Default Service Configuration Reference Tables
Revised: October 21, 2011, OL-21066-04
Introduction
This chapter describes the default service configuration provided with SCA BB. The default service configuration serves as a starting point for creating a service configuration tailored to customer needs.
•Filter Rules
•Information About Protocols
•Services
•RDR Settings
•Rules
•System Mode
Filter Rules
Filter rules allow you to instruct the Service Control Engine (SCE) platform to ignore some types of flow based on the flow's Layer 3 and Layer 4 properties, and transmit the flows unchanged.
Table 1-1 lists the filter rules defined in the default service configuration.
Table 1-1 Filter Rules
|
|
|
ICMP Filter |
Active |
Applies to ICMP packets, packets bypass the policy engine and are mapped to CoS BE. |
DNS (to network) |
Active |
Applies to UDP packets, network-side port is equal to 53, packets bypass the policy engine and are mapped to CoS BE. |
DNS (to subscriber) |
Active |
Applies to UDP packets, subscriber-side port is equal to 53, packets bypass the policy engine and are mapped to CoS BE. |
net-bios (to network) |
Active |
Applies to UDP packets, network-side port is equal to 137, packets bypass the policy engine and are mapped to CoS BE. |
net-bios (to subscriber) |
Active |
Applies to UDP packets, network-side port is equal to 137, packets bypass the policy engine and are mapped to CoS BE. |
eDonkey UDP (to network) |
Inactive |
Applies to UDP packets, network-side ports in the range 4661 to 4665, packets bypass the policy engine and are mapped to CoS BE. |
eDonkey UDP (to subscriber) |
Inactive |
Applies to UDP packets, subscriber-side ports in the range 4661 to 4665, packets bypass the policy engine and are mapped to CoS BE. |
eMule UDP (to network) |
Inactive |
Applies to UDP packets, network-side ports in the range 4670 to 4674, packets bypass the policy engine and are mapped to CoS BE. |
eMule UDP (to subscriber) |
Inactive |
Applies to UDP packets, subscriber-side ports in the range 4670 to 4674, packets bypass the policy engine and are mapped to CoS BE. |
eMule UDP 2 (to network) |
Inactive |
Applies to UDP packets, network-side ports in the range 5670 to 5674, packets bypass the policy engine and are mapped to CoS BE. |
eMule UDP 2 (to subscriber) |
Inactive |
Applies to UDP packets, subscriber-side ports in the range 5670 to 5674, packets bypass the policy engine and are mapped to CoS BE. |
eMule UDP 3 (to network) |
Inactive |
Applies to UDP packets, network-side ports in the range 5780 to 5784, packets bypass the policy engine and are mapped to CoS BE. |
eMule UDP 3 (to subscriber) |
Inactive |
Applies to UDP packets, subscriber-side ports in the range 5780 to 5784, packets bypass the policy engine and are mapped to CoS BE. |
BGP Filter |
Inactive |
Applies to TCP packets, network-side port is equal to 179, packets bypass the policy engine and are mapped to CoS BE. |
DHCP Filter |
Inactive |
Applies to UDP packets, network-side ports in the range 67 to 68, packets bypass the policy engine and are mapped to CoS BE. |
OSPF Filter |
Inactive |
Applies to OSPFIGP packets, packets bypass the policy engine and are mapped to CoS BE. |
IS-IS Filter |
Inactive |
Applies to ISIS packets, packets bypass the policy engine and are mapped to CoS BE. |
IGRP Filter |
Inactive |
Applies to IGP packets, packets bypass the policy engine and are mapped to CoS BE. |
EIGRP Filter |
Inactive |
Applies to EIGRP packets, packets bypass the policy engine and are mapped to CoS BE. |
HSRP Filter 1 |
Inactive |
Applies to UDP packets, network-side IP is equal to 224.0.0.2, packets bypass the policy engine and are mapped to CoS BE. |
HSRP Filter 2 |
Inactive |
Applies to UDP packets, network-side port is equal to 1985, packets bypass the policy engine and are mapped to CoS BE. |
HSRP Filter 3 |
Inactive |
Applies to UDP packets, subscriber-side port is equal to 1985, packets bypass the policy engine and are mapped to CoS BE. |
RIP Filter 1 |
Inactive |
Applies to UDP packets, network-side IP is equal to 224.0.0.9, packets bypass the policy engine and are mapped to CoS BE. |
RIP Filter 2 |
Inactive |
Applies to UDP packets, network-side port is equal to 520, packets bypass the policy engine and are mapped to CoS BE. |
RIP Filter 3 |
Inactive |
Applies to UDP packets, subscriber-side port is equal to 520, packets bypass the policy engine and are mapped to CoS BE. |
RADIUS Filter |
Inactive |
Applies to UDP packets, network-side port is equal to 1812, packets bypass the policy engine and are mapped to CoS BE. |
RADIUS Filter (early deployment) |
Inactive |
Applies to UDP packets, network-side ports in the range 1645 to 1646, packets bypass the policy engine and are mapped to CoS BE. |
Information About Protocols
Protocols are divided into four groups:
•Generic Protocols—Protocols that are used for transactions not mapped to a service by one of the more specific protocol types.
•Signature-Based Protocols—Protocols that are classified according to a Layer 7 application signature. This group includes the most common protocols, such as HTTP and FTP, and a large group of popular P2P protocols.
•IP Protocols—Protocols (such as ICMP), other than TCP and UDP protocols that are identified according to the IP protocol number of the transaction.
•Port-Based Protocols—TCP and UDP protocols that are classified according to their well-known ports. The default configuration includes more than 600 common port-based protocols.
You may add new protocols (for example, to classify a new gaming protocol that uses a specific port) and edit or remove existing ones.
The tables in the following sections list the protocols defined in the default service configuration.
•Generic Protocols
•Signature-Based Protocols
•IP Protocols
•Port-Based Protocols
•Protocols Identified on Unidirectional Flows
Generic Protocols
Three generic protocols (IP, TCP, and UDP) serve as default containers for classifying transactions of the relevant type (IP, TCP, or UDP) that are not classified as belonging to a more specific protocol.
A transaction is classified as belonging to one of the generic protocols if it meets both the following conditions:
•It was not classified as belonging to a signature-based protocol.
•It was not classified as belonging to an IP or port-based protocol that is specifically mapped to a service.
Table 1-2 list the generic protocols.
Table 1-2 Generic Protocols
|
|
|
Generic IP |
10 |
Any non-TCP/UDP transaction where the related IP protocol is not specifically mapped to a service. |
Generic TCP |
0 |
Any TCP transaction that does not match any signature-based protocol, and where the related port-based protocol (if it exists) is not specifically mapped to a service1. |
Generic UDP |
1 |
Any UDP transaction that does not match any signature-based protocol, and where the related port-based protocol (if it exists) is not specifically mapped to a service. |
Signature-Based Protocols
A transaction is classified as belonging to one of the signature-based protocols if it is carried on the protocol's well-known port or matches the protocol's signature.
Note Table 1-3 only lists signature-based protocols that are not P2P, VoIP, or SIP protocols (these protocols are listed in the following tables). However, the Signature-Based Protocols Filter in the Console lists all signature-based protocols.
Table 1-3 Signature-Based Protocols
|
|
|
|
Audio over HTTP |
1041 |
— |
— |
Baidu Movie |
1043 |
— |
— |
Behavioral Upload/Download See note following table (page 6) |
127 |
— |
— |
Binary over HTTP |
1042 |
— |
— |
Call Of Duty |
1127 |
— |
— |
CUWorld |
117 |
— |
— |
Club Box |
1038 |
— |
— |
DHCP |
33 |
— |
— |
DHT |
106 |
— |
— |
DNS |
47 |
— |
— |
DingoTel |
42 |
— |
— |
FIX |
1113 |
— |
— |
FTP |
4 |
21 |
— |
Flash |
2033 |
— |
— |
Flash MySpace |
2035 |
— |
— |
Flash Yahoo |
2036 |
— |
— |
Flash YouTube |
2034 |
— |
— |
Fring |
1052 |
— |
— |
Generic Non-Established TCP See note in the following table (page 7) |
126 |
— |
— |
Google Talk |
1030 |
— |
— |
GoogleEarth |
118 |
— |
— |
HTTP Browsing |
2 |
80,8080 |
— |
HTTP Tunnel |
55 |
— |
— |
Hopster |
115 |
— |
— |
ICQ |
119 |
— |
— |
IRC |
62 |
— |
— |
Jabber |
116 |
— |
— |
MMS |
6 |
1755 |
— |
MS Exchange Desktop |
1111 |
— |
— |
MS Push Mail |
1048 |
— |
— |
Mobile MMS |
46 |
— |
— |
MyJabber |
1056 |
— |
— |
NNTP |
15 |
119 |
— |
NTP |
54 |
— |
— |
Napster |
32 |
— |
— |
POP3 |
9 |
110 |
— |
QQ |
52 |
— |
— |
RTSP Streaming |
5 |
554, 1554, 7070 |
— |
RayV |
1112 |
— |
— |
SMTP |
8 |
25 |
— |
SSDP |
53 |
— |
— |
STUN |
114 |
— |
— |
Second Life |
1060 |
— |
— |
SkeedReceiver |
1109 |
— |
— |
Sling |
112 |
— |
— |
UC |
48 |
— |
— |
Utagoe UGLive2 |
1108 |
— |
— |
Video over HTTP |
1040 |
— |
— |
Windows Update |
1107 |
— |
— |
WebEx |
1110 |
|
|
Yahoo Messenger |
40 |
5000-5001 |
5000-5010 |
iTunes |
30 |
— |
— |
imap |
59 |
143 |
143 |
radius |
738 |
— |
— |
tftp |
60 |
69 |
69 |
Note Behavioral Upload/Download—Transactions that have download packet flow characteristics and do not match a more specific signature are classified to this protocol. This protocol applies to downloads both from the network side and from the subscriber side.
