSTCPRemoteAccess

Attachmate-GW traffic60100Attachmate-GWRemoteAccess

Citrix traffic34814CitrixRemoteAccess

Remote Access Citrix ICATraffic

5671CitrixICARemoteAccess

Remote Access Citrix ICATraffic

5670CitrixICARemoteAccess

CORBA traffic60043CORBARemoteAccess

DceRPC traffic100663296DceRPCRemoteAccess

DceRPCMapper traffic101908480DceRPC > DceRPCMapperRemoteAccess

MsExchange traffic101974016DceRPC >MsExchangeRemoteAccess

MsExchange traffic102011648DceRPC >MsExchange >Directory

RemoteAccess

MsExchange traffic102011904DceRPC >MsExchange >InformationStore

RemoteAccess

MsExchange traffic102012160DceRPC>MsExchange>MTARemoteAccess

GoToMyPC traffic60164GoToMyPCRemoteAccess

JavaTM RMI traffic60109JavaRMIRemoteAccess

login traffic60089loginRemoteAccess

MS terminal services6001MSTerminalServicesRemoteAccess

OpenConnect-JCP traffic60085OpenConnect-JCPRemoteAccess

OpenWindows traffic34807OpenWindowsRemoteAccess

PCanywhere application50528pcanywhereRemoteAccess

PCanywhere application20948PCAnywhereRemoteAccess

Persona traffic60093PersonaRemoteAccess

radmin traffic60177radminRemoteAccess

RDP traffic60052RDPRemoteAccess




RemotelyAnywhere traffic60188RemotelyAnywhereRemoteAccess

rexec traffic60081rexecRemoteAccess

rsh traffic60128rshRemoteAccess

rsync traffic60159rsyncRemoteAccess

rtelnet traffic42372rtelnetRemoteAccess

rwho traffic60090rwhoRemoteAccess

SmartSockets traffic60169SmartSocketsRemoteAccess

SMTBF traffic60103SMTBFRemoteAccess

SSH traffic1005SSHRemoteAccess

SSH-Ports traffic20949SSH-PortsRemoteAccess

SSH-Ports traffic20947SSH-PortsRemoteAccess

SSL traffic60001SSLRemoteAccess

SSL-Shell traffic60092SSL-ShellRemoteAccess

SunRPC traffic117440512SunRPCRemoteAccess

SunRPC traffic60027SunRPCRemoteAccess

SunRPC traffic119275520SunRPC > IBM3270MapperRemoteAccess

SunRPC traffic119209984SunRPC >MountRemoteAccess

SunRPC traffic118882304SunRPC > NFSRemoteAccess

SunRPC traffic119406592SunRPC > NISRemoteAccess

SunRPC traffic119472128SunRPC > PcNfsdRemoteAccess

SunRPC traffic5383SunRPC > PortMapperRemoteAccess

SunRPC traffic119341056SunRPC > RjeMapperRemoteAccess

SunRPC traffic120848384SunRPC > RstatRemoteAccess

SunRPC traffic119013376SunRPC > YpBindRemoteAccess




SunRPC traffic118947840SunRPC > YpServRemoteAccess

SunRPC traffic119078912SunRPC > YpUpdatedRemoteAccess

SunRPC traffic119144448SunRPC > YpXferdRemoteAccess

Tacacs traffic34808TacacsRemoteAccess

Telnet traffic1000TelnetRemoteAccess

Telnet-Port traffic20950Telnet-PortRemoteAccess

Timbuktu traffic60017TimbuktuRemoteAccess

tn3270 traffic60010tn3270RemoteAccess

tn5250 traffic60063tn5250RemoteAccess

VNC traffic1006VNCRemoteAccess

XWindows traffic60050XWindowsRemoteAccess

ARP traffic34820ARPRoutingProtocols

AURP traffic60011AURPRoutingProtocols

Banyan-VINES traffic34838Banyan-VINESRoutingProtocols

BGP traffic60029BGPRoutingProtocols

BPDU traffic34821BPDURoutingProtocols

CBT traffic60045CBTRoutingProtocols

CiscoOUI traffic34823CiscoOUIRoutingProtocols

DRP traffic60038DRPRoutingProtocols

DTP traffic60192DTPRoutingProtocols

EGP traffic60032EGPRoutingProtocols

EIGRP traffic60065EIGRPRoutingProtocols

Gateway Routing traffic34836GatewayRoutingRoutingProtocols

IanaProtocol-IP traffic34835IanaProtocol-IPRoutingProtocols




IDP traffic34825IDPRoutingProtocols

IGMP traffic60041IGMPRoutingProtocols

IGP traffic60098IGPRoutingProtocols

OSPF traffic60031OSPFRoutingProtocols

PAgP traffic60190PAgPRoutingProtocols

PIM traffic60044PIMRoutingProtocols

PVSTP traffic60189PVSTPRoutingProtocols

RARP traffic60047RARPRoutingProtocols

RIP traffic60028RIPRoutingProtocols

Spanning tree traffic60046SpanningTreeRoutingProtocols

VLAN-Bridge traffic60191VLAN-BridgeRoutingProtocols

VTP traffic60193VTPRoutingProtocols

DPA traffic60061DPASecurityProtocol

GRE traffic60033GRESecurityProtocol

IPMobility traffic60172IPMobilitySecurityProtocol

IPSec traffic60037IPSecSecurityProtocol

ISAKMP traffic60080ISAKMPSecurityProtocol

L2TP traffic60026L2TPSecurityProtocol

PPTP traffic60036PPTPSecurityProtocol

RC5DES traffic60067RC5DESSecurityProtocol

SOCKS traffic60079SOCKSSecurityProtocol

SoftEther traffic60186SoftEtherSecurityProtocol

SWIPE traffic60171SWIPESecurityProtocol

Abacast traffic60174AbacastStreaming




H.261 traffic34829H.261Streaming



Streaming Microsoft MediaServerProtocol (MMS) traffic

4002MicrosoftMediaServerStreaming


218103808MicrosoftMediaServerStreamingStreaming


234881024MicrosoftMediaServerStreamingPayloadStreaming

Motion traffic60185MotionStreaming

MPEG-Audio traffic60053MPEG-AudioStreaming

MPEG-Video traffic60054MPEG-VideoStreaming

RadioNetscape traffic60180RadioNetscapeStreaming

Real traffic60003RealStreaming

RTP-Skinny traffic34834RTP-SkinnyStreaming

RTSP traffic5071RTSPStreaming

RTSP traffic187367424RTSP>RTSPEmbeddedMediaStreaming

RTSP traffic187405824RTSP>RTSPEmbeddedMedia> RealRDT

Streaming

