Default Service Configuration Reference Tables

Published: March 06, 2015

Introduction

This chapter describes the default service configuration provided with Cisco SCA BB. The default service configuration serves as a starting point for creating a service configuration tailored to meet customer needs.

This chapter consists of these sections:

Filter Rules

Filter rules allow you to instruct the Cisco SCE platform to ignore some types of flow based on Layer 3 and Layer 4 properties of the flow, and transmit the flows without any changes.

Table 1-1 lists the filter rules defined in the default service configuration.

 

Table 1-1 Filter Rules

Flow Filter Name
Default State
Description

ICMP Filter

Active

Applies to ICMP packets, packets bypass the policy engine and are mapped to CoS BE.

DNS (to network)

Active

Applies to UDP packets, network-side port is equal to 53, packets bypass the policy engine and are mapped to CoS BE.

DNS (to subscriber)

Active

Applies to UDP packets, subscriber-side port is equal to 53, packets bypass the policy engine and are mapped to CoS BE.

net-bios (to network)

Active

Applies to UDP packets, network-side port is equal to 137, packets bypass the policy engine and are mapped to CoS BE.

net-bios (to subscriber)

Active

Applies to UDP packets, network-side port is equal to 137, packets bypass the policy engine and are mapped to CoS BE.

eDonkey UDP (to network)

Inactive

Applies to UDP packets, network-side ports in the range 4661 – 4665, packets bypass the policy engine and are mapped to CoS BE.

eDonkey UDP (to subscriber)

Inactive

Applies to UDP packets, subscriber-side ports in the range 4661 – 4665, packets bypass the policy engine and are mapped to CoS BE.

eMule UDP (to network)

Inactive

Applies to UDP packets, network-side ports in the range 4670 – 4674, packets bypass the policy engine and are mapped to CoS BE.

eMule UDP (to subscriber)

Inactive

Applies to UDP packets, subscriber-side ports in the range 4670 – 4674, packets bypass the policy engine and are mapped to CoS BE.

eMule UDP 2 (to network)

Inactive

Applies to UDP packets, network-side ports in the range 5670 – 5674, packets bypass the policy engine and are mapped to CoS BE.

eMule UDP 2 (to subscriber)

Inactive

Applies to UDP packets, subscriber-side ports in the range 5670 – 5674, packets bypass the policy engine and are mapped to CoS BE.

eMule UDP 3 (to network)

Inactive

Applies to UDP packets, network-side ports in the range 5780 – 5784, packets bypass the policy engine and are mapped to CoS BE.

eMule UDP 3 (to subscriber)

Inactive

Applies to UDP packets, subscriber-side ports in the range 5780 – 5784, packets bypass the policy engine and are mapped to CoS BE.

BGP Filter

Inactive

Applies to TCP packets, network-side port is equal to 179, packets bypass the policy engine and are mapped to CoS BE.

DHCP Filter

Inactive

Applies to UDP packets, network-side ports in the range 67 – 68, packets bypass the policy engine and are mapped to CoS BE.

OSPF Filter

Inactive

Applies to OSPFIGP packets, packets bypass the policy engine and are mapped to CoS BE.

IS-IS Filter

Inactive

Applies to IS-IS packets, packets bypass the policy engine and are mapped to CoS BE.

IGRP Filter

Inactive

Applies to IGP packets, packets bypass the policy engine and are mapped to CoS BE.

EIGRP Filter

Inactive

Applies to EIGRP packets, packets bypass the policy engine and are mapped to CoS BE.

HSRP Filter 1

Inactive

Applies to UDP packets, network-side IP is equal to 224.0.0.2, packets bypass the policy engine and are mapped to CoS BE.

HSRP Filter 2

Inactive

Applies to UDP packets, network-side port is equal to 1985, packets bypass the policy engine and are mapped to CoS BE.

HSRP Filter 3

Inactive

Applies to UDP packets, subscriber-side port is equal to 1985, packets bypass the policy engine and are mapped to CoS BE.

RIP Filter 1

Inactive

Applies to UDP packets, network-side IP is equal to 224.0.0.9, packets bypass the policy engine and are mapped to CoS BE.

RIP Filter 2

Inactive

Applies to UDP packets, network-side port is equal to 520, packets bypass the policy engine and are mapped to CoS BE.

RIP Filter 3

Inactive

Applies to UDP packets, subscriber-side port is equal to 520, packets bypass the policy engine and are mapped to CoS BE.

RADIUS Filter

Inactive

Applies to UDP packets, network-side port is equal to 1812, packets bypass the policy engine and are mapped to CoS BE.

RADIUS Filter (early deployment)

Inactive

Applies to UDP packets, network-side ports in the range 1645 – 1646, packets bypass the policy engine and are mapped to CoS BE.

Information About Protocols

Protocols are divided into four groups:

  • Generic protocols—Protocols that are used for transactions not mapped to a service by one of the more specific protocol types.
  • Signature-based protocols—Protocols that are classified according to a Layer 7 application signature. This group includes the most common protocols, such as HTTP and FTP, and a large group of popular Peer-to-Peer protocols.
  • IP protocols—Protocols (such as ICMP), other than TCP and UDP protocols that are identified according to the IP protocol number of the transaction.
  • Port-based protocols—TCP and UDP protocols that are classified according to their well-known ports. The default configuration includes more than 600 common port-based protocols.

You may add new protocols (for example, to classify a new gaming protocol that uses a specific port) and edit or remove existing ones.

In Cisco SCA BB Console, protocols are listed in ASCII order.

The tables in the following sections list the protocols defined in the default service configuration:

Generic Protocols

Three generic protocols (IP, TCP, and UDP) serve as default containers for classifying transactions of the relevant type (IP, TCP, or UDP) that are not classified as belonging to a more specific protocol.

A transaction is classified as belonging to one of the generic protocols if it meets both the following conditions:

  • It was not classified as belonging to a signature-based protocol.
  • It was not classified as belonging to an IP or port-based protocol that is mapped to a service.

Table 1-2 list the generic protocols.

 

Table 1-2 Generic Protocols

Protocol Name
ID
Description

Generic IPv6

1196

Any IPv6 traffic (TCP or UDP) that does not match the Signature-Based protocol, and where the related port-based protocol (if it exists) is not specifically mapped to a service.

Generic IP

10

Any non-TCP or non-UDP transaction where the related IP protocol is not specifically mapped to a service.

Generic TCP

0

Any TCP transaction that does not match any signature-based protocol, and where the related port-based protocol (if it exists) is not specifically mapped to a service.

Generic UDP

1

Any UDP transaction that does not match any signature-based protocol, and where the related port-based protocol (if it exists) is not specifically mapped to a service.

Signature-Based Protocols

A transaction is classified as belonging to one of the signature-based protocols if it is carried on the well-known port of the protocol or matches the signature of the protocol.

Note Table 1-3 lists only signature-based protocols that are not Peer-to-Peer, VoIP, or SIP protocols (these protocols are listed in the following tables). However, the Signature-Based Protocols Filter in the Console lists all signature-based protocols.

 

Table 1-3 Signature-Based Protocols

Protocol Name
ID
TCP Ports
UDP Ports

ActiveSync Gmail

1123

Apple iCloud

1204

AppleMaps

1343

App Store

1338

ARD Mediathek

1321

Audio over HTTP

1041

Akamai

1326

Alicall

1169

Baidu Movie

1043

Bebo

1251

Behavioral Upload/Download

See note on Behavioral Upload/Download—Transactions that have download packet flow characteristics and do not match a more specific signature are classified to this protocol. This protocol applies to downloads both from the network side and from the subscriber side..