Note Generic Non-Established TCP—TCP flows that are not established properly (syn-ack is missing) are mapped to this protocol.
Table 1-4 Signature-Based P2P Protocols
|
|
|
|
Angle Media |
1063 |
— |
— |
AntsP2P |
113 |
— |
— |
BBBroadcast |
1058 |
— |
— |
BBC iPlayer |
1057 |
— |
— |
BaiBao |
43 |
— |
— |
Behavioral P2P |
2044 |
— |
— |
BitTorrent |
24 |
6881-6889 |
— |
Dijjer |
120 |
— |
— |
DirectConnect |
19 |
411-413 |
— |
EmuleEncrypted |
105 |
— |
— |
Entropy |
125 |
— |
— |
Exosee |
121 |
— |
— |
FastTrack KaZaA File Transfer |
14 |
— |
— |
FastTrack KaZaA Networking |
13 |
1214 |
— |
Feidian |
1037 |
— |
— |
Filetopia |
31 |
— |
— |
Freenet |
107 |
— |
— |
Furthur |
123 |
— |
— |
Gnutella File Transfer |
12 |
— |
— |
Gnutella Networking |
11 |
6346-6349 |
— |
Hotline |
20 |
— |
— |
Joost |
1046 |
— |
— |
Kontiki |
124 |
— |
— |
KuGoo |
1050 |
— |
— |
Manolito |
22 |
— |
— |
Mute |
34 |
— |
— |
NeoNet |
37 |
— |
— |
NodeZilla |
35 |
— |
— |
POCO |
51 |
— |
— |
PPLive |
44 |
— |
— |
PPStream |
49 |
— |
— |
PacketiX |
1059 |
— |
— |
Pando |
1049 |
— |
— |
PeerEnabler |
122 |
— |
— |
QQ-Live |
2032 |
— |
— |
Rodi |
111 |
— |
— |
Share |
27 |
— |
— |
SopCast |
1064 |
— |
— |
Soulseek |
29 |
— |
— |
TVAnts |
109 |
— |
— |
Thunder |
50 |
— |
— |
Warez/FileCroc |
39 |
— |
— |
Waste |
36 |
— |
— |
WebThunder |
1055 |
— |
— |
WinMX/OpenNap |
16 |
6257, 6699 |
6257 |
Winny |
17 |
7742-7745, 7773 |
— |
Zattoo |
1047 |
— |
— |
eDonkey |
18 |
4661-4665, 4672-4673, 4711, 5662, 5773, 5783 |
4661-4665, 4672-4673, 4711, 5662, 5773, 5783 |
guruguru |
66 |
— |
— |
kuro |
67 |
— |
— |
soribada |
69 |
— |
— |
v-share |
71 |
— |
— |
Table 1-5 Signature-Based VoIP Protocols
|
|
|
|
Behavioral VoIP |
1062 |
— |
— |
Fring VoIP |
1053 |
— |
— |
H323 |
28 |
1720 |
— |
ICQ VoIP |
110 |
— |
— |
MGCP |
38 |
|
2427, 2727 |
MSN Messenger VoIP |
1054 |
— |
— |
PTT Winphoria |
61 |
— |
— |
Primus |
108 |
— |
— |
RTP |
57 |
— |
— |
SIP |
23 |
5060-5061 |
5060-5061 |
Skinny |
41 |
— |
— |
Skype |
25 |
— |
— |
Vivox |
1061 |
— |
— |
Yahoo Messenger VoIP |
45 |
— |
— |
Yahoo VoIP over SIP |
2039 |
— |
— |
Note The protocols ICQ VoIP, Primus, SIP, and Yahoo VoIP over SIP are also signature-based SIP protocols.
IP Protocols
Table 1-6 lists the IP protocols supported by SCA BB.
Table 1-6 IP Protocols
|
|
|
0 |
HOPOPT |
756 |
1 |
ICMP |
757 |
2 |
IGMP |
758 |
3 |
GGP |
759 |
4 |
IP |
760 |
5 |
ST |
761 |
6 |
Generic TCP |
0 |
7 |
CBT |
762 |
8 |
EGP |
763 |
9 |
IGP |
764 |
10 |
BBN-RCC-MON |
765 |
11 |
NVP-II |
766 |
12 |
PUP |
767 |
13 |
ARGUS |
768 |
14 |
EMCON |
769 |
15 |
XNET |
770 |
16 |
CHAOS |
771 |
17 |
Generic UDP |
1 |
18 |
MUX |
772 |
19 |
DCN-MEAS |
773 |
20 |
HMP |
774 |
21 |
PRM |
775 |
22 |
XNS-IDP |
776 |
23 |
TRUNK-1 |
777 |
24 |
TRUNK-2 |
778 |
25 |
LEAF-1 |
779 |
26 |
LEAF-2 |
780 |
27 |
RDP |
781 |
28 |
IRTP |
782 |
29 |
ISO-TP4 |
783 |
30 |
NETBLT |
784 |
31 |
MFE-NSP |
785 |
32 |
MERIT-INP |
786 |
33 |
SEP |
787 |
34 |
3PC |
788 |
35 |
IDPR |
789 |
36 |
XTP |
790 |
37 |
DDP |
791 |
38 |
IDPR-CMTP |
792 |
39 |
TP++ |
793 |
40 |
IL |
794 |
41 |
IPv6-Over-IPv4 |
795 |
42 |
SDRP |
796 |
43 |
IPv6-Route |
797 |
44 |
IPv6-Frag |
798 |
45 |
IDRP |
799 |
46 |
RSVP |
800 |
47 |
GRE |
801 |
48 |
MHRP |
802 |
49 |
BNA |
803 |
50 |
ESP |
804 |
51 |
AH |
805 |
52 |
I-NLSP |
806 |
53 |
SWIPE |
807 |
54 |
NARP |
808 |
55 |
MOBILE |
809 |
56 |
TLSP |
810 |
57 |
SKIP |
811 |
58 |
IPv6-ICMP |
812 |
59 |
IPv6-NoNxt |
813 |
60 |
IPv6-Opts |
814 |
61 |
any host internal protocol |
815 |
62 |
CFTP |
816 |
63 |
any local network |
817 |
64 |
SAT-EXPAK |
818 |
65 |
KRYPTOLAN |
819 |
66 |
RVD |
820 |
67 |
IPPC |
821 |
68 |
any distributed file system |
822 |
69 |
SAT-MON |
823 |
70 |
VISA |
824 |
71 |
IPCV |
825 |
72 |
CPNX |
826 |
73 |
CPHB |
827 |
74 |
WSN |
828 |
75 |
PVP |
829 |
76 |
BR-SAT-MON |
830 |
77 |
SUN-ND |
831 |
78 |
WB-MON |
832 |
79 |
WB-EXPAK |
833 |
80 |
ISO-IP |
834 |
81 |
VMTP |
835 |
82 |
SECURE-VMTP |
836 |
83 |
VINES |
837 |
84 |
TTP |
838 |
85 |
NSFNET-IGP |
839 |
86 |
DGP |
840 |
87 |
TCF |
841 |
88 |
EIGRP |
842 |
89 |
OSPFIGP |
843 |
90 |
Sprite-RPC |
844 |
91 |
LARP |
845 |
92 |
MTP |
846 |
93 |
AX.25 |
847 |
94 |
IPIP |
848 |
95 |
MICP |
849 |
96 |
SCC-SP |
850 |
97 |
ETHERIP |
851 |
98 |
ENCAP |
852 |
99 |
any private encryption scheme |
853 |
100 |
GMTP |
854 |
101 |
IFMP |
855 |
102 |
PNNI |
856 |
103 |
PIM |
857 |
104 |
ARIS |
858 |
105 |
SCPS |
859 |
106 |
QNX |
860 |
107 |
A/N |
861 |
108 |
IPComp |
862 |
109 |
SNP |
863 |
110 |
Compaq-Peer |
864 |
111 |
IPX-in-IP |
865 |
112 |
VRRP |
866 |
113 |
PGM |
867 |
114 |
any 0-hop protocol |
868 |
115 |
L2TP |
869 |
116 |
DDX |
870 |
117 |
IATP |
871 |
118 |
STP |
872 |
119 |
SRP |
873 |
120 |
UTI |
874 |
121 |
SMP |
875 |
122 |
SM |
876 |
123 |
PTP |
877 |
124 |
ISIS |
878 |
125 |
FIRE |
879 |
126 |
CRTP |
880 |
Port-Based Protocols
Table 1-7 lists the TCP/UDP port-based protocols defined in the SCA BB default service configuration.