RTSP traffic187405832RTSP>RTSPEmbeddedMedia> RealRDT > RTSPavpaudio

Streaming

RTSP traffic187405831RTSP>RTSPEmbeddedMedia> RealRDT >RTSPavpdynamicunknown

Streaming

RTSP traffic187405830RTSP>RTSPEmbeddedMedia> RealRDT >RTSPavpreserved

Streaming

RTSP traffic187405829RTSP>RTSPEmbeddedMedia> RealRDT >RTSPavpunassigned

Streaming




RTSP traffic187405833RTSP>RTSPEmbeddedMedia> RealRDT > RTSPavpvideo

Streaming

RTSP traffic187406336RTSP>RTSPEmbeddedMedia> RTCP

Streaming

RTSP traffic187406080RTSP>RTSPEmbeddedMedia> RTP

Streaming

RTSP traffic187406087RTSP>RTSPEmbeddedMedia> RTP >RTSPavpdynamicunknown

Streaming

RTSP traffic187406085RTSP>RTSPEmbeddedMedia> RTP > RTSPavpunassigned

Streaming

RTSP traffic187406089RTSP>RTSPEmbeddedMedia> RTP > RTSPavpvideo

Streaming

RTSP traffic187406086RTSP>RTSPEmbeddedMedia> RTP > RTSPavpreserved

Streaming

RTSP traffic187301888RTSP > RTSPSessionControlStreaming

RTSP traffic187406088RTSP>RTSPEmbeddedMedia> RTP > RTSPavpaudio

Streaming

ST2 traffic60034ST2Streaming

Shoutcast MP3 stream4001StreamingAudioStreaming

Shoutcast MP3 stream4000StreamingAudioStreaming

StreamWorks traffic60014StreamWorksStreaming

WinampStream traffic60165WinampStreamStreaming

WindowsMediaPlayer traffic5005WindowsMediaPlayerStreaming

WindowsMediaPlayer traffic5006WindowsMediaPlayerStreaming

WinMedia traffic60025WinMediaStreaming

DEC traffic34824DECUncommonProtocol

UncommonProtocol traffic34850UncommonProtocolUncommonProtocol

CiscoCTI traffic60144CiscoCTIVoIP




Clarent-CC traffic60075Clarent-CCVoIP

Clarent-Complex traffic60074Clarent-ComplexVoIP

Clarent-Mgmt traffic60072Clarent-MgmtVoIP

Clarent-Voice-S traffic60073Clarent-Voice-SVoIP

Dialpad traffic60140DialpadVoIP

G711 traffic34833G711VoIP



H.323 traffic60018H.323VoIP

H.323 traffic33554432H323VoIP

H.323 traffic34144256H323 > CallControlVoIP

H.323 traffic34176768H323 > CallControl > H245VoIP

H.323 traffic34078720H323 > CallSignalingVoIP

H.323 traffic34110976H323 > CallSignaling >Q931VoIP

I-Phone traffic60066I-PhoneVoIP

MCK-Signaling traffic60094MCK-SignalingVoIP

MCK-Voice traffic60095MCK-VoiceVoIP

Megaco traffic60155MegacoVoIP

MGCP traffic60152MGCPVoIP

Micom-VIP traffic60035Micom-VIPVoIP

Net2Phone traffic60153Net2PhoneVoIP

RTCP traffic50331648RTCPVoIP

RTCP-B traffic60022RTCP-BVoIP

RTCP-I traffic60020RTCP-IVoIP




RTP traffic67108864RTPVoIP

RTP traffic67764224RTP > H323AudioVoIP

RTP traffic67799040RTP > H323Audio > CNVoIP

RTP traffic67797760RTP > H323Audio > DVI4VoIP

RTP traffic67796992RTP > H323Audio > G711VoIP





RTP traffic67797248RTP > H323Audio > GSMVoIP

RTP traffic67798528RTP > H323Audio > L16VoIP

RTP traffic67798016RTP > H323Audio > LPCVoIP

RTP traffic67799296RTP > H323Audio >MPAVoIP

RTP traffic67798784RTP > H323Audio >QCELPVoIP

RTP traffic67829760RTP > H323VideoVoIP

RTP traffic67865600RTP > H323Video > CELBVoIP

RTP traffic67867136RTP > H323Video > H263VoIP

RTP traffic67865856RTP > H323Video > JPEGVoIP

RTP traffic67866880RTP > H323Video >MP2TVoIP

RTP traffic67866624RTP > H323Video >MPVVoIP

RTP traffic67866112RTP > H323Video > NVVoIP

RTP traffic67866368RTP > H323Video >H261VoIP

RTP traffic68157440RTP > SIPavpaudioVoIP

RTP traffic68288512RTP > SIPavpdataVoIP




RTP traffic68091904RTP >SIPavpdynamicunknown

VoIP

RTP traffic68026368RTP > SIPavpreservedVoIP

RTP traffic26796083RTP > SIPavpunassignedVoIP

RTP traffic68222976RTP > SIPavpvideoVoIP

RTP traffic70385664RTP > SKINNYAudioVoIP

RTP traffic70426624RTP > SKINNYAudio >ActiveVoice

VoIP

RTP traffic70418432RTP > SKINNYAudio > G711VoIP

RTP traffic70418443RTP > SKINNYAudio > G711 >aLaw56k

VoIP

RTP traffic70418442RTP > SKINNYAudio > G711 >aLaw64k

VoIP

RTP traffic70418445RTP > SKINNYAudio > G711 >uLaw56k

VoIP

RTP traffic70418444RTP > SKINNYAudio > G711 >uLaw64k

VoIP


RTP traffic70419728RTP > SKINNYAudio > G722 >48k

VoIP


VoIP


VoIP


RTP traffic70425856RTP > SKINNYAudio >G72616k

VoIP


VoIP


VoIP






RTP traffic70425361RTP > SKINNYAudio >G729 >AnnexA

VoIP

RTP traffic70425363RTP >SKINNYAudio >G729 >AnnexAB

VoIP

RTP traffic70425362RTP > SKINNYAudio >G729 >AnnexB

VoIP

RTP traffic70418688RTP > SKINNYAudio > GSMVoIP

RTP traffic70418712RTP > SKINNYAudio > GSM >ENHRate

VoIP

RTP traffic70418710RTP > SKINNYAudio > GSM >FullRate

VoIP

RTP traffic70418711RTP > SKINNYAudio > GSM >HalfRate

VoIP

RTP traffic70418713RTP > SKINNYAudio > GSM >STDRate

VoIP

RTP traffic70425600RTP > SKINNYAudio >WideBand

VoIP

RTP traffic70425626RTP > SKINNYAudio >WideBand > 256k

VoIP

RTP traffic70425364RTP > SKINNYAudio> G729 >G729B

VoIP

RTP traffic70451200RTP > SKINNYDataVoIP

RTP traffic70492672RTP > SKINNYData > 56kVoIP

RTP traffic70492416RTP > SKINNYDate > 64kVoIP

RTP traffic70320128RTP > SKINNYNonStdVoIP

RTP traffic60021RTP-BVoIP

RTP traffic60019RTP-IVoIP

SCCP traffic352321536SCCPVoIP




SIP traffic60151SIPVoIP

SIP traffic84672512SIP > SipSessionControlVoIP

Skype traffic452984832SkypeVoIP