127

Binary over HTTP

1042

BitCoin

1347

Bitmessage

1348

BRMediathek

1323

BT SPORT

1325

Bump

1276

Call Of Duty

1127

CCcam-Traffic

1129

CCTV_Video_Stream_UDP

1141

ChatON

1249

CloudMe

1255

CUWorld

117

CinepolisKlic

1315

Citrix

1104

clipfish.de

1312

Club Box

1038

Crackle

1318

Crashplan

1297

Daum My People

1231

Dailymotion

1223

DailymotionHTTP

1313

DHCP

33

DHCPv6

1300

DHT

106

Dial070 - Smartphone Login

1131

Dial91

1311

DNS

47

Dota2

1344

 

 

DroidVPN

1352

 

 

eBay

1257

DingoTel

42

Facebook HTTP

1262

Facebook Messenger Chat

1228

Facebook Over HTTPS

1245

Facebook Poke

1245

Facebook Video Record

1163

Final Fantasy

1330

FIX

1113

FTP

4

21

Flash

2033

Flash MySpace

2035

Flash Yahoo

2036

Flash YouTube

2034

Flash YouTube Normal

1084

Flash YouTube HD

1082

FourSquare

1254

Fring

1052

FunshionTCP

1144

FunshionUDP

1145

GaduGadu

1146

GBox-Traffic

1132

Generic P2PSuspected

1143

Generic Nonestablished TCP

See note on Generic Non-Established TCP—IPv4 TCP flows that are not established properly (syn-ack is missing) are mapped to this protocol..

126

Google Hangout

2073

19305 - 19309

GoogleMaps

1258

Google Maps Iphone

1307

Google Call Phone

1164

Google Talk

1030

Gmail Video

1289

GoogleEarth

118

Hike

1320

HootSuite

1261

GroupMe

1252

HTTP Browsing

2

80, 8080

HTTP POST

1283

HTTP Tunnel

55

Hopster

115

ICQ

119

iMessage

1188

imap

59

143

143

Imgur

1327

Instagram

1216

Iperf

1277

IRC

62

iTunes

30

JustVoIP

1167

LoveFilm

1212

IBM Lotus Domino

1198

Jabber

116

Kakao Talk

1226

9001

Keek

1341

Knight Online

1340

League of Legends

1339

Line Camera

1335

LinkedIn

1281

LogMeIn

1224

MailruChat

1288

MediaFire

1286

Megacloud

1293

MessageMe

1319

Minecraft-Gaming

1176

MMS

6

1755

Mozy

1296

MS Exchange Desktop

1111

MS Push Mail

1048

Mobile MMS

46

MyJabber

1056

MyPeople Video Call

1171

MyPeople Voice Over SIP

1170

Myvideo_de

1353

Napster

32

Nateon

1077

NateonTalk

1234

NDRMediathek

1355

NNTP

15

119

NowTV

1309

NetflixNetworking

1139

NexTV

1173

Newcamd-Traffic

1130

NTP

54

Onlive

1310

ooVoo

1114

OpenDrive

1317

OpenVPN

1098

Origin

1222

5222

POP3

9

110

Put.io

1253

 

QQ

52

QQ_Android

2074

Qvod

1181

radius

738

Rapidshare

1256

80

Remote Desktop Connection

1284

Rift_Tcp

1175

RTMPS

1103

443

RTL Now

1316

RTSP Streaming

5

554, 1554, 7070

RayV

1112

Saavn

1229

Satellite Direct

1299

SAT1

1351

SD Gundam Capsule Fighter Online

1197

Shoutcast

1275

SinaWeibo

1357

SilkRoad

1331

SkyDrive

1225

Skype File Transfer

2114

SMTP

8

25

Soundcloud_HTTPS

1230

Snapchat

1271

SocialCam

1273

SPDY

1328

SpeedTest

1349

SpiderOak Hive

1324

SSDP

53

SSL

1100

Steam

1097

StromMedia

1314

STUN

114

Second Life

1060

Shareman-download

1172

SkeedReceiver

1109

Skype Video

1168

Sling

112

Starcraft2-Gaming

1174

Street Fighter IV

1101

SVTPlay

1140

Talkray

1266

Tango Video Calls

1166

TeamViewer

1179

Temp Gmail Video TCP

1161

Temp Gmail Video SSL

1162

TencentWeibo

1358

Teredo

1210

tftp

60

69

69

Tivibu

1350

TotalMovie

1298

TTNET Muzik

1354

TuneIn Radio

1333

TunnelBear

1346

Ubisoft Uplay

1337

Ubuntuone

1232

UC

48

Ultrasurf

1285

Ustream

1136

Utagoe UGLive2

1108

UUSee

1177

Video over HTTP

1040

Viddy

1260

Vimeo

1295

Vopium

1227

Vk

1287

Watchitoo

1247

WazeGPS

1248

WebEx

1110

WeChat

1246

Wetransfer

1326

WhatsApp

1178

443 and 5222

WhatsApp Message Count

1301

443 and 5222

Windows Update

1107

WoW-Gaming

1133

Wuakitv

1345

xbox Call Of Duty

1127

Xbox One

1334

Yahoo Messenger

40

5000–5001

5000–5010

Yahoo Screen

1329

Yandex.disk

1308

Youku Video

1165

ZDF Mediathek

1356

Note Behavioral Upload/Download—Transactions that have download packet flow characteristics and do not match a more specific signature are classified to this protocol. This protocol applies to downloads both from the network side and from the subscriber side.

Note Generic Non-Established TCP—IPv4 TCP flows that are not established properly (syn-ack is missing) are mapped to this protocol.

Table 1-4 lists the signature-based peer-to-peer protocols.

 

Table 1-4 Signature-Based Peer-to-Peer Protocols

Protocol Name
ID
TCP Ports
UDP Ports

Adobe Reader Cloud

1250

Amazon Cloud

1209

Android Market

1202

Angle Media

1063

AntsP2P

113

BBBroadcast

1058

BBC iPlayer

1057

BaiBao

43

Behavioral P2P

2044

BitTorrent

24

6881–6889

Carbonite

1272

Cubby

1270

Dijjer

120

DirectConnect

19

411–413

Dropbox

1180

 

 

Einy

1102

EmuleEncrypted

105

Entropy

125

Exosee

121

FastTrack KaZaA File Transfer

14

FastTrack KaZaA Networking

13

1214

Feidian

1037

Filetopia

31

Freenet

107

Furthur

123

Gnutella File Transfer

12

Gnutella Networking

11

6346–6349

Hotline

20

Hotspot Shield

1269

Joost

1046

Justcloud

1265

Kontiki

124

KuGoo

1050

LottoFile

1095

Manolito

22

MEGA

1268

Monkey3

1096

Mute

34

NeoNet

37

NodeZilla

35

POCO

51

PPLive

44

PPStream

49

PacketiX

1059

Pando

1049

Pandora

1138

Pandora Audio

1137

PeerEnabler

122

QQ-Live

2032

Rodi

111

Share

27

SkeedReceiver

1109

SopCast

1064

Soulseek

29

TVAnts

109

Thunder

50

Utagoe UGLive2

1108

Warez/FileCroc

39

Waste

36

WebThunder

1055

WinMX/OpenNap

16

6257, 6699

6257

Winny

17

7742–7745, 7773

Zattoo

1047

eDonkey

18

4661–4665, 4672–4673, 4711, 5662, 5773, 5783

4661–4665, 4672–4673, 4711, 5662, 5773, 5783

guruguru

66

kuro

67

soribada

69

v-share

71

Table 1-5 lists the signature-based VoIP protocols.