Table 1-7 Port-Based Protocols
|
|
|
|
FTP |
4 |
21 |
— |
Gnutella Networking |
11 |
6346-6349 |
— |
FastTrack KaZaA Networking |
13 |
1214 |
|
Bittorrent |
24 |
6881-6889 |
— |
NTP |
54 |
123 |
123 |
epmap |
128 |
135 |
135 |
profile |
129 |
136 |
136 |
netbios-ns |
130 |
137 |
137 |
netbios-dgm |
131 |
138 |
138 |
netbios-ssn |
132 |
139 |
139 |
emfis-data |
133 |
140 |
140 |
emfis-cntl |
134 |
141 |
141 |
bl-idm |
135 |
142 |
142 |
uma |
137 |
144 |
144 |
uaac |
138 |
145 |
145 |
iso-tp0 |
139 |
146 |
146 |
iso-ip |
140 |
147 |
147 |
jargon |
141 |
148 |
148 |
aed-512 |
142 |
149 |
149 |
sql-net |
143 |
150 |
150 |
hems |
144 |
151 |
151 |
bftp |
145 |
152 |
152 |
sgmp |
146 |
153 |
153 |
netsc-prod |
147 |
154 |
154 |
netsc-dev |
148 |
155 |
155 |
sqlsrv |
149 |
156 |
156 |
knet-cmp |
150 |
157 |
157 |
nss-routing |
152 |
159 |
159 |
sgmp-traps |
153 |
160 |
160 |
snmp |
154 |
161 |
161 |
snmptrap |
155 |
162 |
162 |
cmip-man |
156 |
163 |
163 |
cmip-agent |
157 |
164 |
164 |
xns-courier |
158 |
165 |
165 |
s-net |
159 |
166 |
166 |
namp |
160 |
167 |
167 |
rsvd |
161 |
168 |
168 |
send |
162 |
169 |
169 |
print-srv |
163 |
170 |
170 |
multiplex |
164 |
171 |
171 |
cl/1 |
165 |
172 |
172 |
xyplex-mux |
166 |
173 |
173 |
mailq |
167 |
174 |
174 |
vmnet |
168 |
175 |
175 |
genrad-mux |
169 |
176 |
176 |
xdmcp |
170 |
177 |
177 |
nextstep |
171 |
178 |
178 |
bgp |
172 |
179 |
179 |
ris |
173 |
180 |
180 |
unify |
174 |
181 |
181 |
audit |
175 |
182 |
182 |
ocserver |
177 |
184 |
184 |
remote-kis |
178 |
185 |
185 |
kis |
179 |
186 |
186 |
aci |
180 |
187 |
187 |
mumps |
181 |
188 |
188 |
qft |
182 |
189 |
189 |
gacp |
183 |
190 |
190 |
prospero |
184 |
191 |
191 |
osu-nms |
185 |
192 |
192 |
srmp |
186 |
193 |
193 |
IRC |
187 |
194, 6665-6669 |
194, 6665-6669 |
dn6-nlm-aud |
188 |
195 |
195 |
dn6-smm-red |
189 |
196 |
196 |
dls |
190 |
197 |
197 |
dls-mon |
191 |
198 |
198 |
smux |
192 |
199 |
199 |
src |
193 |
200 |
200 |
at-rtmp |
194 |
201 |
201 |
at-nbp |
195 |
202 |
202 |
at-3 |
196 |
203 |
203 |
at-echo |
197 |
204 |
204 |
at-5 |
198 |
205 |
205 |
at-zis |
199 |
206 |
206 |
at-7 |
200 |
207 |
207 |
at-8 |
201 |
208 |
208 |
qmtp |
202 |
209 |
209 |
z39.50 |
203 |
210 |
210 |
914c/g |
204 |
211 |
211 |
anet |
205 |
212 |
212 |
ipx |
206 |
213 |
213 |
vmpwscs |
207 |
214 |
214 |
softpc |
208 |
215 |
215 |
CAIlic |
209 |
216 |
216 |
dbase |
210 |
217 |
217 |
mpp |
211 |
218 |
218 |
uarps |
212 |
219 |
219 |
imap3 |
213 |
220 |
220 |
fln-spx |
214 |
221 |
221 |
rsh-spx |
215 |
222 |
222 |
cdc |
216 |
223 |
223 |
masqdialer |
217 |
224 |
224 |
direct |
218 |
242 |
242 |
sur-meas |
219 |
243 |
243 |
inbusiness |
220 |
244 |
244 |
link |
221 |
245 |
245 |
dsp3270 |
222 |
246 |
246 |
bhfhs |
224 |
248 |
248 |
set |
225 |
257 |
257 |
yak-chat |
226 |
258 |
258 |
esro-gen |
227 |
259 |
259 |
openport |
228 |
260 |
260 |
nsiiops |
229 |
261 |
261 |
arcisdms |
230 |
262 |
262 |
hdap |
231 |
263 |
263 |
bgmp |
232 |
264 |
264 |
x-bone-ctl |
233 |
265 |
265 |
sst |
234 |
266 |
266 |
td-service |
235 |
267 |
267 |
td-replica |
236 |
268 |
268 |
http-mgmt |
237 |
280 |
280 |
personal-link |
238 |
281 |
281 |
cableport-ax |
239 |
282 |
282 |
rescap |
240 |
283 |
283 |
corerjd |
241 |
284 |
284 |
fxp-1 |
242 |
286 |
286 |
k-block |
243 |
287 |
287 |
novastorbakcup |
244 |
308 |
308 |
entrusttime |
245 |
309 |
309 |
bhmds |
246 |
310 |
310 |
asip-webadmin |
247 |
311 |
311 |
vslmp |
248 |
312 |
312 |
magenta-logic |
249 |
313 |
313 |
opalis-robot |
250 |
314 |
314 |
dpsi |
251 |
315 |
315 |
decauth |
252 |
316 |
316 |
zannet |
253 |
317 |
317 |
pkix-timestamp |
254 |
318 |
318 |
ptp-event |
255 |
319 |
319 |
ptp-general |
256 |
320 |
320 |
pip |
257 |
321 |
321 |
rtsps |
258 |
322 |
322 |
texar |
259 |
333 |
333 |
pdap |
260 |
344 |
344 |
pawserv |
261 |
345 |
345 |
zserv |
262 |
346 |
346 |
fatserv |
263 |
347 |
347 |
csi-sgwp |
264 |
348 |
348 |
mftp |
265 |
349 |
349 |
matip-type-a |
266 |
350 |
350 |
matip-type-b |
267 |
351 |
351 |
dtag-ste-sb |
268 |
352 |
352 |
ndsauth |
269 |
353 |
353 |
bh611 |
270 |
354 |
354 |
datex-asn |
271 |
355 |
355 |
cloanto-net-1 |
272 |
356 |
356 |
bhevent |
273 |
357 |
357 |
shrinkwrap |
274 |
358 |
358 |
nsrmp |
275 |
359 |
359 |
scoi2odialog |
276 |
360 |
360 |
semantix |
277 |
361 |
361 |
srssend |
278 |
362 |
362 |
rsvp_tunnel |
279 |
363 |
363 |
aurora-cmgr |
280 |
364 |
364 |
dtk |
281 |
365 |
365 |
odmr |
282 |
366 |
366 |
mortgageware |
283 |
367 |
367 |
qbikgdp |
284 |
368 |
368 |
rpc2portmap |
285 |
369 |
369 |
codaauth2 |
286 |
370 |
370 |
clearcase |
287 |
371 |
371 |
ulistproc |
288 |
372 |
372 |
legent-1 |
289 |
373 |
373 |
legent-2 |
290 |
374 |
374 |
hassle |
291 |
375 |
375 |
nip |
292 |
376 |
376 |
tnETOS |
293 |
377 |
377 |
dsETOS |
294 |
378 |
378 |
is99c |
295 |
379 |
379 |
is99s |
296 |
380 |
380 |
hp-collector |
297 |
381 |
381 |
hp-managed-node |
298 |
382 |
382 |
hp-alarm-mgr |
299 |
383 |
383 |
arns |
300 |
384 |
384 |
ibm-app |
301 |
385 |
385 |
asa |
302 |
386 |
386 |
aurp |
303 |
387 |
387 |
unidata-ldm |
304 |
388 |
388 |
ldap |
305 |
— |
389 |
uis |
306 |
390 |
390 |
synotics-relay |
307 |
391 |
391 |
synotics-broker |
308 |
392 |
392 |
meta5 |
309 |
393 |
393 |
embl-ndt |
310 |
394 |
394 |
netware-ip |
311 |
396 |
396 |
mptn |
312 |
397 |
397 |
kryptolan |
313 |
398 |
398 |
iso-tsap-c2 |
314 |
399 |
399 |
work-sol |
315 |
400 |
400 |
ups |
316 |
401 |
401 |
genie |
317 |
402 |
402 |
decap |
318 |
403 |
403 |
nced |
319 |
404 |
404 |
ncld |
320 |
405 |
405 |
imsp |
321 |
406 |