Skype traffic3007SkypeVoIP

T.120 traffic60023T.120VoIP

VDOPhone traffic60004VDOPhoneVoIP

Vonage traffic60187VonageVoIP

Web traffic16777216Web

Web Application traffic16908288ApplicationWeb

ATTA2BMusic traffic16926208Application > ATTA2BMusicWeb

Backweb traffic16909568Application > BackwebWeb

Datawindow traffic16909824Application > DatawindowWeb

Edact traffic16910592Application > EdactWeb

EdiContent traffic16910080Application > EdiContentWeb

EdiX12 traffic16910336Application > EdiX12Web

Entrypoint traffic16909312Application > EntrypointWeb

Excel traffic16910848Application > ExcelWeb

FutureSplash traffic16927232Application > FutureSplashWeb

MACBINHEX40 traffic16911104Application >MACBINHEX40Web

MARIMBA traffic16924672Application >MARIMBAWeb

MP3 traffic16911360Application >MP3Web

MsPowerPoint traffic16911616Application >MsPowerPointWeb

MsWord traffic16911872Application >MsWordWeb

NewsMessageID traffic16912128Application>NewsMessageIDWeb




NewsTransmission traffic16912384Application >NewsTransmission

Web

OctetStream traffic16912640Application >OctetStreamWeb

ODA traffic16912896Application >ODAWeb

PDF traffic16913152Application > PDFWeb

PostScript traffic16913408Application > PostScriptWeb

PowerBuilder traffic16913664Application > PowerBuilderWeb

QuattroPro traffic16913920Application >QuattroProWeb

RTF traffic16914176Application > RTFWeb

SDP traffic16926720Application > SDPWeb

SGML traffic16914432Application > SGMLWeb

ShockWaveFlash traffic16926976Application >ShockWaveFlash

Web

VNDFrameMaker traffic16914688Application>VNDFrameMakerWeb

VNDLotusFreeLance traffic16915200Application >VNDLotusFreeLance

Web

VNDLotusOTUS123 traffic16914944Application >VNDLotusOTUS123

Web

VNDLOTUSWordPro traffic16915456Application >VNDLOTUSWordPro

Web

VNDM traffic16915712Application > VNDMWeb

VNDMsExcel traffic16915968Application > VNDMsExcelWeb

VNDMsPowerPoint traffic16916224Application >VNDMsPowerPoint

Web

VNDMsProject traffic16916480Application > VNDMsProjectWeb

VNDMsWord traffic16916736Application > VNDMsWordWeb

VNDPowerBuilder traffic16916992Application >VNDPowerBuilder

Web




VNDRNMusicPackage traffic16926464Application >VNDRNMusicPackage

Web

VNDRNRealPlayer traffic16917248Application >VNDRNRealPlayer

Web

VNDVisio traffic16917504Application > VNDVisioWeb

WordPerfect traffic16917760Application >WordPerfectWeb

X_NETCDF traffic16924416Application > X_NETCDFWeb

XBCPIO traffic16918016Application > XBCPIOWeb

XCOMPRESS traffic16918272Application > XCOMPRESSWeb

XCPIO traffic16918528Application > XCPIOWeb

XCSH traffic16918784Application > XCSHWeb

XDIRECTOR traffic16919040Application > XDIRECTORWeb

XDVI traffic16919296Application > XDVIWeb

XGTAR traffic16919552Application > XGTARWeb

XIPIX traffic16925952Application > XIPIXWeb

XIpScript traffic16925696Application > XIpScriptWeb

XJavaScript traffic16919808Application > XJAVASCRIPTWeb

XLATEX traffic16920064Application > XLATEXWeb

XLiquidPlayer traffic16925440Application > XLiquidPlayerWeb

XLotusNotes traffic16920320Application > XLotusNotesWeb

XM traffic16920832Application > XMWeb

XMACBinary traffic16920576Application > XMACBinaryWeb

XPNCMD traffic16921088Application > XPNCMDWeb

XPNRealAudio traffic16921344Application > XPNRealAudioWeb

XPowerPoint traffic16921600Application > XPowerPointWeb




XPP5 traffic16923904Application > XPP5Web

XSH(53) traffic16921856Application > XSH(53)Web

XSTUFFIT traffic16922112Application > XSTUFFITWeb

XTAR traffic16922368Application > XTARWeb

XTCL traffic16922624Application > XTCLWeb

XTEX traffic16922880Application > XTEXWeb

XTROFF traffic16923136Application > XTROFFWeb

XUSTAR traffic16923392Application > XUSTARWeb

XXDMA traffic16924928Application > XXDMAWeb

XXSM traffic16925184Application > XXSMWeb

XZipCompressed traffic16923648Application>XZipCompressedWeb

ZIPARCHIVE traffic16924160Application > ZIPARCHIVEWeb

Web Audio traffic16973824AudioWeb

BC traffic16993024Audio > BCWeb

MIDI traffic16993280Audio >MIDIWeb

MPEG traffic16993536Audio >MPEGWeb

VNDRNRealAudio traffic16993792Audio > VNDRNRealAudioWeb

WAV traffic16994048Audio >WAVWeb

XAF traffic16994304Audio > XAFWeb

XLIQUID(86) traffic16995840Audio > XLIQUID(86)Web

XMIDI traffic16994560Audio > XMIDIWeb

XMPEG traffic16994816Audio > XMPEGWeb

XMPGURL traffic16995072Audio > XMPGURLWeb

XWAV(85) traffic16995584Audio > XWAV(85)Web




Blogs traffic16777269BlogsWeb

Blogs traffic16908341Blogs > ApplicationWeb

Blogs traffic16973877Blogs > AudioWeb

Blogs traffic16842805Blogs > DatabaseWeb

Blogs traffic17039413Blogs > ImageWeb

Blogs traffic17104949Blogs > TextWeb

Blogs traffic17170485Blogs > VideoWeb

Blogs traffic17236021Blogs > XWORLDWeb

Web database traffic16842752DatabaseWeb

JDBC traffic16843520Database > JDBCWeb

SybaseTunneledTDS traffic16843264Database >SybaseTunneledTDS

Web

SybaseWebSQL traffic16843008Database > SybaseWebSQLWeb

