NBAR2 Protocol 4.1.0
ECHO through EXEC

ECHO through EXEC

ECHO

Name/CLI Keyword

echo

Full Name

Echo Protocol

Description

Echo is a protocol that is used for debugging and measurement. It works by sending back all the data that was received from the source. The protocol works on TCP and UDP, typically on port 7.

Reference

http://www.faqs.org/rfcs/rfc862.html

Global ID

L4:7

ID

101

Known Mappings

UDP Port

7

TCP Port

7

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

net-admin

Sub Category

network-management

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

EDONKEY-STATIC

Name/CLI Keyword

edonkey-static

Full Name

eDonkey

Description

eDonkey is peer-to-peer file sharing adopted to share large files. The network is based on multiple decentralized servers. Each client must be connected to a server to enter the network. edonkey-static and eMule are also required to fully detect or prevent this application traffic.

Reference

http://en.wikipedia.org/wiki/EDonkey_network

Global ID

L7:416

ID

1333

Known Mappings

UDP Port

4661,4662,4663,4664,4665,4672,4673,4711,5662,5773,5783

TCP Port

4661,4662,4663,4664,4665,4672,4673,4711,5662,5773,5783

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

edonkey-emule-group

Category

file-sharing

Sub Category

p2p-file-transfer

P2P Technology

Yes

Encrypted

No

Tunnel

No

Underlying Protocols

-

EDONKEY

Name/CLI Keyword

edonkey

Full Name

eDonkey

Description

eDonkey is peer-to-peer file sharing adopted to share large files. The network is based on multiple decentralized servers. Each client must be connected to a server to enter the network. edonkey-static and eMule are also required to fully detect or prevent this application traffic.

Reference

http://web.archive.org/web/20010213200827/www.edonkey2000.com/overview.html

Global ID

L7:67

ID

67

Known Mappings

UDP Port

-

TCP Port

-

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

edonkey-emule-group

Category

file-sharing

Sub Category

p2p-file-transfer

P2P Technology

Yes

Encrypted

No

Tunnel

No

Underlying Protocols

http

EGP

Name/CLI Keyword

egp

Full Name

Exterior Gateway Protocol

Description

Exterior Gateway Protocol (EGP) is a protocol used to convey network information between neighboring gateways, or autonomic systems. This way the gateways acquire neighbors, monitor neighbor reachability and exchange net-reachability information in the form of update messages. EGP is IP protocol number 8.

Reference

http://tools.ietf.org/html/rfc904

Global ID

L3:8

ID

4

Known Mappings

UDP Port

-

TCP Port

-

IP Protocol

8

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

net-admin

Sub Category

routing-protocol

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

EIGRP

Name/CLI Keyword

eigrp

Full Name

Interior Gateway Routing Protocol

Description

Enhanced Interior Gateway Routing Protocol (EIGRP) is an interior gateway protocol. It is an advanced distance-vector routing protocol, with optimizations to minimize both the routing instability incurred after topology changes, as well as the use of bandwidth and processing power in the router. The protocol is usually known as IP protocol 88 as default.