406 |
timbuktu |
322 |
407 |
407 |
prm-sm |
323 |
408 |
408 |
prm-nm |
324 |
409 |
409 |
decladebug |
325 |
410 |
410 |
rmt |
326 |
— |
411 |
synoptics-trap |
327 |
— |
412 |
smsp |
328 |
— |
413 |
infoseek |
329 |
414 |
414 |
bnet |
330 |
415 |
415 |
silverplatter |
331 |
416 |
416 |
onmux |
332 |
417 |
417 |
hyper-g |
333 |
418 |
418 |
ariel1 |
334 |
419 |
419 |
smpte |
335 |
420 |
420 |
ariel2 |
336 |
421 |
421 |
ariel3 |
337 |
422 |
422 |
opc-job-start |
338 |
423 |
423 |
opc-job-track |
339 |
424 |
424 |
icad-el |
340 |
425 |
425 |
smartsdp |
341 |
426 |
426 |
svrloc |
342 |
427 |
427 |
ocs_cmu |
343 |
428 |
428 |
ocs_amu |
344 |
429 |
429 |
utmpsd |
345 |
430 |
430 |
utmpcd |
346 |
431 |
431 |
iasd |
347 |
432 |
432 |
nnsp |
348 |
433 |
433 |
mobileip-agent |
349 |
434 |
434 |
mobilip-mn |
350 |
435 |
435 |
dna-cml |
351 |
436 |
436 |
comscm |
352 |
437 |
437 |
dsfgw |
353 |
438 |
438 |
dasp |
354 |
439 |
439 |
sgcp |
355 |
440 |
440 |
decvms-sysmgt |
356 |
441 |
441 |
cvc_hostd |
357 |
442 |
442 |
https |
358 |
443 |
— |
snpp |
359 |
444 |
444 |
microsoft-ds |
360 |
445 |
445 |
ddm-rdb |
361 |
446 |
446 |
ddm-dfm |
362 |
447 |
447 |
ddm-ssl |
363 |
448 |
448 |
as-servermap |
364 |
449 |
449 |
tserver |
365 |
450 |
450 |
sfs-smp-net |
366 |
451 |
451 |
sfs-config |
367 |
452 |
452 |
creativeserver |
368 |
453 |
453 |
contentserver |
369 |
454 |
454 |
creativepartnr |
370 |
455 |
455 |
scohelp |
371 |
457 |
457 |
appleqtc |
372 |
458 |
458 |
ampr-rcmd |
373 |
459 |
459 |
skronk |
374 |
460 |
460 |
datasurfsrv |
375 |
461 |
461 |
datasurfsrvsec |
376 |
462 |
462 |
alpes |
377 |
463 |
463 |
kpasswd |
378 |
464 |
464 |
url-rendezvous |
379 |
465 |
465 |
digital-vrc |
380 |
466 |
466 |
mylex-mapd |
381 |
467 |
467 |
photuris |
382 |
468 |
468 |
rcp |
383 |
469 |
469 |
scx-proxy |
384 |
470 |
470 |
mondex |
385 |
471 |
471 |
ljk-login |
386 |
472 |
472 |
hybrid-pop |
387 |
473 |
473 |
tn-tl-w1 |
388 |
474 |
|
tn-tl-w2 |
389 |
|
474 |
tn-tl-fd1 |
390 |
476 |
476 |
ss7ns |
391 |
477 |
477 |
spsc |
392 |
478 |
478 |
iafserver |
393 |
479 |
479 |
iafdbase |
394 |
480 |
480 |
ph |
395 |
481 |
481 |
bgs-nsi |
396 |
482 |
482 |
ulpnet |
397 |
483 |
483 |
integra-sme |
398 |
484 |
484 |
powerburst |
399 |
485 |
485 |
avian |
400 |
486 |
486 |
saft |
401 |
487 |
487 |
gss-http |
402 |
488 |
488 |
nest-protocol |
403 |
489 |
489 |
micom-pfs |
404 |
490 |
490 |
go-login |
405 |
491 |
491 |
ticf-1 |
406 |
492 |
492 |
ticf-2 |
407 |
493 |
493 |
pov-ray |
408 |
494 |
494 |
intecourier |
409 |
495 |
495 |
pim-rp-disc |
410 |
496 |
496 |
dantz |
411 |
497 |
497 |
siam |
412 |
498 |
498 |
iso-ill |
413 |
499 |
499 |
isakmp |
414 |
500, 4500 |
500, 4500 |
stmf |
415 |
501 |
501 |
asa-appl-proto |
416 |
502 |
502 |
intrinsa |
417 |
503 |
503 |
citadel |
418 |
504 |
504 |
mailbox-lm |
419 |
505 |
505 |
ohimsrv |
420 |
506 |
506 |
crs |
421 |
507 |
507 |
xvttp |
422 |
508 |
508 |
snare |
423 |
509 |
509 |
fcp |
424 |
510 |
510 |
passgo |
425 |
511 |
511 |
exec |
426 |
512 |
— |
biff |
427 |
— |
512 |
login |
428 |
513 |
— |
who |
429 |
— |
513 |
shell |
430 |
514 |
— |
syslog |
431 |
— |
514 |
printer |
432 |
515 |
515 |
videotex |
433 |
516 |
516 |
talk |
434 |
517 |
517 |
ntalk |
435 |
518 |
518 |
utime |
436 |
519 |
519 |
efs |
437 |
520 |
— |
router |
438 |
— |
520 |
ripng |
439 |
521 |
521 |
ulp |
440 |
522 |
522 |
ibm-db2 |
441 |
523 |
523 |
ncp |
442 |
524 |
524 |
timed |
443 |
525 |
525 |
tempo |
444 |
526 |
526 |
stx |
445 |
527 |
527 |
custix |
446 |
528 |
528 |
irc-serv |
447 |
529 |
529 |
courier |
448 |
530 |
530 |
conference |
449 |
531 |
531 |
netnews |
450 |
432 |
432 |
netwall |
451 |
533 |
533 |
mm-admin |
452 |
534 |
534 |
iiop |
453 |
535 |
535 |
opalis-rdv |
454 |
536 |
536 |
nmsp |
455 |
537 |
537 |
gdomap |
456 |
538 |
538 |
apertus-ldp |
457 |
539 |
539 |
uucp |
458 |
540 |
540 |
uucp-rlogin |
459 |
541 |
541 |
commerce |
460 |
542 |
542 |
klogin |
461 |
543 |
543 |
kshell |
462 |
544 |
544 |
appleqtcsrvr |
463 |
545 |
545 |
dhcpv6-client |
464 |
546 |
546 |
dhcpv6-server |
465 |
547 |
547 |
idfp |
466 |
549 |
549 |
new-rwho |
467 |
550 |
550 |
cybercash |
468 |
551 |
551 |
deviceshare |
469 |
552 |
552 |
pirp |
470 |
553 |
553 |
remotefs |
471 |
556 |
556 |
openvms-sysipc |
472 |
557 |
557 |
sdnskmp |
473 |
558 |
558 |
teedtap |
474 |
559 |
559 |
rmonitor |
475 |
560 |
560 |
monitor |
476 |
561 |
561 |
chshell |
477 |
562 |
562 |
nntps |
478 |
563 |
563 |
9pfs |
479 |
564 |
564 |
whoami |
480 |
565 |
565 |
streettalk |
481 |
566 |
566 |
banyan-rpc |
482 |
567 |
567 |
ms-shuttle |
483 |
568 |
568 |
ms-rome |
484 |
569 |
569 |
meter |
485 |
570-571 |
570-571 |
sonar |
486 |
572 |
572 |
banyan-vip |
487 |
573 |
573 |
ftp-agent |
488 |
574 |
574 |
vemmi |
489 |
575 |
575 |
vnas |
491 |
577 |
577 |
ipdd |
492 |
578 |
578 |
decbsrv |
493 |
579 |
579 |
sntp-heartbeat |
494 |
580 |
580 |
bdp |
495 |
581 |
581 |
scc-security |
496 |
582 |
582 |
philips-vc |
497 |
583 |
583 |
keyserver |
498 |
584 |
584 |
imap4-ssl |
499 |
585 |
585 |
password-chg |
500 |
586 |
586 |
submission |
501 |
587 |
587 |
cal |
502 |
588 |
588 |
eyelink |
503 |
589 |
589 |
tns-cml |
504 |
590 |
590 |
http-alt |
505 |
591 |
591 |
eudora-set |
506 |
592 |
592 |
http-rpc-epmap |
507 |
593 |
593 |
tpip |
508 |
594 |
594 |
cab-protocol |
509 |
595 |
595 |
smsd |
510 |
596 |
596 |
ptcnameservice |
511 |
597 |
597 |
sco-websrvrmg3 |
512 |
598 |
598 |
acp |
513 |
599 |
599 |
ipcserver |
514 |
600 |
600 |
urm |
515 |
606 |
606 |
nqs |
516 |
607 |
607 |
sift-uft |
517 |