Facebook traffic16777246FacebookWeb

Facebook traffic16908318Facebook > ApplicationWeb

Facebook traffic16973854Facebook > AudioWeb

Facebook traffic16842782Facebook > DatabaseWeb

Facebook traffic17039390Facebook > ImageWeb

Facebook traffic17104926Facebook > TextWeb

Facebook traffic17170462Facebook > VideoWeb

Facebook traffic17235998Facebook > XWORLDWeb

File sharing site traffic16777440FileSharingSitesWeb

File sharing site traffic16908512FileSharingSites>ApplicationWeb

File sharing site traffic16974048FileSharingSites > AudioWeb

File sharing site traffic16842976FileSharingSites > DatabaseWeb




File sharing site traffic17039584FileSharingSites > ImageWeb

File sharing site traffic17105120FileSharingSites > TextWeb

File sharing site traffic17170656FileSharingSites > VideoWeb

File sharing site traffic17236192FileSharingSites > XWORLDWeb

Free email site traffic16777441FreeEmailSitesWeb

Free email site traffic16908513FreeEmailSites > ApplicationWeb

Free email site traffic16974049FreeEmailSites > AudioWeb

Free email site traffic16842977FreeEmailSites > DatabaseWeb

Free email site traffic17039585FreeEmailSites > ImageWeb

Free email site traffic17105121FreeEmailSites > TextWeb

Free email site traffic17170657FreeEmailSites > VideoWeb

Free email site traffic17236193FreeEmailSites > XWORLDWeb

Google traffic16777245GoogleWeb

Google traffic16908317Google > ApplicationWeb

Google traffic16973853Google > AudioWeb

Google traffic16842781Google > DatabaseWeb

Google traffic17039389Google > ImageWeb

Google traffic17104925Google > TextWeb

Google traffic17170461Google > VideoWeb

Google traffic17235997Google > XWORLDWeb

http(8080) traffic21085http(8080)Web

http(81) traffic21109http(81)Web

HTTPImageTransfer traffic1034HTTPImageTransferWeb

Web image traffic17039360ImageWeb




CGM traffic17061632Image > CGMWeb

G3FAX traffic17061888Image > G3FAXWeb

GIF traffic17062144Image > GIFWeb

IEF traffic17062400Image > IEFWeb

JPEG traffic17062656Image > JPEGWeb

PICT traffic17062912Image > PICTWeb

PNG traffic17063168Image > PNGWeb

TF traffic17063424Image > TFWeb

VNDRNRealFlash traffic17063680Image > VNDRNRealFlashWeb

VNDRNRealPix traffic17063936Image > VNDRNRealPixWeb

XBitAppNames traffic17064192Image > XBitAppNamesWeb

XPixAppNames traffic17064448Image > XPixAppNamesWeb

XQuickTime traffic17064704Image > XQuickTimeWeb

XWindowDump traffic17064960Image > XWindowDumpWeb

XXBM traffic17065216Image > XXBMWeb

Info traffic16777268InfoWeb

Info traffic16908340Info > ApplicationWeb

Info traffic16973876Info > AudioWeb

Info traffic16842804Info > DatabaseWeb

Info traffic17039412Info > ImageWeb

Info traffic17104948Info > TextWeb

Info traffic17170484Info > VideoWeb

Info traffic17236020Info > XWORLDWeb

JavaM traffic5050JAVAWeb




Malware (attack)traffic16777424Malware(attack)Web

Malware (attack)traffic16908496Malware(attack)>ApplicationWeb

Malware (attack)traffic16974032Malware(attack) > AudioWeb

Malware (attack)traffic16842960Malware(attack) > DatabaseWeb

Malware (attack)traffic17039568Malware(attack) > ImageWeb

Malware (attack)traffic17105104Malware(attack) > TextWeb

Malware (attack)traffic17170640Malware(attack) > VideoWeb

Malware (attack)traffic17236176Malware(attack) > XWORLDWeb

Malware (backdoor) traffic16777428Malware(backdoor)Web

Malware (backdoor) traffic16908500Malware(backdoor) >Application

Web

Malware (backdoor) traffic16974036Malware(backdoor) > AudioWeb

Malware (backdoor) traffic16842964Malware(backdoor) >Database

Web

Malware (backdoor) traffic17039572Malware(backdoor) > ImageWeb

Malware (backdoor) traffic17105108Malware(backdoor) > TextWeb

Malware (backdoor) traffic17170644Malware(backdoor) > VideoWeb

Malware (backdoor) traffic17236180Malware(backdoor) >XWORLD

Web

Malware (blacklist) traffic16777426Malware(blacklist)Web

Malware (blacklist) traffic16908498Malware(blacklist) >Application

Web

Malware (blacklist) traffic16974034Malware(blacklist) > AudioWeb

Malware (blacklist) traffic16842962Malware(blacklist)>DatabaseWeb

Malware (blacklist) traffic17039570Malware(blacklist) > ImageWeb

Malware (blacklist) traffic17105106Malware(blacklist) > TextWeb

Malware (blacklist) traffic17170642Malware(blacklist) > VideoWeb




Malware (blacklist) traffic17236178Malware(blacklist)>XWORLDWeb

Malware (bot) traffic16777417Malware(bot)Web

Malware (bot) traffic16908489Malware(bot) > ApplicationWeb

Malware (bot) traffic16974025Malware(bot) > AudioWeb

Malware (bot) traffic16842953Malware(bot) > DatabaseWeb

Malware (bot) traffic17039561Malware(bot) > ImageWeb

Malware (bot) traffic17105097Malware(bot) > TextWeb

Malware (bot) traffic17170633Malware(bot) > VideoWeb

Malware (bot) traffic17236169Malware(bot) > XWORLDWeb

Malware (exploit) traffic16777419Malware(exploit)Web

Malware (exploit) traffic16908491Malware(exploit) >Application

Web

Malware (exploit) traffic16974027Malware(exploit) > AudioWeb