 

Table 1-5 Signature-Based VoIP Protocols

Protocol Name
ID
TCP Ports
UDP Ports

Alicall

1169

Behavioral VoIP

1062

Comm

1280

DAUM

1150

Dial070 - Smartphone Voice

1118

Eyebeam

1322

Facebook voip

1306

Fring VoIP

1053

Google Call Phone

1164

Google Talk Voice

2073

Google Voice

1099

Headcall

1142

H323

28

1720

Hyves

1200

Icq Voice

1282

iFone Platinum

1305

ICQ VoIP

110

JaJah YahooPhoneOut

1126

JustVoIP

1167

Kakao Talk

1226

Line Voice

1213

MailruVoiceVideo

1292

MGCP

38

2427, 2727

MSN Messenger VoIP

1054

Mumble

1208

MyPeople Voice Call

1170

NateOn

1077

NateonTalk

1234

Net2phone

1135

Nimbuzz

1191

NymGo

1294

ooVoo Voice

1115

PTT Winphoria

61

Primus

108

Qik

1274

RTP

57

SIP

23

5060–5061

5060–5061

Skinny

41

Skype

25

Skype-IM (V5.8)

1199

Tango IM

1278

UUCall

1134

Viber over HTTP

1359

7985, 7987

 

Viber over TCP

1147

Viber over UDP

1148

Viber SSL

1332

Vivox

1061

Yahoo Messenger Call Setup

1149

Yahoo Messenger VoIP

45

Yahoo VoIP over SIP

2039

Note The protocols ICQ VoIP, Primus, SIP, and Yahoo VoIP over SIP are also signature-based SIP protocols.

IP Protocols

Table 1-6 lists the IP protocols supported by Cisco SCA BB.

 

Table 1-6 IP Protocols

IP Protocol Number
Protocol Name
Protocol ID

0

HOPOPT

756

1

ICMP

757

2

IGMP

758

3

GGP

759

4

IP

760

5

ST

761

6

Generic TCP

0

7

CBT

762

8

EGP

763

9

IGP

764

10

BBN-RCC-MON

765

11

NVP-II

766

12

PUP

767

13

ARGUS

768

14

EMCON

769

15

XNET

770

16

CHAOS

771

17

Generic UDP

1

18

MUX

772

19

DCN-MEAS

773

20

HMP

774

21

PRM

775

22

XNS-IDP

776

23

TRUNK-1

777

24

TRUNK-2

778

25

LEAF-1

779

26

LEAF-2

780

27

RDP

781

28

IRTP

782

29

ISO-TP4

783

30

NETBLT

784

31

MFE-NSP

785

32

MERIT-INP

786

33

SEP

787

34

3PC

788

35

IDPR

789

36

XTP

790

37

DDP

791

38

IDPR-CMTP

792

39

TP++

793

40

IL

794

41

IPv6-Over-IPv4

795

42

SDRP

796

43

IPv6-Route

797

44

IPv6-Frag

798

45

IDRP

799

46

RSVP

800

47

GRE

801

48

MHRP

802

49

BNA

803

50

ESP

804

51

AH

805

52

I-NLSP

806

53

SWIPE

807

54

NARP

808

55

MOBILE

809

56

TLSP

810

57

SKIP

811

58

IPv6-ICMP

812

59

IPv6-NoNxt

813

60

IPv6-Opts

814

61

any host internal protocol

815

62

CFTP

816

63

any local network

817

64

SAT-EXPAK

818

65

KRYPTOLAN

819

66

RVD

820

67

IPPC

821

68

any distributed file system

822

69

SAT-MON

823

70

VISA

824

71

IPCV

825

72

CPNX

826

73

CPHB

827

74

WSN

828

75

PVP

829

76

BR-SAT-MON

830

77

SUN-ND

831

78

WB-MON

832

79

WB-EXPAK

833

80

ISO-IP

834

81

VMTP

835

82

SECURE-VMTP

836

83

VINES

837

84

TTP

838

85

NSFNET-IGP

839

86

DGP

840

87

TCF

841

88

EIGRP

842

89

OSPFIGP

843

90

Sprite-RPC

844

91

LARP

845

92

MTP

846

93

AX.25

847

94

IPIP

848

95

MICP

849

96

SCC-SP

850

97

ETHERIP

851

98

ENCAP

852

99

any private encryption scheme

853

100

GMTP

854

101

IFMP

855

102

PNNI

856

103

PIM

857

104

ARIS

858

105

SCPS

859

106

QNX

860

107

A/N

861

108

IPComp

862

109

SNP

863

110

Compaq-Peer

864

111

IPX-in-IP

865

112

VRRP

866

113

PGM

867

114

any 0-hop protocol

868

115

L2TP

869

116

DDX

870

117

IATP

871

118

STP

872

119

SRP

873

120

UTI

874

121

SMP

875

122

SM

876

123

PTP

877

124

ISIS

878

125

FIRE

879

126

CRTP

880

Port-Based Protocols

Table 1-7 lists the TCP/UDP port-based protocols defined in the Cisco SCA BB default service configuration.

 