608 |
608 |
npmp-trap |
518 |
609 |
609 |
npmp-local |
519 |
610 |
610 |
npmp-gui |
520 |
611 |
611 |
hmmp-ind |
521 |
612 |
612 |
hmmp-op |
522 |
613 |
613 |
sshell |
523 |
614 |
614 |
sco-inetmgr |
524 |
615 |
615 |
sco-sysmgr |
525 |
616 |
616 |
sco-dtmgr |
526 |
617 |
617 |
dei-icda |
527 |
618 |
618 |
digital-evm |
528 |
619 |
619 |
sco-websrvrmgr |
529 |
620 |
620 |
escp-ip |
530 |
621 |
621 |
collaborator |
531 |
622 |
622 |
aux_bus_shunt |
532 |
623 |
623 |
cryptoadmin |
533 |
624 |
624 |
dec_dlm |
534 |
625 |
625 |
asia |
535 |
626 |
626 |
passgo-tivoli |
536 |
627 |
627 |
qmqp |
537 |
628 |
628 |
3com-amp3 |
538 |
629 |
629 |
rda |
539 |
630 |
630 |
ipp |
540 |
631 |
631 |
bmpp |
541 |
632 |
632 |
servstat |
542 |
633 |
633 |
ginad |
543 |
634 |
634 |
rlzdbase |
544 |
635 |
635 |
ldaps |
545 |
636 |
636 |
lanserver |
546 |
637 |
637 |
mcns-sec |
547 |
638 |
638 |
msdp |
548 |
639 |
639 |
entrust-sps |
549 |
640 |
640 |
repcmd |
550 |
641 |
641 |
esro-emsdp |
551 |
642 |
642 |
sanity |
552 |
643 |
643 |
dwr |
553 |
644 |
644 |
pssc |
554 |
645 |
645 |
ldp |
555 |
646 |
646 |
dhcp-failover |
556 |
647 |
647 |
rrp |
557 |
648 |
648 |
aminet |
558 |
649 |
659 |
obex |
559 |
650 |
650 |
ieee-mms |
560 |
651 |
651 |
hello-port |
561 |
652 |
652 |
repscmd |
562 |
653 |
653 |
aodv |
563 |
654 |
654 |
tinc |
564 |
655 |
655 |
spmp |
565 |
656 |
656 |
rmc |
566 |
657 |
657 |
tenfold |
567 |
658 |
658 |
mac-srvr-admin |
568 |
660 |
660 |
hap |
569 |
661 |
661 |
pftp |
570 |
662 |
662 |
purenoise |
571 |
663 |
663 |
secure-aux-bus |
572 |
664 |
664 |
sun-dr |
573 |
665 |
665 |
doom |
574 |
666 |
666 |
disclose |
575 |
667 |
667 |
mecomm |
576 |
668 |
668 |
meregister |
577 |
669 |
669 |
vacdsm-sws |
578 |
670 |
670 |
vacdsm-app |
579 |
671 |
671 |
vpps-qua |
580 |
672 |
672 |
cimplex |
581 |
673 |
673 |
acap |
582 |
674 |
674 |
dctp |
583 |
675 |
675 |
vpps-via |
584 |
676 |
676 |
vpp |
585 |
677 |
677 |
ggf-ncp |
586 |
678 |
678 |
mrm |
587 |
679 |
679 |
entrust-aaas |
588 |
680 |
680 |
entrust-aams |
589 |
681 |
681 |
xfr |
590 |
682 |
682 |
corba-iiop |
591 |
683 |
683 |
corba-iiop-ssl |
592 |
684 |
684 |
mdc-portmapper |
593 |
685 |
685 |
hcp-wismar |
594 |
686 |
686 |
asipregistry |
595 |
687 |
687 |
realm-rusd |
596 |
688 |
688 |
nmap |
597 |
689 |
689 |
vatp |
598 |
690 |
690 |
msexch-routing |
599 |
691 |
691 |
hyperwave-isp |
600 |
692 |
692 |
connendp |
601 |
693 |
693 |
ha-cluster |
602 |
694 |
694 |
ieee-mms-ssl |
603 |
695 |
695 |
rushd |
604 |
696 |
696 |
uuidgen |
605 |
697 |
697 |
olsr |
606 |
698 |
698 |
accessnetwork |
607 |
699 |
699 |
elcsd |
608 |
704 |
704 |
agentx |
609 |
705 |
705 |
silc |
610 |
706 |
706 |
borland-dsj |
611 |
707 |
707 |
entrust-kmsh |
612 |
709 |
709 |
entrust-ash |
613 |
710 |
710 |
cisco-tdp |
614 |
711 |
711 |
netviewdm1 |
615 |
729 |
729 |
netviewdm2 |
616 |
730 |
730 |
netviewdm3 |
617 |
731 |
731 |
netgw |
618 |
741 |
741 |
netrcs619 |
619 |
742 |
742 |
flexlm |
620 |
744 |
744 |
fujitsu-dev |
621 |
747 |
747 |
ris-cm |
622 |
748 |
748 |
kerberos-adm |
623 |
749 |
749 |
rfile |
624 |
750 |
— |
kerberos-iv |
625 |
— |
750 |
pump |
626 |
751 |
751 |
qrh |
627 |
752 |
752 |
rrh |
628 |
753 |
753 |
tell |
629 |
754 |
754 |
nlogin |
630 |
758 |
758 |
con |
631 |
759 |
759 |
ns |
632 |
760 |
760 |
rxe |
633 |
761 |
761 |
quotad |
634 |
762 |
762 |
cycleserv |
635 |
763 |
763 |
omserv |
636 |
764 |
764 |
webster |
637 |
765 |
765 |
phonebook |
638 |
767 |
767 |
vid |
639 |
769 |
769 |
cadlock |
640 |
770 |
770 |
rtip |
641 |
771 |
771 |
cycleserv2 |
642 |
772 |
772 |
submit |
643 |
773 |
— |
notify |
644 |
— |
773 |
rpasswd |
645 |
774 |
— |
acmaint_dbd |
646 |
— |
774 |
entomb |
647 |
775 |
— |
acmaint_transd |
648 |
— |
775 |
wpages |
649 |
776 |
776 |
multiling-http |
650 |
777 |
777 |
wpgs |
651 |
780 |
780 |
concert |
652 |
786 |
786 |
qsc |
653 |
— |
787 |
mdbs_daemon |
654 |
800 |
800 |
device |
655 |
801 |
801 |
itm-mcell-s |
656 |
828 |
828 |
pkix-3-ca-ra |
657 |
829 |
829 |
dhcp-failover2 |
658 |
847 |
847 |
rsync |
659 |
873 |
873 |
iclcnet-locate |
660 |
886 |
886 |
iclcnet_svinfo |
661 |
887 |
887 |
accessbuilder |
662 |
888 |
888 |
omginitialrefs |
663 |
900 |
900 |
smpnameres |
664 |
901 |
901 |
ideafarm-chat |
665 |
902 |
902 |
ideafarm-catch |
666 |
903 |
903 |
xact-backup |
667 |
911 |
911 |
ftps-data |
668 |
989 |
989 |
ftps |
669 |
990 |
990 |
nas |
670 |
991 |
991 |
telnets |
671 |
992 |
992 |
imaps |
672 |
993 |
993 |
ircs |
673 |
994 |
994 |
pop3s |
674 |
995 |
995 |
vsinet |
675 |
996 |
996 |
maitrd |
676 |
997 |
997 |
busboy |
677 |
998 |
— |
puparp |
678 |
— |
998 |
garcon |
679 |
999 |
— |
applix |
680 |
— |
999 |
surf |
681 |
1010 |
1010 |
rmiactivation |
682 |
1098 |
1098 |
rmiregistry |
683 |
1099 |
1099 |
ms-sql-s |
684 |
1433 |
1433 |
oracle |
690 |
1521 |
1521 |
orasrv |
691 |
1525 |
1525 |
tlisrv |
692 |
1527 |
1527 |
coauthor |
693 |
1529 |
1529 |
rdb-dbs-disp |
694 |
1571 |
1571 |
oraclenames |
695 |
1575 |
1575 |
oraclenet8cman |
696 |
1630 |
1630 |
net8-cman |
697 |
1830 |
1830 |
ms-olap |
686 |
2382-2383, 2393-2394 |
2382-2383, 2393-2394 |
msft-gc |
687 |
3268 |
3268 |
msft-gc-ssl |
688 |
3269 |
3269 |
citrixima |
698 |
2512 |
2512 |
citrixadmin |
699 |
2513 |
2513 |
citrix-rtmp |
700 |
2897 |
2897 |
citriximaclient |
701 |
2598 |
2598 |
micromuse-lm |
702 |
1534 |
1534 |
orbixd |
703 |
1570 |
1570 |
orbix-locator |
704 |
3075 |
3075 |
orbix-config |
705 |
3076 |
3076 |
orbix-loc-ssl |
706 |
3077 |
3077 |
shockwave |
707 |
1626 |
1626 |
sitaraserver |