Malware (exploit) traffic16842955Malware(exploit) > DatabaseWeb

Malware (exploit) traffic17039563Malware(exploit) > ImageWeb

Malware (exploit) traffic17105099Malware(exploit) > TextWeb

Malware (exploit) traffic17170635Malware(exploit) > VideoWeb

Malware (exploit) traffic17236171Malware(exploit) > XWORLDWeb

Malware (flux) traffic16974033Malware(flux) > AudioWeb

Malware (flux) traffic16777425Malware(flux)Web

Malware (flux) traffic16908497Malware(flux) > ApplicationWeb

Malware (flux) traffic16842961Malware(flux) > DatabaseWeb

Malware (flux) traffic17039569Malware(flux) > ImageWeb

Malware (flux) traffic17105105Malware(flux) > TextWeb

Malware (flux) traffic17170641Malware(flux) > VideoWeb




Malware (flux) traffic17236177Malware(flux) > XWORLDWeb

Malware (fraud) traffic16777421Malware(fraud)Web

Malware (fraud) traffic16908493Malware(fraud) > ApplicationWeb

Malware (fraud) traffic16974029Malware(fraud) > AudioWeb

Malware (fraud) traffic16842957Malware(fraud) > DatabaseWeb

Malware (fraud) traffic17039565Malware(fraud) > ImageWeb

Malware (fraud) traffic17105101Malware(fraud) > TextWeb

Malware (fraud) traffic17170637Malware(fraud) > VideoWeb

Malware (fraud) traffic17236173Malware(fraud) > XWORLDWeb

Malware (hack) traffic16777420Malware(hack)Web

Malware (hack) traffic16908492Malware(hack) > ApplicationWeb

Malware (hack) traffic16974028Malware(hack) > AudioWeb

Malware (hack) traffic16842956Malware(hack) > DatabaseWeb

Malware (hack) traffic17039564Malware(hack) > ImageWeb

Malware (hack) traffic17105100Malware(hack) > TextWeb

Malware( hack) traffic17170636Malware(hack) > VideoWeb

Malware (hack) traffic17236172Malware(hack) > XWORLDWeb

Malware (misc) traffic16777416Malware(misc)Web

Malware (misc) traffic16908488Malware(misc) > ApplicationWeb

Malware (misc) traffic16974024Malware(misc) > AudioWeb

Malware (misc) traffic16842952Malware(misc) > DatabaseWeb

Malware (misc) traffic17039560Malware(misc) > ImageWeb

Malware (misc) traffic17105096Malware(misc) > TextWeb

Malware (misc) traffic17170632Malware(misc) > VideoWeb




Malware (misc) traffic17236168Malware(misc) > XWORLDWeb

Malware (phish) traffic16777422Malware(phish)Web

Malware (phish) traffic16908494Malware(phish) > ApplicationWeb

Malware (phish) traffic16974030Malware(phish) > AudioWeb

Malware (phish) traffic16842958Malware(phish) > DatabaseWeb

Malware (phish) traffic17039566Malware(phish) > ImageWeb

Malware (phish) traffic17105102Malware(phish) > TextWeb

Malware (phish) traffic17170638Malware(phish) > VideoWeb

Malware (phish) traffic17236174Malware(phish) > XWORLDWeb

Malware (rbn) traffic16777430Malware(rbn)Web

Malware (rbn) traffic16908502Malware(rbn) > ApplicationWeb

Malware (rbn) traffic16974038Malware(rbn) > AudioWeb

Malware (rbn) traffic16842966Malware(rbn) > DatabaseWeb

Malware (rbn) traffic17039574Malware(rbn) > ImageWeb

Malware (rbn) traffic17105110Malware(rbn) > Text#Web

Malware (rbn) traffic17170646Malware(rbn) > VideoWeb

Malware (rbn) traffic17236182Malware(rbn) > XWORLDWeb

Malware (rogue) traffic31677742Malware(rogue)Web

Malware (rogue) traffic16908495Malware(rogue)>ApplicationWeb

Malware (rogue) traffic16974031Malware(rogue) > AudioWeb

Malware (rogue) traffic16842959Malware(rogue) > DatabaseWeb

Malware (rogue) traffic17039567Malware(rogue) > ImageWeb

Malware (rogue) traffic17105103Malware(rogue) > TextWeb

Malware (rogue) traffic17170639Malware(rogue) > VideoWeb




Malware (rogue) traffic17236175Malware(rogue) > XWORLDWeb

Malware (sql) traffic16908499Malware(sql) > ApplicationWeb

Malware (sql) traffic16777427Malware(sql)Web

Malware (sql) traffic16974035Malware(sql) > AudioWeb

Malware (sql) traffic16842963Malware(sql) > DatabaseWeb

Malware (sql) traffic17039571Malware(sql) > ImageWeb

Malware (sql) traffic17105107Malware(sql) > TextWeb

Malware (sql) traffic17170643Malware(sql) > VideoWeb

Malware (sql) traffic17236179Malware(sql) > XWORLDWeb

Malware (suspicious) traffic16777429Malware(suspicious)Web

Malware (suspicious) traffic16908501Malware(suspicious) >Application

Web

Malware (suspicious) traffic16974037Malware(suspicious) > AudioWeb

Malware (suspicious) traffic16842965Malware(suspicious) >Database

Web

Malware (suspicious) traffic17039573Malware(suspicious) > ImageWeb

Malware (suspicious) traffic17105109Malware(suspicious) > TextWeb

Malware (suspicious) traffic17170645Malware(suspicious) > VideoWeb

Malware (suspicious) traffic17236181Malware(suspicious) >XWORLD

Web

Malware (trojan) traffic16777418Malware(trojan)Web

Malware (trojan) traffic16908490Malware(trojan)>ApplicationWeb

Malware (trojan) traffic16974026Malware(trojan) > AudioWeb

Malware (trojan) traffic16842954Malware(trojan) > DatabaseWeb

Malware (trojan) traffic17039562Malware(trojan) > ImageWeb

Malware (trojan) traffic17105098Malware(trojan) > TextWeb




Malware (trojan) traffic17170634Malware(trojan) > VideoWeb

Malware (trojan) traffic17236170Malware(trojan) > XWORLDWeb