Table 1-7 Port-Based Protocols

Protocol Name
ID
TCP Ports
UDP Ports

FTP

4

21

Gnutella Networking

11

6346–6349

FastTrack KaZaA Networking

13

1214

Bittorrent

24

6881–6889

NTP

54

123

123

epmap

128

135

135

profile

129

136

136

netbios-ns

130

137

137

netbios-dgm

131

138

138

netbios-ssn

132

139

139

emfis-data

133

140

140

emfis-cntl

134

141

141

bl-idm

135

142

142

uma

137

144

144

uaac

138

145

145

iso-tp0

139

146

146

iso-ip

140

147

147

jargon

141

148

148

aed-512

142

149

149

sql-net

143

150

150

hems

144

151

151

bftp

145

152

152

sgmp

146

153

153

netsc-prod

147

154

154

netsc-dev

148

155

155

sqlsrv

149

156

156

knet-cmp

150

157

157

nss-routing

152

159

159

sgmp-traps

153

160

160

snmp

154

161

161

snmptrap

155

162

162

cmip-man

156

163

163

cmip-agent

157

164

164

xns-courier

158

165

165

s-net

159

166

166

namp

160

167

167

rsvd

161

168

168

send

162

169

169

print-srv

163

170

170

multiplex

164

171

171

cl/1

165

172

172

xyplex-mux

166

173

173

mailq

167

174

174

vmnet

168

175

175

genrad-mux

169

176

176

xdmcp

170

177

177

nextstep

171

178

178

bgp

172

179

179

ris

173

180

180

unify

174

181

181

audit

175

182

182

ocserver

177

184

184

remote-kis

178

185

185

kis

179

186

186

aci

180

187

187

mumps

181

188

188

qft

182

189

189

gacp

183

190

190

prospero

184

191

191

osu-nms

185

192

192

srmp

186

193

193

IRC

187

194, 6665-6669

194, 6665-6669

dn6-nlm-aud

188

195

195

dn6-smm-red

189

196

196

dls

190

197

197

dls-mon

191

198

198

smux

192

199

199

src

193

200

200

at-rtmp

194

201

201

at-nbp

195

202

202

at-3

196

203

203

at-echo

197

204

204

at-5

198

205

205

at-zis

199

206

206

at-7

200

207

207

at-8

201

208

208

qmtp

202

209

209

z39.50

203

210

210

914c/g

204

211

211

anet

205

212

212

ipx

206

213

213

vmpwscs

207

214

214

softpc

208

215

215

CAIlic

209

216

216

dbase

210

217

217

mpp

211

218

218

uarps

212

219

219

imap3

213

220

220

fln-spx

214

221

221

rsh-spx

215

222

222

cdc

216

223

223

masqdialer

217

224

224

direct

218

242

242

sur-meas

219

243

243

inbusiness

220

244

244

link

221

245

245

dsp3270

222

246

246

bhfhs

224

248

248

set

225

257

257

yak-chat

226

258

258

esro-gen

227

259

259

openport

228

260

260

nsiiops

229

261

261

arcisdms

230

262

262

hdap

231

263

263

bgmp

232

264

264

x-bone-ctl

233

265

265

sst

234

266

266

td-service

235

267

267

td-replica

236

268

268

http-mgmt

237

280

280

personal-link

238

281

281

cableport-ax

239

282

282

rescap

240

283

283

corerjd

241

284

284

fxp-1

242

286

286

k-block

243

287

287

novastorbakcup

244

308

308

entrusttime

245

309

309

bhmds

246

310

310

asip-webadmin

247

311

311

vslmp

248

312

312

magenta-logic

249

313

313

opalis-robot

250

314

314

dpsi

251

315

315

decauth

252

316

316

zannet

253

317

317

pkix-timestamp

254

318

318

ptp-event

255

319

319

ptp-general

256

320

320

pip

257

321

321

rtsps

258

322

322

texar

259

333

333

pdap

260

344

344

pawserv

261

345

345

zserv

262

346

346

fatserv

263

347

347

csi-sgwp

264

348

348

mftp

265

349

349

matip-type-a

266

350

350

matip-type-b

267

351

351

dtag-ste-sb

268

352

352

ndsauth

269

353

353

bh611

270

354

354

datex-asn

271

355

355

cloanto-net-1

272

356

356

bhevent

273

357

357

shrinkwrap

274

358

358

nsrmp

275

359

359

scoi2odialog

276

360

360

semantix

277

361

361

srssend

278

362

362

rsvp_tunnel

279

363

363

aurora-cmgr

280

364

364

dtk

281

365

365

odmr

282

366

366

mortgageware

283

367

367

qbikgdp

284

368

368

rpc2portmap

285

369

369

codaauth2

286

370

370

clearcase

287

371

371

ulistproc

288

372

372

legent-1

289

373

373

legent-2

290

374

374

hassle

291

375

375

nip

292

376

376

tnETOS

293

377

377

dsETOS

294

378

378

is99c

295

379

379

is99s

296

380

380

hp-collector

297

381

381

hp-managed-node

298

382

382

hp-alarm-mgr

299

383

383

arns

300

384

384

ibm-app

301

385

385

asa

302

386

386

aurp

303

387

387

unidata-ldm

304

388

388

ldap

305

389

uis

306

390

390

synotics-relay

307

391

391

synotics-broker

308

392

392

meta5

309

393

393

embl-ndt

310

394

394

netware-ip

311

396

396

mptn

312

397

397

kryptolan

313

398

398

iso-tsap-c2

314

399

399

work-sol

315

400

400

ups

316

401

401

genie

317

402

402

decap

318

403

403

nced

319

404

404

ncld

320

405

405

imsp

321

406

406

timbuktu

322

407

407

prm-sm

323

408

408

prm-nm

324

409

409

decladebug

325

410

410

rmt

326

411

synoptics-trap

327

412

smsp

328

413

infoseek

329

414

414

bnet

330

415

415

silverplatter

331

416

416

onmux

332

417

417

hyper-g

333

418

418

ariel1

334

419

419

smpte

335

420

420

ariel2

336

421

421

ariel3

337

422

422

opc-job-start

338

423

423

opc-job-track

339

424

424

icad-el

340

425

425

smartsdp

341

426

426

svrloc

342

427

427

ocs_cmu

343

428

428

ocs_amu

344

429

429

utmpsd

345

430

430

utmpcd

346

431

431

iasd

347

432

432

nnsp

348

433

433

mobileip-agent

349

434

434

mobilip-mn

350

435

435

dna-cml

351

436

436

comscm

352

437

437

dsfgw

353

438

438

dasp

354

439

439

sgcp

355

440

440

decvms-sysmgt

356

441

441

cvc_hostd

357

442

442

https

358

443

snpp

359

444

444

microsoft-ds

360

445

445

ddm-rdb

361

446

446

ddm-dfm

362

447

447

ddm-ssl

363

448

448

as-servermap

364

449

449

tserver

365

450

450

sfs-smp-net

366

451

451

sfs-config

367

452

452

creativeserver

368

453

453

contentserver

369

454

454

creativepartnr

370

455

455

scohelp

371

457

457

appleqtc

372

458

458

ampr-rcmd

373

459

459

skronk

374

460

460

datasurfsrv

375

461

461

datasurfsrvsec

376

462

462

alpes

377

463

463

kpasswd

378

464

464

url-rendezvous

379

465

465

digital-vrc

380

466

466

mylex-mapd

381

467

467

photuris

382

468

468

rcp

383

469

469

scx-proxy

384

470

470

mondex

385

471

471

ljk-login

386

472

472

hybrid-pop

387

473

473

tn-tl-w1

388

474

 