708 |
2629 |
2629 |
sitaramgmt |
709 |
2630 |
2630 |
sitaradir |
710 |
2631 |
2631 |
mysql |
711 |
3306 |
3306 |
msnp |
713 |
1836 |
1826 |
aim |
714 |
5190-5193 |
— |
groove |
715 |
2492 |
2492 |
directplay |
716 |
2234 |
2234 |
directplay8 |
717 |
6073 |
6073 |
kali |
718 |
2213 |
2213 |
worldfusion |
719 |
2595-2596 |
2595-2596 |
directv-web |
720 |
3334 |
3334 |
directv-soft |
721 |
3335 |
3335 |
directv-tick |
722 |
3336 |
3336 |
directv-catlg |
723 |
3337 |
3337 |
wta-wsp-s |
724 |
2805 |
2805 |
wap-push |
725 |
2948 |
2948 |
wap-pushsecure |
726 |
2949 |
2949 |
wap-push-http |
727 |
4035 |
4035 |
wap-push-https |
728 |
4036 |
4036 |
game-spy |
755 |
6500, 28900 |
6515, 27900 |
ibprotocol |
737 |
6714 |
6714 |
wap-wsp |
729 |
9200 |
9200 |
wap-wsp-wtp |
730 |
9201 |
9201 |
wap-wsp-s |
731 |
9202 |
9202 |
wap-wsp-wtp-s |
732 |
9203 |
9203 |
wap-vcard |
733 |
9204 |
9204 |
wap-vcal |
734 |
9205 |
9205 |
wap-vcard-s |
735 |
9206 |
9206 |
wap-vcal-s |
736 |
9207 |
9207 |
pptp |
739 |
1723 |
1723 |
gtp-user |
740 |
2152 |
2152 |
xdtp |
741 |
3088 |
3088 |
l2tp |
742 |
1701 |
1701 |
fsgs |
743 |
6112 |
6112 |
parsec-game |
744 |
6582 |
6582 |
UnReal_UT |
745 |
— |
7777-7783 |
SiN |
746 |
22450 |
22450 |
halflife |
747 |
— |
27015 |
tribes |
748 |
28001 |
28001 |
Heretic II |
749 |
28910 |
— |
starsiege |
750 |
— |
29001-29009 |
game-search |
751 |
29001 |
— |
KingPin |
752 |
31510 |
31510 |
runescape |
753 |
43594 |
— |
GLT Poliane |
882 |
1201 |
— |
MSN Messenger |
883 |
1863 |
1863 |
xbox live |
898 |
3074 |
3074 |
ps2 |
899 |
10070-10080 |
10070 |
compressnet |
900 |
2-3 |
2-3 |
rje |
901 |
5 |
5 |
echo |
902 |
7 |
7 |
discard |
903 |
9 |
9 |
systat |
904 |
11 |
11 |
daytime |
905 |
13 |
13 |
qotd |
906 |
17 |
17 |
msp |
907 |
18 |
18 |
chargen |
908 |
19 |
19 |
ftp-data |
909 |
20 |
20 |
ssh |
910 |
22 |
22 |
telnet |
911 |
23 |
23 |
nsw-fe |
912 |
27 |
27 |
msg-icp |
913 |
29 |
29 |
msg-auth |
916 |
31 |
31 |
dsp |
917 |
33 |
33 |
time |
918 |
37 |
37 |
rap |
919 |
38 |
38 |
rlp |
920 |
39 |
39 |
graphics |
921 |
41 |
41 |
name |
922 |
42 |
42 |
nicname |
923 |
43 |
43 |
mpm-flags |
924 |
44 |
44 |
mpm |
925 |
45 |
45 |
mpm-snd |
926 |
46 |
46 |
ni-ftp |
927 |
47 |
47 |
auditd |
928 |
48 |
48 |
tacacs |
929 |
49 |
49 |
re-mail-ck |
930 |
50 |
50 |
la-maint |
931 |
51 |
51 |
xns-time |
932 |
52 |
52 |
xns-ch |
934 |
54 |
54 |
isi-gl |
935 |
55 |
55 |
xns-auth |
936 |
56 |
56 |
xns-mail |
937 |
58 |
58 |
ni-mail |
938 |
61 |
61 |
acas |
939 |
62 |
62 |
whois |
940 |
63 |
63 |
covia |
941 |
64 |
64 |
tacacs-ds |
942 |
65 |
65 |
sql*net |
943 |
66 |
66 |
bootps |
944 |
67 |
67 |
bootpc |
945 |
68 |
68 |
gopher |
947 |
70 |
70 |
netrjs-1 |
948 |
71 |
71 |
netrjs-2 |
949 |
72 |
72 |
netrjs-3 |
950 |
73 |
73 |
netrjs-4 |
951 |
74 |
74 |
deos |
952 |
76 |
76 |
finger |
953 |
79 |
79 |
hosts2-ns |
954 |
81 |
81 |
xfer |
955 |
82 |
82 |
mit-ml-dev |
956 |
83, 85 |
83, 85 |
ctf |
957 |
84 |
84 |
mfcobol |
958 |
86 |
86 |
kerberos |
959 |
88 |
88 |
su-mit-tg |
960 |
89 |
89 |
dnsix |
961 |
90 |
90 |
mit-dov |
962 |
91 |
91 |
npp |
963 |
92 |
92 |
dcp |
964 |
93 |
93 |
objcall |
965 |
94 |
94 |
supdup |
966 |
95 |
95 |
dixie |
967 |
96 |
96 |
swift-rvf |
968 |
97 |
97 |
tacnews |
969 |
98 |
98 |
metagram |
970 |
99 |
99 |
newacct |
971 |
100 |
|
hostname |
972 |
101 |
101 |
iso-tsap |
973 |
102 |
102 |
gppitnp |
974 |
103 |
103 |
acr-nema |
975 |
104 |
104 |
csnet-ns |
976 |
105 |
105 |
3com-tsmux |
977 |
106 |
106 |
rtelnet |
978 |
107 |
107 |
snagas |
979 |
108 |
108 |
pop2 |
980 |
109 |
109 |
sunrpc |
981 |
111 |
111 |
mcidas |
982 |
112 |
112 |
auth |
983 |
113 |
113 |
audionews |
984 |
114 |
114 |
sftp |
985 |
115 |
115 |
ansanotify |
986 |
116 |
116 |
uucp-path |
987 |
117 |
117 |
sqlserv |
988 |
118 |
118 |
cfdptkt |
989 |
120 |
120 |
erpc |
990 |
121 |
121 |
smakynet |
991 |
122 |
122 |
ansatrader |
993 |
124 |
124 |
locus-map |
994 |
125 |
125 |
nxedit |
995 |
126 |
126 |
locus-con |
996 |
127 |
127 |
gss-xlicen |
997 |
128 |
128 |
pwdgen |
998 |
129 |
129 |
cisco-fna |
999 |
130 |
130 |
LapLink |
1105 |
1547 |
|
cisco-tna |
2000 |
131 |
131 |
cisco-sys |
2001 |
132 |
132 |
statsrv |
2002 |
133 |
133 |
ingres-net |
2003 |
134 |
134 |
Anarchy |
2004 |
7013, 7500-7501 |
7013, 7500-7501 |
Asherons Call |
2005 |
9000-9013 |
9000-9013 |
Black And White |
2006 |
2611-2612 |
— |
Counter strike |
2007 |
27020-27039 |
1200, 27000-27018 |
Dark Reign |
2008 |
26214 |
26214 |
Diablo |
2009 |
6113-6119, 4000 |
6113-6119 |
Elite Force |
2010 |
— |
26000, 27500 |
F16 |
2011 |
— |
3862, 3863 |
F22 Simulator (lightning 3) |
2012 |
— |
3874-3875, 4533, 4534 |
Hexen |
2013 |
— |
26900 |
Kohan Immortal Sovereigns |
2014 |
3855, 17437 |
3855, 17437 |
Motorhead |
2015 |
16000, 16010-16030 |
16000, 16010-16030 |
Myth |
2016 |
3453 |
3453 |
Need For Speed |
2017 |
9442 |
9442 |
Need For Speed 3 |
2018 |
1030 |
1030 |
Operation Flash Point |
2019 |
47624 |
— |
Outlaws |
2020 |
5310 |
5310 |
Swat3 |
2021 |
16639 |
16638 |
Ultima |
2022 |
5002-5010, 7775-7777, 8888, 9999, 7875 |
— |
Warcraft |
2023 |
3724 |
3724 |
Znes |
2024 |
— |
7845 |
Delta Force |
2025 |
3100, 3999 |
3100, 3999, 3568, 3569 |
Rainbox six |
2026 |
2346 |
2346 |
Soldier of fortune |
2027 |
— |
28911-28915 |
Westwood Online |
2028 |
1140, 1234 |
1140, 1234 |
Yahoo Games |
2029 |
11999 |
— |
Konspire2b |
2031 |
6085 |
6085 |
Protocols Identified on Unidirectional Flows
When unidirectional classification is enabled, the protocols listed in Table 1-8 can be detected on unidirectional flows.