Reference

http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094cb7.shtml

Global ID

L3:88

ID

7

Known Mappings

UDP Port

-

TCP Port

-

IP Protocol

88

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

net-admin

Sub Category

routing-protocol

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

ELCSD

Name/CLI Keyword

elcsd

Full Name

errlog copy/server daemon

Description

Registered with IANA on port 704 TCP/UDP

Reference

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Global ID

L4:704

ID

608

Known Mappings

UDP Port

704

TCP Port

704

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

net-admin

Sub Category

network-management

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

EMBL-NDT

Name/CLI Keyword

embl-ndt

Full Name

EMBL Nucleic Data Transfer

Description

Registered with IANA on port 394 TCP/UDP

Reference

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Global ID

L4:394

ID

310

Known Mappings

UDP Port

394

TCP Port

394

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

industrial-protocols

Sub Category

other

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

EMCON

Name/CLI Keyword

emcon

Full Name

Emission Control Protocol

Description

Registered with IANA as IP Protocol 14

Reference

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml

Global ID

L3:14

ID

769

Known Mappings

UDP Port

-

TCP Port

-

IP Protocol

14

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

layer3-over-ip

Sub Category

other

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

EMFIS-CNTL

Name/CLI Keyword

emfis-cntl

Full Name

EMFIS Control Service

Description

Registered with IANA on port 141 TCP/UDP

Reference

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Global ID

L4:141

ID

933

Known Mappings

UDP Port

141

TCP Port

141

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

other

Sub Category

other

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

EMFIS-DATA

Name/CLI Keyword

emfis-data

Full Name

EMFIS Data Service

Description

Registered with IANA on port 140 TCP/UDP

Reference

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Global ID

L4:140

ID

929

Known Mappings

UDP Port

140

TCP Port

140

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

other

Sub Category

other

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

ENCAP

Name/CLI Keyword

encap

Full Name

Encapsulation Header

Description

Encapsulation Protocol is an IP tunneling protocol implemented by encapsulating the IP datagram within an additional IP header, thus enabling a destination to be reached transparently without the source having to know topology specifics.

Reference

http://tools.ietf.org/html/rfc1241

Global ID

L3:98

ID

852

Known Mappings

UDP Port

-

TCP Port

-

IP Protocol

98

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

layer3-over-ip

Sub Category

other

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

ENCRYPTED-BITTORRENT

Name/CLI Keyword

encrypted-bittorrent

Full Name

Encrypted Bittorrent

Description

Encrypted BitTorrent is an attempt to provide anonymous and private BitTorrent traffic. BitTorrent is a peer-to-peer file sharing protocol used for distributing files over the internet. It identifies content by URL and is designed to integrate seamlessly with the web. The BitTorrent protocol is based on a BitTorrent tracker (server) that initializes the connections between the clients (peers).

Reference

http://www.bittorrent.com/

Global ID

L7:313

ID

1206

Known Mappings

UDP Port

-

TCP Port

-

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

bittorrent-group

Category

file-sharing

Sub Category

p2p-file-transfer

P2P Technology

Yes

Encrypted

Yes

Tunnel

No

Underlying Protocols

-

ENCRYPTED-EMULE

Name/CLI Keyword

encrypted-emule

Full Name

Encrypted eMule (eDonkey and Kademlia)

Description

eMule is a peer-to-peer file sharing application based on eDonkey, eDonkey2000 and Kad network. eMule clients enable obfuscation support to encrypt the traffic, encrypted emule represents the encrypted traffic. edonkey and edonkey-static are also required to fully detect or prevent this application traffic.

Reference

http://www.emule-project.net/

Global ID

L7:417

ID

885

Known Mappings

UDP Port

-

TCP Port

-

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

edonkey-emule-group

Category

file-sharing

Sub Category

p2p-file-transfer

P2P Technology

Yes

Encrypted

Yes

Tunnel

No

Underlying Protocols

-

ENTOMB

Name/CLI Keyword

entomb

Full Name

entomb

Description

Registered with IANA on port 775 TCP/UDP

Reference

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Global ID

L4:775

ID

647

Known Mappings

UDP Port

775

TCP Port

775

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

other

Sub Category

other

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

ENTRUST-AAAS

Name/CLI Keyword

entrust-aaas

Full Name

entrust-aaas

Description

Registered with IANA on port 680 TCP/UDP

Reference

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Global ID

L4:680

ID

588

Known Mappings

UDP Port

680

TCP Port

680

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

net-admin

Sub Category

authentication-services

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

ENTRUST-AAMS

Name/CLI Keyword

entrust-aams

Full Name

entrust-aams

Description

Registered with IANA on port 681 TCP/UDP

Reference

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Global ID

L4:681

ID

589

Known Mappings

UDP Port

681

TCP Port

681

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

net-admin

Sub Category

authentication-services

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

ENTRUST-ASH

Name/CLI Keyword

entrust-ash

Full Name

Entrust Administration Service Handler

Description

Registered with IANA on port 710 TCP/UDP

Reference

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Global ID

L4:710

ID

613

Known Mappings

UDP Port

710

TCP Port

710

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

internet-privacy

Sub Category

authentication-services

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

ENTRUST-KMSH

Name/CLI Keyword

entrust-kmsh

Full Name

Entrust Key Management Service Handler

Description

Entrust Key Management Service Handler (Entrust-KMSH) is a cryptographic key management service for Entrust, a network security company, authentication products.