tn-tl-w2

389

474

tn-tl-fd1

390

476

476

ss7ns

391

477

477

spsc

392

478

478

iafserver

393

479

479

iafdbase

394

480

480

ph

395

481

481

bgs-nsi

396

482

482

ulpnet

397

483

483

integra-sme

398

484

484

powerburst

399

485

485

avian

400

486

486

saft

401

487

487

gss-http

402

488

488

nest-protocol

403

489

489

micom-pfs

404

490

490

go-login

405

491

491

ticf-1

406

492

492

ticf-2

407

493

493

pov-ray

408

494

494

intecourier

409

495

495

pim-rp-disc

410

496

496

dantz

411

497

497

siam

412

498

498

iso-ill

413

499

499

isakmp

414

500, 4500

500, 4500

stmf

415

501

501

asa-appl-proto

416

502

502

intrinsa

417

503

503

citadel

418

504

504

mailbox-lm

419

505

505

ohimsrv

420

506

506

crs

421

507

507

xvttp

422

508

508

snare

423

509

509

fcp

424

510

510

passgo

425

511

511

exec

426

512

biff

427

512

login

428

513

who

429

513

shell

430

514

syslog

431

514

printer

432

515

515

videotex

433

516

516

talk

434

517

517

ntalk

435

518

518

utime

436

519

519

efs

437

520

router

438

520

ripng

439

521

521

ulp

440

522

522

ibm-db2

441

523

523

ncp

442

524

524

timed

443

525

525

tempo

444

526

526

stx

445

527

527

custix

446

528

528

irc-serv

447

529

529

courier

448

530

530

conference

449

531

531

netnews

450

432

432

netwall

451

533

533

mm-admin

452

534

534

iiop

453

535

535

opalis-rdv

454

536

536

nmsp

455

537

537

gdomap

456

538

538

apertus-ldp

457

539

539

uucp

458

540

540

uucp-rlogin

459

541

541

commerce

460

542

542

klogin

461

543

543

kshell

462

544

544

appleqtcsrvr

463

545

545

dhcpv6-client

464

546

546

dhcpv6-server

465

547

547

idfp

466

549

549

new-rwho

467

550

550

cybercash

468

551

551

deviceshare

469

552

552

pirp

470

553

553

remotefs

471

556

556

openvms-sysipc

472

557

557

sdnskmp

473

558

558

teedtap

474

559

559

rmonitor

475

560

560

monitor

476

561

561

chshell

477

562

562

nntps

478

563

563

9pfs

479

564

564

whoami

480

565

565

streettalk

481

566

566

banyan-rpc

482

567

567

ms-shuttle

483

568

568

ms-rome

484

569

569

meter

485

570–571

570–571

sonar

486

572

572

banyan-vip

487

573

573

ftp-agent

488

574

574

vemmi

489

575

575

vnas

491

577

577

ipdd

492

578

578

decbsrv

493

579

579

sntp-heartbeat

494

580

580

bdp

495

581

581

scc-security

496

582

582

philips-vc

497

583

583

keyserver

498

584

584

imap4-ssl

499

585

585

password-chg

500

586

586

submission

501

587

587

cal

502

588

588

eyelink

503

589

589

tns-cml

504

590

590

http-alt

505

591

591

eudora-set

506

592

592

http-rpc-epmap

507

593

593

tpip

508

594

594

cab-protocol

509

595

595

smsd

510

596

596

ptcnameservice

511

597

597

sco-websrvrmg3

512

598

598

acp

513

599

599

ipcserver

514

600

600

urm

515

606

606

nqs

516

607

607

sift-uft

517

608

608

npmp-trap

518

609

609

npmp-local

519

610

610

npmp-gui

520

611

611

hmmp-ind

521

612

612

hmmp-op

522

613

613

sshell

523

614

614

sco-inetmgr

524

615

615

sco-sysmgr

525

616

616

sco-dtmgr

526

617

617

dei-icda

527

618

618

digital-evm

528

619

619

sco-websrvrmgr

529

620

620

escp-ip

530

621

621

collaborator

531

622

622

aux_bus_shunt

532

623

623

cryptoadmin

533

624

624

dec_dlm

534

625

625

asia

535

626

626

passgo-tivoli

536

627

627

qmqp

537

628

628

3com-amp3

538

629

629

rda

539

630

630

ipp

540

631

631

bmpp

541

632

632

servstat

542

633

633

ginad

543

634

634

rlzdbase

544

635

635

ldaps

545

636

636

lanserver

546

637

637

mcns-sec

547

638

638

msdp

548

639

639

entrust-sps

549

640

640

repcmd

550

641

641

esro-emsdp

551

642

642

sanity

552

643

643

dwr

553

644

644

pssc

554

645

645

ldp

555

646

646

dhcp-failover

556

647

647

rrp

557

648

648

aminet

558

649

659

obex

559

650

650

ieee-mms

560

651

651

hello-port

561

652

652

repscmd

562

653

653

aodv

563

654

654

tinc

564

655

655

spmp

565

656

656

rmc

566

657

657

tenfold

567

658

658

mac-srvr-admin

568

660

660

hap

569

661

661

pftp

570

662

662

purenoise

571

663

663

secure-aux-bus

572

664

664

sun-dr

573

665

665

doom

574

666

666

disclose

575

667

667

mecomm

576

668

668

meregister

577

669

669

vacdsm-sws

578

670

670

vacdsm-app

579

671

671

vpps-qua

580

672

672

cimplex

581

673

673

acap

582

674

674

dctp

583

675

675

vpps-via

584

676

676

vpp

585

677

677

ggf-ncp

586

678

678

mrm

587

679

679

entrust-aaas

588

680

680

entrust-aams

589

681

681

xfr

590

682

682

corba-iiop

591

683

683

corba-iiop-ssl

592

684

684

mdc-portmapper

593

685

685

hcp-wismar

594

686

686

asipregistry

595

687

687

realm-rusd

596

688

688

nmap

597

689

689

vatp

598

690

690

msexch-routing

599

691

691

hyperwave-isp

600

692

692

connendp

601

693

693

ha-cluster

602

694

694

ieee-mms-ssl

603

695

695

rushd

604

696

696

uuidgen

605

697

697

olsr

606

698

698

accessnetwork

607

699

699

elcsd

608

704

704

agentx

609

705

705

silc

610

706

706

borland-dsj

611

707

707

entrust-kmsh

612

709

709

entrust-ash

613

710

710

cisco-tdp

614

711

711

netviewdm1

615

729

729

netviewdm2

616

730

730

netviewdm3

617

731

731

netgw

618

741

741

netrcs619

619

742

742

flexlm

620

744

744

fujitsu-dev

621

747

747

ris-cm

622

748

748

kerberos-adm

623

749

749

rfile

624

750

kerberos-iv

625

750

pump

626

751

751

qrh

627

752

752

rrh

628

753

753

tell

629

754

754

nlogin

630

758

758

con

631

759

759

ns

632

760

760

rxe

633

761

761

quotad

634

762

762

cycleserv

635

763

763

omserv

636

764

764

webster

637

765

765

phonebook

638

767

767

vid

639

769

769

cadlock

640

770

770

rtip

641

771

771

cycleserv2

642

772

772

submit

643

773

notify

644

773

rpasswd

645

774

acmaint_dbd

646

774

entomb

647

775

acmaint_transd

648

775

wpages

649

776

776

multiling-http

650

777

777

wpgs

651

780

780

concert

652

786

786

qsc

653

787

mdbs_daemon

654

800

800

device

655

801

801

itm-mcell-s

656

828

828

pkix-3-ca-ra

657

829

829

dhcp-failover2

658

847

847

rsync

659

873

873

iclcnet-locate

660

886

886

iclcnet_svinfo

661

887

887

accessbuilder

662

888

888

omginitialrefs

663

900

900

smpnameres

664

901

901

ideafarm-chat

665

902

902

ideafarm-catch

666

903

903

xact-backup

667

911

911

ftps-data

668

989

989

ftps

669

990

990

nas

670

991

991

telnets

671

992

992

imaps

672

993

993

ircs

673

994

994

pop3s

674

995

995

vsinet

675

996

996

maitrd

676

997

997

busboy

677

998

puparp

678

998

garcon

679

999

applix

680

999

surf

681

1010

1010

rmiactivation

682

1098

1098

rmiregistry

683

1099

1099

ms-sql-s

684

1433

1433

oracle

690

1521

1521

orasrv

691

1525

1525

tlisrv

692

1527

1527

coauthor

693

1529

1529

rdb-dbs-disp

694

1571

1571

oraclenames

695

1575

1575

oraclenet8cman

696

1630

1630

net8-cman

697

1830

1830

ms-olap

686

2382–2383, 2393–2394

2382–2383, 2393–2394

msft-gc

687

3268

3268

msft-gc-ssl

688

3269

3269

citrixima

698

2512

2512

citrixadmin

699

2513

2513

citrix-rtmp

700

2897