•When a unidirectional flow (inbound or outbound) passes through the SCE platform, it is matched against this set of protocol signatures.
•When a bidirectional flow passes through the SCE platform, the protocol library tries to match it to one of its standard (bidirectional) protocol signatures.
Table 1-8 Unidirectionally-Detected Protocols
|
|
AntsP2P |
113 |
Audio over HTTP |
1041 |
BBC iPlayer |
1057 |
BaiBao |
43 |
Baidu Movie |
1043 |
Behavioral Upload/Download |
127 |
Binary over HTTP |
1042 |
BitTorrent |
24 |
CUWorld |
117 |
Club Box |
1038 |
Dijjer |
120 |
DingoTel |
42 |
DirectConnect |
19 |
EmuleEncrypted |
105 |
Entropy |
125 |
Exosee |
121 |
FastTrack KaZaA File Transfer |
14 |
Feidian |
1037 |
Filetopia |
31 |
Flash |
2033 |
Flash MySpace |
2035 |
Flash Yahoo |
2036 |
Flash YouTube |
2034 |
Fring |
1052 |
Furthur |
123 |
Generic TCP |
0 |
Gnutella File Transfer |
12 |
Gnutella Networking |
11 |
Google Talk |
1030 |
GoogleEarth |
118 |
HTTP Browsing |
2 |
HTTP Tunnel |
55 |
Hopster |
115 |
Hotline |
20 |
ICQ |
119 |
Jabber |
116 |
Joost |
1046 |
Kontiki |
124 |
Location Free |
1045 |
MMS |
6 |
MS Push Mail |
1048 |
MSN Messenger |
883 |
Manolito |
22 |
Mobile MMS |
46 |
Mute |
34 |
Napster |
32 |
NeoNet |
37 |
NodeZilla |
35 |
POCO |
51 |
POP3 |
9 |
PPLive |
44 |
PPStream |
49 |
Pando |
1049 |
PeerEnabler |
122 |
QQ-Live |
2032 |
SMTP |
8 |
Skype |
25 |
Sling |
112 |
TVAnts |
109 |
Thunder |
50 |
Tor |
1065 |
UC |
48 |
Video over HTTP |
1040 |
Warez/FileCroc |
39 |
WebThunder |
1055 |
WinMX/OpenNap |
16 |
Winny |
17 |
Yahoo Messenger |
40 |
Yahoo Messenger VoIP |
45 |
Zattoo |
1047 |
eDonkey |
18 |
guruguru |
66 |
iTunes |
30 |
imap |
59 |
soribada |
69 |
v-share |
71 |
Services
Services are the building blocks of service configurations. Classification of a transaction to a service determines the accounting and control that applies to the transaction. Services are organized in a hierarchal structure used for both accounting and control.
Table 1-9 lists the services defined in the default service configuration. Both service usage counters, which are used to accumulate information about transactions classified to the service, have the same name.
Table 1-9 Installed Services
|
|
|
Global Usage Counter and Subscriber Usage Counter
|
Default Service |
0 |
|
Default Service* |
Browsing |
7 |
Default Service |
Global: Default Service*, Subscriber: Browsing* |
HTTP |
16 |
Browsing |
Global: HTTP, Subscriber: Browsing* |
HTTPS |
17 |
Browsing |
Global: HTTPS, Subscriber: Browsing* |
Location Based Services |
48 |
Browsing |
Global: Location Based Services, Subscriber: Browsing* |
E-Mail |
4 |
Default Service |
E-Mail* |
IMAP |
23 |
E-Mail |
Global: IMAP, Subscriber: E-Mail* |
MS Push Mail |
47 |
E-Mail |
Global: MS Push Mail, Subscriber: E-Mail* |
POP3 |
21 |
E-Mail |
Global: POP3, Subscriber: E-Mail* |
SMTP |
22 |
E-Mail |
Global: SMTP, Subscriber: E-Mail* |
Web-Based E-Mail |
71 |
E-Mail |
Global: Web-Based E-Mail, Subscriber: E-Mail* |
File Sharing |
49 |
Default Service |
Default Service* |
Download over HTTP |
44 |
File Sharing |
Download over HTTP |
FTP |
32 |
File Sharing |
FTP |
IM File Transfer |
51 |
File Sharing |
Global: Default Service*, Subscriber: IM File Transfer* |
Google Talk File Transfer |
54 |
IM File Transfer |
Global: Google Talk File Transfer, Subscriber: IM File Transfer* |
ICQ File Transfer |
55 |
IM File Transfer |
Global: ICQ File Transfer, Subscriber: IM File Transfer* |
QQ File Transfer |
52 |
IM File Transfer |
Global: QQ File Transfer, Subscriber: IM File Transfer* |
Skype File Transfer |
98 |
IM File Transfer |
Global: Skype File Transfer, Subscriber: IM File Transfer* |
Windows Live Messenger File Transfer |
57 |
IM File Transfer |
Global: Windows Live Messenger File Transfer, Subscriber: IM File Transfer* |
Yahoo Messenger File Transfer |
53 |
Global: Yahoo Messenger File |
Global: Yahoo Messenger File Transfer, Subscriber: IM File Transfer* |
Other IM File Transfer |
56 |
IM File Transfer |
Global: Other IM File Transfer, Subscriber: IM File Transfer* |
One-Click Hosting |
50 |
File Sharing |
One-Click Hosting |
P2P |
9 |
File Sharing |
Default Service* |
Ares/Warez |
58 |
P2P |
Arez/Warez |
Bittorrent |
24 |
P2P |
Global: Default Service*, Subscriber: Bittorrent* |
Encrypted Bittorrent |
62 |
Bittorrent |
Global: Encrypted Bittorrent, Subscriber: Bittorrent* |
Non-Encrypted Bittorrent |
63 |
Bittorrent |
Global: Non-Encrypted Bittorrent, Subscriber: Bittorrent* |
Gnutella |
30 |
P2P |
Gnutella |
Winny |
27 |
P2P |
Winny |
eDonkey/eMule |
14 |
P2P |
Global: Default Service*, Subscriber: eDonkey/eMule* |
Encrypted eMule |
60 |
eDonkey/eMule |
Global: Encrypted eMule, Subscriber: eDonkey/eMule* |
Non-Encrypted eMule |
61 |
eDonkey/eMule |
Global: Non-Encrypted eMule, Subscriber: eDonkey/eMule* |
Behavioral P2P |
43 |
P2P |
Behavioral P2P |
Other P2P |
59 |
P2P |
Other P2P |
Behavioral Upload/Download |
39 |
File Sharing |
Behavioral Upload/Download |
Gaming |
29 |
Default Service |
Global: Default Service*, Subscriber: Gaming* |
Nintendo Wii |
90 |
Gaming |
Global: Nintendo Wii, Subscriber: Gaming* |
PC Gaming |
87 |
Gaming |
Global: PC Gaming, Subscriber: Gaming* |
Playstation |
89 |
Gaming |
Global: Playstation, Subscriber: Gaming* |
Xbox |
88 |
Gaming |
Global: Xbox, Subscriber: Gaming* |
Instant Messaging |
28 |
Default Service |
Global: Default Service*, Subscriber: Instant Messaging* |
Google Talk |
83 |
Instant Messaging |
Global: Google Talk, Subscriber: Instant Messaging* |
ICQ |
85 |
Instant Messaging |
Global: ICQ, Subscriber: Instant Messaging* |
Windows Live Messenger |
82 |
Instant Messaging |
Global: Windows Live Messenger, Subscriber: Instant Messaging* |
Yahoo Messenger |
84 |
Instant Messaging |
Global: Yahoo Messenger, Subscriber: Instant Messaging* |
Other Instant Messaging |
86 |
Instant Messaging |
Global: Other Instant Messaging, Subscriber: Instant Messaging* |
Internet Privacy |
94 |
Default Service |
Global: Default Service*, Subscriber: Internet Privacy* |
Anonimity Networks |
95 |
Internet Privacy |
Global: Anonimity Networks, Subscriber: Internet Privacy* |
Tunneling |
38 |
Internet Privacy |
Global: Tunneling, Subscriber: Internet Privacy* |
VPN |
41 |
Internet Privacy |
Global: Default Service*, Subscriber: Internet Privacy* |
IPSec VPN |
42 |
VPN |
Global: IPSec VPN, Subscriber: Internet Privacy* |
Internet Video |
70 |
Default Service |
Default Service* |
Audio and Video over HTTP |
76 |
Internet Video |
Audio and Video over HTTP |
Commercial Media Distribution |
26 |
Internet Video |
Commercial Media Distribution |
Flash |
45 |
Internet Video |
Global: Default Service*, Subscriber: Flash* |