Reference

http://www.entrust.com/

Global ID

L4:709

ID

612

Known Mappings

UDP Port

709

TCP Port

709

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

internet-privacy

Sub Category

authentication-services

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

ENTRUST-SPS

Name/CLI Keyword

entrust-sps

Full Name

Entrust SPS

Description

Registered with IANA on port 640 TCP/UDP

Reference

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Global ID

L4:640

ID

549

Known Mappings

UDP Port

640

TCP Port

640

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

business-and-productivity-tools

Sub Category

authentication-services

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

EPMAP

Name/CLI Keyword

epmap

Full Name

DCE endpoint resolution

Description

Registered with IANA on port 135 TCP/UDP

Reference

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Global ID

L4:135

ID

1311

Known Mappings

UDP Port

135

TCP Port

135

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

other

Sub Category

inter-process-rpc

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

ERPC

Name/CLI Keyword

erpc

Full Name

Encore Expedited Remote Pro.Call

Description

Registered with IANA on port 121 TCP/UDP

Reference

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Global ID

L4:121

ID

990

Known Mappings

UDP Port

121

TCP Port

121

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

business-and-productivity-tools

Sub Category

other

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

ESCP-IP

Name/CLI Keyword

escp-ip

Full Name

ESCP

Description

Registered with IANA on port 621 TCP/UDP

Reference

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Global ID

L4:621

ID

530

Known Mappings

UDP Port

621

TCP Port

621

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

other

Sub Category

other

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

ESIGNAL

Name/CLI Keyword

esignal

Full Name

eSignal

Description

Used by eSignal in their online trading line of products.

Reference

http://www.esignal.com/

Global ID

L4:2189

ID

1380

Known Mappings

UDP Port

TCP Port

2189,2194,2196

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

other

Sub Category

other

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

ESRO-EMSDP

Name/CLI Keyword

esro-emsdp

Full Name

ESRO-EMSDP V1.3

Description

Registered with IANA on port 642 TCP/UDP

Reference

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Global ID

L4:642

ID

551

Known Mappings

UDP Port

642

TCP Port

642

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

email

Sub Category

other

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

ESRO-GEN

Name/CLI Keyword

esro-gen

Full Name

Efficient Short Remote Operations

Description

Efficient Short Remote Operations (ESRO) provide an efficent mechanism for realization of Remote Procedure Call.

Reference

http://tools.ietf.org/html/rfc2188

Global ID

L4:259

ID

1131

Known Mappings

UDP Port

259

TCP Port

259

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

other

Sub Category

inter-process-rpc

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

ETHERIP

Name/CLI Keyword

etherip

Full Name

Ethernet-within-IP Encapsulation

Description

EtherIP is a protocol used for tunneling Ethernet packets and IEEE 802.3 MAC frames across an IP internet. It is usually used when the Layer 3 protocol is not IP, or when the Layer 3 data is obscured by encryption. EtherIP is IP protocol number 97.

Reference

http://tools.ietf.org/html/rfc3378

Global ID

L3:97

ID

851

Known Mappings

UDP Port

-

TCP Port

-

IP Protocol

97

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

layer3-over-ip

Sub Category

other

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

EUDORA-SET

Name/CLI Keyword

eudora-set

Full Name

Eudora Set

Description

Registered with IANA on port 592 TCP/UDP

Reference

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Global ID

L4:592

ID

506

Known Mappings

UDP Port

592

TCP Port

592

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

email

Sub Category

other

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

EXCHANGE

Name/CLI Keyword

exchange

Full Name

Microsoft Exchange

Description

Exchange is a protocol that allows users to synchronize and connect to their exchange server when the client is outside the organization's firewall. The underlying protocol is RPC over HTTP.

Reference

http://support.microsoft.com/kb/262986

Global ID

L7:49

ID

49

Known Mappings

UDP Port

-

TCP Port

-

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

email

Sub Category

client-server

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

ms-rpc

EXEC

Name/CLI Keyword

exec

Full Name

exec

Description

EXEC protocol is used for remote process execution. The client connects to a server via a terminal and it is as if the program is being run on the local machine.

Reference

http://wiki.wireshark.org/Exec

Global ID

L4:512

ID

426

Known Mappings

UDP Port

TCP Port

512

IP Protocol

-

IP Version

IPv4 Support

Yes

IPv6 Support

Yes

Application Group

other

Category

net-admin

Sub Category

remote-access-terminal

P2P Technology

No

Encrypted

No

Tunnel

No

Underlying Protocols

-

© 2013 Cisco Systems, Inc. All rights reserved.