2897

citriximaclient

701

2598

2598

micromuse-lm

702

1534

1534

orbixd

703

1570

1570

orbix-locator

704

3075

3075

orbix-config

705

3076

3076

orbix-loc-ssl

706

3077

3077

shockwave

707

1626

1626

sitaraserver

708

2629

2629

sitaramgmt

709

2630

2630

sitaradir

710

2631

2631

mysql

711

3306

3306

msnp

713

1836

1826

aim

714

5190–5193

groove

715

2492

2492

directplay

716

2234

2234

directplay8

717

6073

6073

kali

718

2213

2213

worldfusion

719

2595–2596

2595–2596

directv-web

720

3334

3334

directv-soft

721

3335

3335

directv-tick

722

3336

3336

directv-catlg

723

3337

3337

wta-wsp-s

724

2805

2805

wap-push

725

2948

2948

wap-pushsecure

726

2949

2949

wap-push-http

727

4035

4035

wap-push-https

728

4036

4036

game-spy

755

6500, 28900

6515, 27900

ibprotocol

737

6714

6714

wap-wsp

729

9200

9200

wap-wsp-wtp

730

9201

9201

wap-wsp-s

731

9202

9202

wap-wsp-wtp-s

732

9203

9203

wap-vcard

733

9204

9204

wap-vcal

734

9205

9205

wap-vcard-s

735

9206

9206

wap-vcal-s

736

9207

9207

pptp

739

1723

1723

gtp-user

740

2152

2152

xdtp

741

3088

3088

l2tp

742

1701

1701

fsgs

743

6112

6112

parsec-game

744

6582

6582

UnReal_UT

745

7777-7783

SiN

746

22450

22450

halflife

747

27015

tribes

748

28001

28001

Heretic II

749

28910

starsiege

750

29001–29009

game-search

751

29001

KingPin

752

31510

31510

runescape

753

43594

GLT Poliane

882

1201

MSN Messenger

883

1863

1863

xbox live

898

3074

3074

ps2

899

10070–10080

10070

compressnet

900

2–3

2–3

rje

901

5

5

echo

902

7

7

discard

903

9

9

systat

904

11

11

daytime

905

13

13

qotd

906

17

17

msp

907

18

18

chargen

908

19

19

ftp-data

909

20

20

ssh

910

22

22

telnet

911

23

23

nsw-fe

912

27

27

msg-icp

913

29

29

msg-auth

916

31

31

dsp

917

33

33

time

918

37

37

rap

919

38

38

rlp

920

39

39

graphics

921

41

41

name

922

42

42

nicname

923

43

43

mpm-flags

924

44

44

mpm

925

45

45

mpm-snd

926

46

46

ni-ftp

927

47

47

auditd

928

48

48

tacacs

929

49

49

re-mail-ck

930

50

50

la-maint

931

51

51

xns-time

932

52

52

xns-ch

934

54

54

isi-gl

935

55

55

xns-auth

936

56

56

xns-mail

937

58

58

ni-mail

938

61

61

acas

939

62

62

whois

940

63

63

covia

941

64

64

tacacs-ds

942

65

65

sql*net

943

66

66

bootps

944

67

67

bootpc

945

68

68

gopher

947

70

70

netrjs-1

948

71

71

netrjs-2

949

72

72

netrjs-3

950

73

73

netrjs-4

951

74

74

deos

952

76

76

finger

953

79

79

hosts2-ns

954

81

81

xfer

955

82

82

mit-ml-dev

956

83, 85

83, 85

ctf

957

84

84

mfcobol

958

86

86

kerberos

959

88

88

su-mit-tg

960

89

89

dnsix

961

90

90

mit-dov

962

91

91

npp

963

92

92

dcp

964

93

93

objcall

965

94

94

supdup

966

95

95

dixie

967

96

96

swift-rvf

968

97

97

tacnews

969

98

98

metagram

970

99

99

newacct

971

100

hostname

972

101

101

iso-tsap

973

102

102

gppitnp

974

103

103

acr-nema

975

104

104

csnet-ns

976

105

105

3com-tsmux

977

106

106

rtelnet

978

107

107

snagas

979

108

108

pop2

980

109

109

sunrpc

981

111

111

mcidas

982

112

112

auth

983

113

113

audionews

984

114

114

sftp

985

115

115

ansanotify

986

116

116

uucp-path

987

117

117

sqlserv

988

118

118

cfdptkt

989

120

120

erpc

990

121

121

smakynet

991

122

122

ansatrader

993

124

124

locus-map

994

125

125

nxedit

995

126

126

locus-con

996

127

127

gss-xlicen

997

128

128

pwdgen

998

129

129

cisco-fna

999

130

130

LapLink

1105

1547

SAP

1106

3200,3300,3600

cisco-tna

2000

131

131

cisco-sys

2001

132

132

statsrv

2002

133

133

ingres-net

2003

134

134

Anarchy

2004

7013, 7500–7501

7013, 7500–7501

Asherons Call

2005

9000–9013

9000–9013

Black And White

2006

2611–2612

Counter strike

2007

27020–27039

1200, 27000–27018

Dark Reign

2008

26214

26214

Diablo

2009

6113–6119, 4000

6113–6119

Elite Force

2010

26000, 27500

F16

2011

3862, 3863

F22 Simulator (lightning 3)

2012

3874–3875, 4533, 4534

Hexen

2013

26900

Kohan Immortal Sovereigns

2014

3855, 17437

3855, 17437

Motorhead

2015

16000, 16010–16030

16000, 16010–16030

Myth

2016

3453

3453

Need For Speed

2017

9442

9442

Need For Speed 3

2018

1030

1030

Operation Flash Point

2019

47624

Outlaws

2020

5310

5310

Swat3

2021

16639

16638

Ultima

2022

5002–5010, 7775–7777, 8888, 9999, 7875

Warcraft

2023

3724

3724

Znes

2024

7845

Delta Force

2025

3100, 3999

3100, 3999, 3568, 3569

Rainbox six

2026

2346

2346

Soldier of fortune

2027

28911–28915

Westwood Online

2028

1140, 1234

1140, 1234

Yahoo Games

2029

11999

Konspire2b

2031

6085

6085

Protocols Identified on Unidirectional Flows

When unidirectional classification is enabled, the protocols listed in Table 1-8 can be detected on unidirectional flows.

  • When a unidirectional flow (inbound or outbound) passes through the SCE platform, it is matched against this set of protocol signatures.
  • When a bidirectional flow passes through the SCE platform, the protocol library tries to match it to one of its standard (bidirectional) protocol signatures.

 

Table 1-8 Unidirectionally Detected Protocols

Protocol Name
Protocol ID

AntsP2P

113

Audio over HTTP

1041

BBC iPlayer

1057

BaiBao

43

Baidu Movie

1043

Behavioral Upload/Download

127

Binary over HTTP

1042

BitTorrent

24

Citrix

1104

CUWorld

117

Club Box

1038

Dijjer

120

Dial070 - Smartphone Login

1131

Dial070 - Smartphone Voice

1118

DingoTel

42

DirectConnect

19

EmuleEncrypted

105

Entropy

125

Exosee

121

FastTrack KaZaA File Transfer

14

Feidian

1037

Filetopia

31

Flash

2033

Flash MySpace

2035

Flash Yahoo

2036

Flash YouTube

2034

Fring

1052

FunshionTCP

1144

Furthur

123

Generic IPv6

1196

Generic TCP

0

Gnutella File Transfer

12

Gnutella Networking

11

Google Talk

1030

GoogleEarth

118

HTTP Browsing

2

HTTP Tunnel

55

Hopster

115

Hotline

20

ICQ

119

Jabber

116

Joost

1046

Kontiki

124

LapLink

1105

Location Free

1045

LottoFile

1095

MMS

6

Monkey3

1096

MS Push Mail

1048

MSN Messenger

883

Manolito

22

Mobile MMS

46

Mute

34

Napster

32

NeoNet

37

Net2phone

1135

NodeZilla

35

ooVoo

1114

Pandora

1138

POCO

51

POP3

9

PPLive

44

PPStream

49

Pando

1049

PeerEnabler

122

QQ-Live

2032

SMTP

8

Skype

25

Sling

112

TVAnts

109

Thunder

50

Tor and Orbot

1065

UC

48

Viber over TCP

1147

Video over HTTP

1040

Warez/FileCroc

39

WebThunder

1055

WinMX/OpenNap

16

Winny

17

Yahoo Messenger

40

Yahoo Messenger VoIP

45

Zattoo

1047

eDonkey

18

guruguru

66

iTunes

30

imap

59

soribada

69

v-share

71

Services

Services are the building blocks of service configurations. Classification of a transaction to a service determines the accounting and control that apply to the corresponding transaction. Services are organized in an hierarchal structure used for both accounting and control.

Table 1-9 lists the services defined in the default service configuration. Two service usage counters, Global Usage Counter and Subscriber Usage Counter, are used to accumulate information about the transactions classified under each service. Both these counter have the same name.

An asterisk is appended to a service usage counter name whenever the counter applies to more than one service.