MSNLive traffic16777248MSNLiveWeb

MSNLive traffic16908320MSNLive > ApplicationWeb

MSNLive traffic16973856MSNLive >AudioWeb

MSNLive traffic16842784MSNLive > DatabaseWeb

MSNLive traffic17039392MSNLive > ImageWeb

MSNLive traffic17104928MSNLive > TextWeb

MSNLive traffic17170464MSNLive > VideoWeb

MSNLive traffic17236000MSNLive > XWORLDWeb

NortonAntiVirus traffic1025NortonAntiVirusWeb

SecureWeb traffic1011SecureWebWeb

Shopping traffic16777267ShoppingWeb

Shopping traffic16908339Shopping > ApplicationWeb

Shopping traffic16973875Shopping > AudioWeb

Shopping traffic16842803Shopping > DatabaseWeb

Shopping traffic17039411Shopping > ImageWeb

Shopping traffic17104947Shopping > TextWeb

Shopping traffic17170483Shopping > VideoWeb

Shopping traffic17236019Shopping > XWORLDWeb

Adult FriendFinder traffic16777255SocialNetwork >ADULTFRIENDFINDER

Web

Adult FriendFinder traffic16908327SocialNetwork >ADULTFRIENDFINDER>Application

Web

Adult FriendFinder traffic16973863SocialNetwork >ADULTFRIENDFINDER>Audio

Web




Adult FriendFinder traffic16842791SocialNetwork >ADULTFRIENDFINDER >Database

Web

Adult FriendFinder traffic17039399SocialNetwork >ADULTFRIENDFINDER> Image

Web

Adult FriendFinder traffic17104935SocialNetwork >ADULTFRIENDFINDER > Text

Web

Adult FriendFinder traffic17170471SocialNetwork >ADULTFRIENDFINDER>Video

Web

Adult FriendFinder traffic17236007SocialNetwork >ADULTFRIENDFINDER >XWORLD

Web

Blogster traffic16777256SocialNetwork > BLOGSTERWeb

Blogster traffic16908328SocialNetwork > BLOGSTER> Application

Web

Blogster traffic16973864SocialNetwork > BLOGSTER> Audio

Web

Blogster traffic16842792SocialNetwork > BLOGSTER> Database

Web

Blogster traffic17039400SocialNetwork > BLOGSTER> Image

Web

Blogster traffic17104936SocialNetwork > BLOGSTER> Text

Web

Blogster traffic17170472SocialNetwork > BLOGSTER> Video

Web

Blogster traffic17236008SocialNetwork > BLOGSTER> XWORLD

Web

Classmates traffic16777264SocialNetwork >CLASSMATES

Web

Classmates traffic16908336SocialNetwork >CLASSMATES > Application

Web

Classmates traffic16973872SocialNetwork >CLASSMATES > Audio

Web

Classmates traffic16842800SocialNetwork >CLASSMATES > Database

Web




Classmates traffic17039408SocialNetwork >CLASSMATES > Image

Web

Classmates traffic17104944SocialNetwork >CLASSMATES > Text

Web

Classmates traffic17170480SocialNetwork >CLASSMATES > Video

Web

Classmates traffic17236016SocialNetwork >CLASSMATES > XWORLD

Web

Flickr traffic16777250SocialNetwork > FLICKRWeb

Flickr traffic16908322SocialNetwork > FLICKR >Application

Web

Flickr traffic16973858SocialNetwork > FLICKR >Audio

Web

Flickr traffic16842786SocialNetwork > FLICKR >Database

Web

Flickr traffic17039394SocialNetwork > FLICKR >Image

Web

Flickr traffic17104930SocialNetwork > FLICKR >Text

Web

Flickr traffic17170466SocialNetwork > FLICKR >Video

Web

Flickr traffic17236002SocialNetwork > FLICKR >XWORLD

Web

Friendster traffic16777257SocialNetwork>FRIENDSTERWeb

Friendster traffic16908329SocialNetwork>FRIENDSTER> Application

Web

Friendster traffic16973865SocialNetwork>FRIENDSTER> Audio

Web

Friendster traffic16842793SocialNetwork>FRIENDSTER> Database

Web

Friendster traffic17039401SocialNetwork>FRIENDSTER> Image

Web

Friendster traffic17104937SocialNetwork>FRIENDSTER> Text

Web




Friendster traffic17170473SocialNetwork>FRIENDSTER> Video

Web

Friendster traffic17236009SocialNetwork>FRIENDSTER> XWORLD

Web

Hi5 traffic16777258SocialNetwork > HI5Web

Hi5 traffic16908330SocialNetwork > HI5 >Application

Web

Hi5 traffic16973866SocialNetwork > HI5 > AudioWeb

Hi5 traffic16842794SocialNetwork > HI5 >Database

Web

Hi5 traffic17039402SocialNetwork > HI5 > ImageWeb

Hi5 traffic17104938SocialNetwork > HI5 > TextWeb

Hi5 traffic17170474SocialNetwork > HI5 > VideoWeb

Hi5 traffic17236010SocialNetwork > HI5 >XWORLD

Web

Jaiku traffic16777259SocialNetwork > JAIKUWeb

Jaiku traffic16908331SocialNetwork > JAIKU >Application

Web

Jaiku traffic16973867SocialNetwork > JAIKU >Audio

Web

Jaiku traffic16842795SocialNetwork > JAIKU >Database

Web

Jaiku traffic31703940SocialNetwork > JAIKU >Image

Web

Jaiku traffic17104939SocialNetwork > JAIKU > TextWeb

Jaiku traffic17170475SocialNetwork > JAIKU >Video

Web

Jaiku traffic17236011SocialNetwork > JAIKU >XWORLD

Web

Kaixin traffic16777260SocialNetwork > KAIXINWeb




Kaixin traffic16908332SocialNetwork > KAIXIN >Application

Web

Kaixin traffic16973868SocialNetwork > KAIXIN >Audio

Web

Kaixin traffic16842796SocialNetwork > KAIXIN >Database

Web

Kaixin traffic17039404SocialNetwork > KAIXIN >Image

Web

Kaixin traffic17104940SocialNetwork > KAIXIN >Text

Web

Kaixin traffic17170476SocialNetwork > KAIXIN >Video

Web

Kaixin traffic17236012SocialNetwork > KAIXIN >XWORLD

Web

LinkedIn traffic16777249SocialNetwork > LINKEDINWeb

LinkedIn traffic16908321SocialNetwork > LINKEDIN >Application

Web

LinkedIn traffic16973857SocialNetwork > LINKEDIN >Audio