Flash MySpace |
73 |
Flash |
Global: Flash MySpace, Subscriber: Flash* |
Flash Yahoo |
75 |
Flash |
Global: Flash Yahoo, Subscriber: Flash* |
Flash YouTube |
74 |
Flash |
Global: Flash YouTube, Subscriber: Flash* |
Other Flash |
72 |
Flash |
Global: Other Flash, Subscriber: Flash* |
P2P TV |
77 |
Internet Video |
Global: Default Service*, Subscriber: P2P TV* |
Joost |
81 |
P2P TV |
Global: Joost, Subscriber: P2P TV* |
PPLive |
79 |
P2P TV |
Global: PPLive, Subscriber: P2P TV* |
PPStream |
80 |
P2P TV |
Global: PPStream, Subscriber: P2P TV* |
Other P2P TV |
78 |
P2P TV |
Global: Other P2P TV, Subscriber: P2P TV* |
Streaming |
34 |
Internet Video |
Global: Default Service*, Subscriber: Streaming* |
MMS |
20 |
Streaming |
Global: MMS, Subscriber: Streaming* |
RTMP |
99 |
Streaming |
Global: RTMP, Subscriber: Streaming* |
RTSP |
19 |
Streaming |
Global: RTSP, Subscriber: Streaming* |
Net Admin |
33 |
Default Service |
Global: Default Service*, Subscriber: Net Admin* |
Naming Services |
91 |
Net Admin |
Global: Naming Services, Subscriber: Net Admin* |
Terminals |
92 |
Net Admin |
Global: Terminals, Subscriber: Net Admin* |
Other Net Admin |
93 |
Net Admin |
Global: Other Net Admin, Subscriber: Net Admin* |
Newsgroups |
8 |
Default Service |
Newsgroups |
Voice and Video Calls |
12 |
Default Service |
Global: Default Service*, Subscriber: Voice and Video Calls* |
Google Talk VoIP |
68 |
Voice and Video Calls |
Global: Google Talk VoIP, Subscriber: Voice and Video Calls* |
H323 |
11 |
Voice and Video Calls |
Global: H323, Subscriber: Voice and Video Calls* |
ICQ VoIP |
40 |
Voice and Video Calls |
Global: ICQ VoIP, Subscriber: Voice and Video Calls* |
MGCP |
5 |
Voice and Video Calls |
Global: MGCP, Subscriber: Voice and Video Calls* |
QQ VoIP |
69 |
Voice and Video Calls |
Global: QQ VoIP, Subscriber: Voice and Video Calls* |
SIP |
10 |
Voice and Video Calls |
Global: SIP, Subscriber: Voice and Video Calls* |
Skype |
25 |
Voice and Video Calls |
Global: Default Service*, Subscriber: Voice and Video Calls* |
Skype VoIP |
97 |
Skype |
Global: Skype VoIP, Subscriber: Voice and Video Calls* |
SkypeIn |
65 |
Skype |
Global: SkypeIn, Subscriber: Voice and Video Calls* |
SkypeOut |
66 |
Skype |
Global: SkypeOut, Subscriber: Voice and Video Calls* |
Other Skype |
67 |
Skype |
Global: Other Skype, Subscriber: Voice and Video Calls* |
Vonage |
13 |
Voice and Video Calls |
Global: Vonage, Subscriber: Voice and Video Calls* |
Windows Live Messenger VoIP and Video |
15 |
Voice and Video Calls |
Global: Default Service*, Subscriber: Voice and Video Calls* |
Windows Live Messenger Video |
18 |
Windows Live Messenger VoIP and Video |
Global: Windows Live Messenger Video, Subscriber: Voice and Video Calls* |
Windows Live Messenger VoIP |
46 |
Windows Live Messenger VoIP and Video |
Global: Windows Live Messenger VoIP, Subscriber: Voice and Video Calls* |
Yahoo Messenger VoIP and Video |
31 |
Voice and Video Calls |
Global: Default Service*, Subscriber: Voice and Video Calls* |
Yahoo Messenger Video |
35 |
Yahoo Messenger VoIP and Video |
Global: Yahoo Messenger Video, Subscriber: Voice and Video Calls* |
Yahoo Messenger VoIP |
37 |
Yahoo Messenger VoIP and Video |
Global: Yahoo Messenger VoIP, Subscriber: Voice and Video Calls* |
Behavioral VoIP |
64 |
Voice and Video Calls |
Global: Behavioral VoIP, Subscriber: Voice and Video Calls* |
Other VoIP |
36 |
Voice and Video Calls |
Global: Other VoIP, Subscriber: Voice and Video Calls* |
Other |
1 |
Default Service |
Default Service* |
Other IP |
6 |
Other |
Other IP |
Other TCP |
2 |
Other |
Other TCP |
Other UDP |
3 |
Other |
Other UDP |
Other Well-Known Ports |
96 |
Other |
Other Well-Known Ports |
Note An asterisk is appended to a service usage counter name whenever the counter applies to more than one service.
RDR Settings
SCE platforms generate and transmit Raw Data Records (RDRs) that contain a wide variety of information and statistics, depending on the configuration of the system.
Table 1-10 lists the RDR settings defined in the default service configuration.
Table 1-10 Default RDR Settings
|
|
|
|
|
|
Usage |
Generic |
ON |
Every 5 minutes |
— |
— |
Link |
ON |
Every 5 minutes |
— |
— |
Package |
ON |
Every 5 minutes |
— |
— |
Subscriber |
ON |
Every 10 minutes |
— |
— |
Virtual Links |
OFF |
Every 10 minutes |
— |
Default is ON for service configurations created in Virtual Links mode. |
Transaction |
Transaction |
ON |
— |
100 per second |
All services have the same relative weight. |
Transaction Usage |
Transaction Usage (TUR) |
OFF |
— |
— |
No threshold. |
HTTP Transaction Usage |
OFF |
— |
— |
— |
Anonymized HTTP Transaction Usage |
OFF |
— |
— |
— |
RTSP Transaction Usage |
OFF |
— |
— |
— |
Video Transaction Usage |
OFF |
— |
— |
— |
VoIP Transaction Usage |
OFF |
— |
— |
— |
Quota |
Quota Breach |
OFF |
— |
— |
Generate RDR when bucket is breached. |
Quota Status |
OFF |
user configured |
user configured |
— |
Quota Threshold Breach |
OFF |
— |
— |
Generate RDR each time bucket exceeds threshold. |
Session Creation |
OFF |
— |
— |
Generated upon subscriber introduction or package switch. |
Log |
Block |
ON |
— |
20 per second |
— |
Real-Time Subscriber |
Real-Time Subscriber Usage |
ON |
Every 1 minutes |
100 per second |
Enable for each subscriber separately, using CLI. |
Attack |
Attack Start |
OFF |
— |
— |
— |
Attack Stop |
|
— |
— |
— |
Malicious Traffic |
Malicious Traffic Periodic |
ON |
Every 60 seconds |
— |
Only generated during attack. |
Spam |
Spam |
OFF |
— |
— |
— |
DHCP |
DHCP |
OFF |
— |
— |
— |
RADIUS |
RADIUS |
OFF |
— |
— |
— |
Rules
Rules are a set of configurable instructions telling the application how to handle flows classified to a service.
The default service configuration contains a single rule for the default service. Until you create other rules, the default service rule applies to all traffic processed by the SCE platform.
The default service rule places no restrictions on traffic:
•Flows are routed through the default Bandwidth Controllers (BWCs), which have unlimited Bandwidth (BW).
•No quota limitations are applied to the flows and external quota management mode is selected.
System Mode
The default System Operational Mode is Report Only, which means that the system is used for reporting but does not control traffic.
The default System Topological Mode is Duplex, which means that all inbound and outbound traffic goes through the SCE platform.
Note When unidirectional classifications enabled, there are some changes to the default service configuration:
- There are no predefined flavors.
- No service elements include a specified flavor.
- Periodic quota management mode is selected.