 

Table 1-9 Installed Services

Name
ID
Name of Parent Service
Global Usage Counter and Subscriber Usage Counter

Default Service

0

 

Default Service*

Browsing

7

Default Service

Global: Default Service*, Subscriber: Browsing*

Content Delivery Networks

140

Browsing

Global: Content Delivery Networks, Subscriber: Browsing

ClickStream-New Page

118

HTTP

Global: ClickStream-New Page, Subscriber: Browsing*

ClickStream-New Site

119

HTTP

Global: ClickStream-New Site, Subscriber: Browsing*

HTTP

16

Browsing

Global: HTTP, Subscriber: Browsing*

HTTPS

17

Browsing

Global: HTTPS, Subscriber: Browsing*

E-Mail

4

Default Service

E-Mail*

IMAP

23

E-Mail

Global: IMAP, Subscriber: E-Mail*

MS Exchange Desktop

110

E-Mail

Global: MS Exchange Desktop, Subscriber: E-Mail*

MS Push Mail

47

E-Mail

Global: MS Push Mail, Subscriber: E-Mail*

POP3

21

E-Mail

Global: POP3, Subscriber: E-Mail*

SMTP

22

E-Mail

Global: SMTP, Subscriber: E-Mail*

Web-Based E-Mail

71

E-Mail

Global: Web-Based E-Mail, Subscriber: E-Mail*

File Sharing

49

Default Service

Default Service*

Appstores

136

File Sharing

Global: Appstores, Subscriber: File Sharing

Android Market

138

Appstores

Global: Appstores, Subscriber: File Sharing

Apple Appstore

137

Appstores

Global: Appstores, Subscriber: File Sharing

MacAppstore

121

Appstores

Global: MacAppstore Subscriber: Default Service*

Windows Store

113

Appstores

Global: Windows Store Subscriber: Default Service*

iOS Update

115

Appstores

Global: iOS Update Subscriber: Default Service*

CloudStorage

125

File Sharing

Global: CloudStorage, Subscriber: File Sharing

Download over HTTP

44

File Sharing

Download over HTTP

FTP

32

File Sharing

FTP

IM File Transfer

51

File Sharing

Global: Default Service*, Subscriber: IM File Transfer*

Google Talk File Transfer

54

IM File Transfer

Global: Google Talk File Transfer, Subscriber: IM File Transfer*

ICQ File Transfer

55

IM File Transfer

Global: ICQ File Transfer, Subscriber: IM File Transfer*

QQ File Transfer

52

IM File Transfer

Global: QQ File Transfer, Subscriber: IM File Transfer*

Skype File Transfer

98

IM File Transfer

Global: Skype File Transfer, Subscriber: IM File Transfer*

Windows Live Messenger File Transfer

57

IM File Transfer

Global: Windows Live Messenger File Transfer, Subscriber: IM File Transfer*

Yahoo Messenger File Transfer

53

Global: Yahoo Messenger File

Global: Yahoo Messenger File Transfer, Subscriber: IM File Transfer*

Other IM File Transfer

56

IM File Transfer

Global: Other IM File Transfer, Subscriber: IM File Transfer*

One-Click Hosting

50

File Sharing

One-Click Hosting

P2P

9

File Sharing

Default Service*

Ares/Warez

58

P2P

Arez/Warez

Bittorrent

24

P2P

Global: Default Service*, Subscriber: Bittorrent*

Bittorrent Over IPv6

116

Bittorrent

Global: Bittorrent Over IPv6, Subscriber: Bittorrent*

Encrypted Bittorrent

62

Bittorrent

Global: Encrypted Bittorrent, Subscriber: Bittorrent*

Non-Encrypted Bittorrent

63

Bittorrent

Global: Non-Encrypted Bittorrent, Subscriber: Bittorrent*

Gnutella

30

P2P

Gnutella

Winny

27

P2P

Winny

eDonkey/eMule

14

P2P

Global: Default Service*, Subscriber: eDonkey/eMule*

Encrypted eMule

60

eDonkey/eMule

Global: Encrypted eMule, Subscriber: eDonkey/eMule*

Non-Encrypted eMule

61

eDonkey/eMule

Global: Non-Encrypted eMule, Subscriber: eDonkey/eMule*

Behavioral P2P

43

P2P

Behavioral P2P

Other P2P

59

P2P

Other P2P

Behavioral Upload/Download

39

File Sharing

Behavioral Upload/Download

Gaming

29

Default Service

Global: Default Service*, Subscriber: Gaming*

Nintendo Wii

90

Gaming

Global: Nintendo Wii, Subscriber: Gaming*

PC Gaming

87

Gaming

Global: PC Gaming, Subscriber: Gaming*

Playstation

89

Gaming

Global: Playstation, Subscriber: Gaming*

Wow

122

Gaming

Global: Wow, Subscriber: Gaming*

Xbox

88

Gaming

Global: Xbox, Subscriber: Gaming*

Instant Messaging

28

Default Service

Global: Default Service*, Subscriber: Instant Messaging*

Apple iMessage

134

Instant Messaging

Global: Apple iMessage, Subscriber: Instant Messaging

Facebook IM

101

Instant Messaging

Global: HTTP Browsing, Subscriber: Instant Messaging*

Facebook Messenger

130

Instant Messaging

Global: Default Service*, Subscriber: Instant Messaging*

Google Talk

83

Instant Messaging

Global: Google Talk, Subscriber: Instant Messaging*

ICQ

85

Instant Messaging

Global: ICQ, Subscriber: Instant Messaging*

WhatsApp Message

135

Instant Messaging

Global: WhatsApp Message, Subscriber: Instant Messaging

Windows Live Messenger

82

Instant Messaging

Global: Windows Live Messenger, Subscriber: Instant Messaging*

Yahoo Messenger

84

Instant Messaging

Global: Yahoo Messenger, Subscriber: Instant Messaging*

Other Instant Messaging

86

Instant Messaging

Global: Other Instant Messaging, Subscriber: Instant Messaging*

Internet Privacy

94

Default Service

Global: Default Service*, Subscriber: Internet Privacy*

Anonimity Networks

95

Internet Privacy

Global: Anonimity Networks, Subscriber: Internet Privacy*

Tunneling

38

Internet Privacy

Global: Tunneling, Subscriber: Internet Privacy*

VPN

41

Internet Privacy

Global: Default Service*, Subscriber: Internet Privacy*

IPSec VPN

42

VPN

Global: IPSec VPN, Subscriber: Internet Privacy*

OpenVPN

102

VPN

Global: OpenVPN, Subscriber: Internet Privacy*

Other VPN

139

VPN

Global: Other VPN, Subscriber: Internet Privacy*

Net Admin

33

Default Service

Global: Default Service*, Subscriber: Net Admin*

Naming Services

91

Net Admin

Global: Naming Services, Subscriber: Net Admin*

Terminals

92

Net Admin

Global: Terminals, Subscriber: Net Admin*

Other Net Admin

93

Net Admin

Global: Other Net Admin, Subscriber: Net Admin*

Social Media

104

Default Service

Default Service*

Facebook

105

Social Media

Global: Facebook, Subscriber: Default Service

MySpace

107

Social Media

Global: MySpace, Subscriber: Default Service*

Twitter

106

Social Media

Global: Twitter, Subscriber: Default Service

Other Social Sites

108

Social Media

Global: Other Social Sites, Subscriber: Default Service

Location Based Services

48

Default Service

Global: Location Based Services, Subscriber: Default Service*

Streaming

70

Default Service

Default Service*

Audio

76

Streaming

Audio

Video

100

Streaming

Global: Video, Subscriber: Default Service*

DailyMotion

45

Video

Global: DailyMotion, Subscriber: Default Service

Flash MySpace Video

73

Video

Global: Flash MySpace Video, Subscriber: Default Service*

NetFlix

26

Video

Global: NetFlix, Subscriber: Default Service*

Yahoo

75

Video

Global: Yahoo, Subscriber: Default Service*

YouTube

74

Video

Global: YouTube, Subscriber: Default Service*

Other Flash Video

72

Video

Global: Other Flash Video, Subscriber: Default Service*

P2P Video

77

Streaming

Global: Default Service, Subscriber: P2P Video

Joost

81

P2P Video

Global: Joost, Subscriber: P2P Video

PPLive

79

P2P Video

Global: PPLive, Subscriber: P2P Video

PPStream

80

P2P Video

Global: PPStream, Subscriber: P2P Video

Other P2P TV

78

P2P Video

Global: Other P2P TV, Subscriber: P2P Video