Web

LinkedIn traffic16842785SocialNetwork > LINKEDIN >Database

Web

LinkedIn traffic17039393SocialNetwork > LINKEDIN >Image

Web

LinkedIn traffic17104929SocialNetwork > LINKEDIN >Text

Web

LinkedIn traffic17170465SocialNetwork > LINKEDIN >Video

Web

LinkedIn traffic17236001SocialNetwork > LINKEDIN >XWORLD

Web

mixi traffic16777254SocialNetwork >MIXIWeb

mixi traffic16908326SocialNetwork >MIXI >Application

Web

mixi traffic16973862SocialNetwork >MIXI > AudioWeb




mixi traffic16842790SocialNetwork >MIXI >Database

Web

mixi traffic17039398SocialNetwork>MIXI> ImageWeb

mixi traffic17104934SocialNetwork >MIXI > TextWeb

mixi traffic17170470SocialNetwork >MIXI > VideoWeb

mixi traffic17236006SocialNetwork >MIXI >XWORLD

Web

MySpace traffic16777251SocialNetwork >MYSPACEWeb

MySpace traffic16908323SocialNetwork >MYSPACE >Application

Web

MySpace traffic16973859SocialNetwork >MYSPACE >Audio

Web

MySpace traffic16842787SocialNetwork >MYSPACE >Database

Web

MySpace traffic17039395SocialNetwork >MYSPACE >Image

Web

MySpace traffic17104931SocialNetwork >MYSPACE >Text

Web

MySpace traffic17170467SocialNetwork >MYSPACE >Video

Web

MySpace traffic17236003SocialNetwork >MYSPACE >XWORLD

Web

Netlog traffic16777252SocialNetwork > NETLOGWeb

Netlog traffic16908324SocialNetwork > NETLOG >Application

Web

Netlog traffic16973860SocialNetwork > NETLOG >Audio

Web

Netlog traffic16842788SocialNetwork > NETLOG >Database

Web

Netlog traffic17039396SocialNetwork > NETLOG >Image

Web




Netlog traffic17104932SocialNetwork > NETLOG >Text

Web

Netlog traffic17170468SocialNetwork > NETLOG >Video

Web

Netlog traffic17236004SocialNetwork > NETLOG >XWORLD

Web

Ning traffic16777261SocialNetwork > NINGWeb

Ning traffic16908333SocialNetwork > NING >Application

Web

Ning traffic16973869SocialNetwork>NING>AudioWeb

Ning traffic16842797SocialNetwork > NING >Database

Web

Ning traffic17039405SocialNetwork>NING> ImageWeb

Ning traffic17104941SocialNetwork > NING > TextWeb

Ning traffic17170477SocialNetwork>NING>VideoWeb

Ning traffic17236013SocialNetwork > NING >XWORLD

Web

Plaxo traffic16777253SocialNetwork > PLAXOWeb

Plaxo traffic16908325SocialNetwork > PLAXO >Application

Web

Plaxo traffic16973861SocialNetwork > PLAXO >Audio

Web

Plaxo traffic16842789SocialNetwork > PLAXO >Database

Web

Plaxo traffic17039397SocialNetwork > PLAXO >Image

Web

Plaxo traffic17104933SocialNetwork > PLAXO >Text

Web

Plaxo traffic17170469SocialNetwork > PLAXO >Video

Web

Plaxo traffic17236005SocialNetwork > PLAXO >XWORLD

Web




QQ traffic16777262SocialNetwork >QQWeb

QQ traffic16908334SocialNetwork >QQ >Application

Web

QQ traffic16973870SocialNetwork >QQ > AudioWeb

QQ traffic16842798SocialNetwork >QQ >Database

Web

QQ traffic17039406SocialNetwork >QQ > ImageWeb

QQ traffic17104942SocialNetwork >QQ > TextWeb

QQ traffic17170478SocialNetwork >QQ > VideoWeb

QQ traffic17236014SocialNetwork >QQ >XWORLD

Web

Renren traffic16777263SocialNetwork > RENRENWeb

Renren traffic16908335SocialNetwork > RENREN >Application

Web

Renren traffic16973871SocialNetwork > RENREN >Audio

Web

Renren traffic16842799SocialNetwork > RENREN >Database

Web

Renren traffic17039407SocialNetwork > RENREN >Image

Web

Renren traffic17104943SocialNetwork > RENREN >Text

Web

Renren traffic17170479SocialNetwork > RENREN >Video

Web

Renren traffic17236015SocialNetwork > RENREN >XWORLD

Web

Squid traffic5070SquidWeb

ENRICHED traffic17131008Text > ENRICHEDWeb

Web text traffic17104896TextWeb

CSS traffic17132800Text > CSSWeb




HTML traffic17131264Text > HTMLWeb

PLAIN traffic17131520Text > PLAINWeb

RICHTEXT traffic17131776Text > RICHTEXTWeb

TabSeparatedValue traffic17132288Text > TabSeparatedValueWeb

VNDRNRealText traffic17132544Text > VNDRNRealTextWeb

XML traffic17133056Text > XMLWeb

Twitter traffic16777247TwitterWeb

Twitter traffic16908319Twitter > ApplicationWeb

Twitter traffic16973855Twitter > AudioWeb

Twitter traffic16842783Twitter > DatabaseWeb

Twitter traffic17039391Twitter > ImageWeb

Twitter traffic17104927Twitter > TextWeb

Twitter traffic17170463Twitter > VideoWeb

Twitter traffic17235999Twitter > XWORLDWeb

Uncommonsocialwebtraffic16777270UncommonSocialWebWeb

Uncommonsocialwebtraffic16908342UncommonSocialWeb >Application

Web

Uncommonsocialwebtraffic16973878UncommonSocialWeb>AudioWeb

Uncommonsocialwebtraffic16842806UncommonSocialWeb >Database

Web

Uncommonsocialwebtraffic17039414UncommonSocialWeb >Image

Web

Uncommonsocialwebtraffic17104950UncommonSocialWeb > TextWeb

Uncommonsocialwebtraffic17170486UncommonSocialWeb>VideoWeb

Uncommonsocialwebtraffic17236022UncommonSocialWeb >XWORLD

Web

Web video traffic traffic17170432VideoWeb




AVI traffic17198848Video > AVIWeb

MsVideo1 traffic17199360Video >MsVideo1Web

MsVideo2 traffic17199616Video >MsVideo2Web

QUICKTIME traffic17199872Video >QUICKTIMEWeb

VNDRNRealVideo traffic17200128Video > VNDRNRealVideoWeb

