Cisco Application Visibility and Control Solution Guide for IOS XE Release 3.8
Appendix - DPI/L7 Extracted Fields
Downloads: This chapterpdf (PDF - 133.0KB) The complete bookPDF (PDF - 1.73MB) | Feedback

DPI/L7 Extracted Fields

Table Of Contents

DPI/L7 Extracted Fields


DPI/L7 Extracted Fields


Revised: February 6, 2013, OL-27969-02

Table B-1 describes deep packet inspection (DPI)/L7 extracted fields and the CLI used to retrieve the value of the fields.

Table B-1 AVC DPI/L7 Extracted Fields

Field Name
Re- lease
Type
Application ID EngID   Sel ID
Sub Application ID
Description
Data Source
CLI

httpUrl

3.7

String

3         

80

13313

URL extracted from the HTTP transaction. The URL is required per transaction.

NBAR

collect application http url

httpHostName

3.7

String

3

80

13314

Host Name extracted from the HTTP transaction. The URL is required per transaction.

NBAR

collect application http host

httpUserAgent

3.7

String

3

80

13315

User agent field extracted from the HTTP transaction.

NBAR

collect application http user-agent

httpReferer

3.7

String

3

80

13316

REFERER extracted from the HTTP transaction.

NBAR

collect application http referer

rtspHostName

3.7

String

3

554

13313

RTSP host name extracted from the RTSP transaction.

NBAR

collect application rtsp host-name

smtpServer

3.7

String

3

25

13313

Server name extracted from an SMTP transaction.

NBAR

collect application smtp server

smtpSender

3.7

String

3

25

13314

Sender name extracted from an SMTP transaction.

NBAR

collect application smtp sender

pop3Server

3.7

String

3

110

13313

Server name extracted from a POP3 transaction.

NBAR

collect application pop3 server

nntpGroupName

3.7

String

3

119

13313

Group name extracted from an NNTP transaction.

NBAR

collect application nntp group-name

sipSrcDomain

3.7

String

3

5060

13314

Source domain extracted from a SIP transaction.

NBAR

collect application sip source

sipDstDomain

3.7

String

3

5060

13313

Destination domain extracted from a SIP transaction.

NBAR

collect application sip destination


Notes

In XE 3.7 and XE 3.8, the fields are exported using the field subApplicationValue (ID=45003). The field is encoded as {applicationID (4B), subApplicationID (2B), Value (Variable Len)} merged together. If the field is not observed, the size of the field is 6 and includes only applicationTag and subApplicationTag.

The sub-application-table option template maps the extracted field ID to name and description, as follows:

Extracted field ID: subApplicationTag (ID=97)

Name: subApplicationName (ID=109)

Description: subApplicationDesc (ID=110)

All HTTP-based applications, such as YouTube, SharePoint, and so on, use the same sub-application ID, defined by the subApplicationID, as defined by the HTTP application.