Other Streaming

34

Streaming

Global: Other Streaming, Subscriber: Other Streaming

BBC iPlayer Streaming

129

Other Streaming

Global: BBC iPlayer Streaming, Subscriber: Other Streaming

MMS

20

Other Streaming

Global: MMS, Subscriber: Other Streaming*

RTMP

99

Other Streaming

Global: RTMP, Subscriber: Other Streaming*

RTSP

19

Other Streaming

Global: RTSP, Subscriber: Other Streaming*

TTNET Muzik

142

Other Streaming

Global: TTNET Muzik, Subscriber: Other Streaming

Newsgroups

8

Other

Newsgroups

Voice and Video Calls

12

Default Service

Global: Default Service*, Subscriber: Voice and Video Calls*

Gmail Video

124

Voice and Video Calls

Global: Gmail Video, Subscriber: Voice and Video Calls*

Google Talk VoIP

68

Voice and Video Calls

Global: Google Talk VoIP, Subscriber: Voice and Video Calls*

Google Voice

103

Voice and Video Calls

Global: Google Voice, Subscriber: Voice and Video Calls*

H323

11

Voice and Video Calls

Global: H323, Subscriber: Voice and Video Calls*

ICQ VoIP

40

Voice and Video Calls

Global: ICQ VoIP, Subscriber: Voice and Video Calls*

MGCP

5

Voice and Video Calls

Global: MGCP, Subscriber: Voice and Video Calls*

MyPeople

126

Voice and Video Calls

Global:Mypeople, Subscriber:Voice and Video Calls*

QQ VoIP

69

Voice and Video Calls

Global: QQ VoIP, Subscriber: Voice and Video Calls*

SIP

10

Voice and Video Calls

Global: SIP, Subscriber: Voice and Video Calls*

Skype

25

Voice and Video Calls

Global: Default Service*, Subscriber: Voice and Video Calls*

Skype VoIP

97

Skype

Global: Skype VoIP, Subscriber: Voice and Video Calls*

SkypeIn

65

Skype

Global: SkypeIn, Subscriber: Voice and Video Calls*

SkypeOut

66

Skype

Global: SkypeOut, Subscriber: Voice and Video Calls*

Other Skype

67

Skype

Global: Other Skype, Subscriber: Voice and Video Calls*

Viber

123

Voice and Video Calls

Global:Viber,Subscriber:Voice and Video Calls*

VideoConference

109

Voice and Video Calls

Global:VideoConference,Subscriber:Voice and Video Calls

Vonage

13

Voice and Video Calls

Global: Vonage, Subscriber: Voice and Video Calls*

Windows Live Messenger VoIP and Video

15

Voice and Video Calls

Global: Default Service*, Subscriber: Voice and Video Calls*

Windows Live Messenger Video

18

Windows Live Messenger VoIP and Video

Global: Windows Live Messenger Video, Subscriber: Voice and Video Calls*

Windows Live Messenger VoIP

46

Windows Live Messenger VoIP and Video

Global: Windows Live Messenger VoIP, Subscriber: Voice and Video Calls*

Yahoo Messenger VoIP and Video

31

Voice and Video Calls

Global: Default Service*, Subscriber: Voice and Video Calls*

Yahoo Messenger Video

35

Yahoo Messenger VoIP and Video

Global: Yahoo Messenger Video, Subscriber: Voice and Video Calls*

Yahoo Messenger VoIP

37

Yahoo Messenger VoIP and Video

Global: Yahoo Messenger VoIP, Subscriber: Voice and Video Calls*

Yahoo Messenger Voice and Video

132

Voice and Video Calls

Global: Yahoo Messenger Voice and Video, Subscriber: Voice and Video Calls*

Behavioral VoIP

64

Voice and Video Calls

Global: Behavioral VoIP, Subscriber: Voice and Video Calls*

Other VoIP

36

Voice and Video Calls

Global: Other VoIP, Subscriber: Voice and Video Calls*

Dial070

117

Other VoIP

Global: Dial070, Subscriber: Voice and Video Calls*

Other

1

Default Service

Default Service*

Newsgroups

8

Other

Global: Newsgroups, Subscriber: Other

Trading

111

Other

Default Service*

BitCoin

141

Trading

Global: BitCoin, Subscriber: Default Service*

FIX

112

Trading

Global: FIX, Subscriber: Default Service*

ebay

133

Trading

Default Service*

Other IP

6

Other

Other IP

Other IPv6

128

Other

Global: Other IPv6, Subscriber: Other

Other TCP

2

Other

Other TCP

Other UDP

3

Other

Other UDP

Other Well-Known Ports

96

Other

Other Well-Known Ports

RDR Settings

The Cisco SCE platforms generate and transmit Raw Data Records (RDRs) that contain a wide variety of information and statistics, depending on the configuration of the system.

Table 1-10 lists the RDR settings defined in the default service configuration.

 

Table 1-10 Default RDR Settings

RDR Family
RDR Name
State
Rate
Rate Limit
Notes

Usage

Generic

ON

Every 5 minutes

Link

ON

Every 5 minutes

Package

ON

Every 5 minutes

Subscriber

ON

Every 10 minutes

200 per second

Virtual Links

OFF

Every 10 minutes

Default is ON for service configurations created in Virtual Links mode.

Transaction

Transaction

ON

100 per second

All services have the same relative weight.

Anonymized Transaction

ON

100 per second

All services have the same relative weight.

Transaction Usage

Transaction Usage (TUR)

OFF

No threshold.

AnonymizedTransaction Usage (TUR)

OFF

No threshold.

HTTP Transaction Usage

OFF

Anonymized HTTP Transaction Usage

OFF

RTSP Transaction Usage

OFF

Anonymized RTSP Transaction Usage

OFF

Video Transaction Usage

OFF

AnonymizedVideo Transaction Usage

OFF

VoIP Transaction Usage

OFF

AnonymizedVoIP Transaction Usage

OFF

Quota

Quota Breach

OFF

Generate RDR when bucket is breached.

Quota Status

OFF

User configured

User configured

Quota Threshold Breach

OFF

Generate RDR each time bucket exceeds threshold.

Session Creation

OFF

Generated upon subscriber introduction or package switch.

Log

Block

ON

20 per second

 

Anonymized Block

ON

20 per second

Real-Time Subscriber

Real-Time Subscriber Usage

ON

Every 1 minutes

100 per second

Enable for each subscriber separately, using CLI.

Attack

Attack Start

OFF

Attack Stop

 

Malicious Traffic

Malicious Traffic Periodic

ON

Every 60 seconds

Generated only during attack.

Spam

Spam

OFF

Anonymized Spam RDR

OFF

DHCP

DHCP

OFF

DHCP

DHCPv6

OFF

RADIUS

RADIUS

OFF

Zone

Zone Usage RDR

ON

Every 5 minutes

100 per second

Flow

Flow Start RDR

 

 

 

 

Anonymized Flow Start RDR

 

 

 

 

Flow End RDR

 

 

 

 

Anonymized Flow End RDR

 

 

 

 

Flow ongoing RDR

 

 

 

 

Anonymized Flow ongoing RDR

 

 

 

 

Media Flow RDR

 

 

 

 

Anonymized Media Flow RDR

 

 

 

 

Rules

Rules are a set of configurable instructions telling the application how to handle flows classified to a service.

The default service configuration contains a single rule for the default service. Until you create other rules, the default service rule applies to all traffic processed by the SCE platform.

The default service rule places no restrictions on traffic:

  • Flows are routed through the default Bandwidth Controllers (BWCs), which have unlimited bandwidth (BW).
  • No quota limitations are applied to the flows and external quota management mode is selected.

System Mode

The default System Operational Mode is Report Only, which means that the system is used for reporting but does not control traffic.

The default System Topological Mode is Duplex, which means that all inbound and outbound traffic go through the SCE platform.

Note When unidirectional classifications enabled, there are some changes to the default service configuration:
- There are no predefined flavors.
- No service elements include a specified flavor.
- Periodic quota management mode is selected.