VNDVivo traffic17200384Video > VNDVivoWeb

XLsASF traffic17200640Video > XLsASFWeb

XLsASX traffic17200896Video > XLsASXWeb

XMsASF traffic17201408Video > XMsASFWeb

XMsASX traffic17201664Video > XMsASXWeb

XMsVideo traffic17201920Video > XMsVideoWeb

XSgiMovie traffic17202176Video > XSgiMovieWeb

Web traffic1010WebWeb




Web-Port traffic21739Web-PortWeb

WebFileTransfer traffic5061WebFileTransferWeb




WebMediaAudio traffic5004WebMediaAudioWeb








WebMediaDocuments traffic5010WebMediaDocumentsWeb







WebMediaAudio traffic5020WebMediaVideoWeb

WebMediaDocuments traffic5007WebMediaVideoWeb

WebMediaVideo traffic5002WebMediaVideoWeb

WebMediaVideo traffic5008WebMediaVideoWeb

Webmin traffic51350WebminWeb

XWORLD traffic17235968XWORLDWeb

XWORLD > XVrml traffic72679681XWORLD > XVrmlWeb

Yahoo traffic16777265YahooWeb

Yahoo traffic16908337Yahoo > ApplicationWeb

Yahoo traffic16973873Yahoo > AudioWeb

Yahoo traffic16842801Yahoo > DatabaseWeb

Yahoo traffic17039409Yahoo > ImageWeb

Yahoo traffic17104945Yahoo > TextWeb

Yahoo traffic17170481Yahoo > VideoWeb

Yahoo traffic17236017Yahoo > XWORLDWeb




YouTube traffic16777266YoutubeWeb

YouTube traffic16908338Youtube > ApplicationWeb

YouTube traffic16973874Youtube > AudioWeb

YouTube traffic16842802Youtube > DatabaseWeb

YouTube traffic17039410Youtube > ImageWeb

YouTube traffic17104946Youtube > TextWeb

YouTube traffic17170482Youtube > VideoWeb

YouTube traffic17236018Youtube > XWORLDWeb


ICMP Type and Code IDs on page 71•



ICMP Type and Code IDs

This reference provides information about default ICMP type and Code IDs.

Identifying Default ICMP Types

The following table lists the default ICMP types:

MessageICMP Type

Echo reply0

Destination unreachable3

Source quench4

Redirect5

Echo8

Router advertisement9

Router selection10

Time exceeded11



MessageICMP Type

Parameter problem12

Timestamp13

Timestamp reply14

Information request15

Information reply16

Address mask request17

Address mask reply18

Traceroute30

Identifying Default ICMP Codes

The following tables list the default ICMP codes:

Table 5: ICMP Type 3: Destination Unreachable Codes

DescriptionDestination Unreachable Code

Net is unreachable0

Host is unreachable1

Protocol is unreachable2

Port is unreachable3

Fragmentation is needed and Don't Fragmentwas set4

Source route failed5

Destination network is unknown6

Destination host is unknown7

Source host is isolated8

Communication with destination network is administrativelyprohibited

9

Communication with destination host is administrativelyprohibited

10

Destination network is unreachable for type of service11



Table 5: ICMP Type 3: Destination Unreachable Codes (continued)

DescriptionDestination Unreachable Code

Destination host is unreachable for type of service12

Communication is administratively prohibited13

Host precedence violation14

Precedence cutoff is in effect15

Table 6: ICMP Type 5: Redirect Codes

DescriptionRedirect Code

Redirect datagram for the network (or subnet)0

Redirect datagram for the host1

Redirect datagram for the type of service and network2

Redirect datagram for the type of service and host3

Table 7: ICMP Type 11: Time Exceeded Codes

DescriptionTime Exceeded Code

Time to Live exceeded in transit0

Fragment reassembly time exceeded1

Table 8: ICMP Type 12: Parameter ProblemCodes

DescriptionParameter Problem Code

Pointer indicates the error0

Missing a required option1

Bad length2


Port IDs on page 73•


Port IDs

This reference provides information about default port IDs used by JSA.



The following table lists the default common ports:

Protocol descriptionProtocolPort

File Transfer ProtocolFTP20

File Transfer ProtocolFTP21

Secure ShellSSH22

Telnet23

Send Mail Transfer ProtocolSMTP25

Domain Name ServiceDNS53

HyperText Transfer ProtocolHTTP80

HyperText Transfer ProtocolHTTP81

Post Office Protocol - version 3POP3110

Network New Transfer ProtocolNNTP News119

Network Time ProtocolNTP123

Network Basic Input/Output SystemNetBIOS137

Internet Message Access ProtocolIMAP143

Simple Network Management ProtocolSNMP161

Simple Network Management Protocol trapSNMP trap162 - 164

Lightweight Directory Access ProtocolLDAP389

Network Security Risk Management ProtocolNSRMP391

Network Security Risk Management ProtocolNSRMP392

SecureWeb443

Internet Protocol SecurityIPSec500

Lightweight Directory Access ProtocolLDAP636

Oracle2005

Network File SystemNFS2049

Internet Protocol SecurityIPSec4500



Protocol descriptionProtocolPort

PostgreSQL5432

HTTP8080


Protocol IDs on page 75•


Protocol IDs

This reference provides information about default protocols IDs used in JSA.

The following table lists the default common protocols:

Protocol port descriptionProtocol ID

TCP6

UDP17

ICMP1

IGMP2

IDPR-CMTP38

IPv640

RSVP46

GRE47

ESP50

AH51

NARP54

OSPFIGP89

IPIP94

ANY99

SCTP132






