Cisco Application Visibility and Control Field Definition Guide for Third-Party Customers

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: November 16, 2014

Chapter: DPI and L7 Extracted Fields

DPI/L7 Extracted Fields

First Published: March 29, 2013
Revised: March 26, 2015

Table B-1 describes deep packet inspection (DPI)/L7 extracted fields and the CLI used to retrieve the value of the fields.

Table B-1 AVC DPI/L7 Extracted Fields

Field Name	Re- lease	Protocol Pack	Type	Application ID EngID Sel ID		Sub Application ID	Description	Data Source	CLI
sslCommonName	3.9	7.0	String	13	453	13313	Common name extracted from a SSL certificate.	NBAR	collect application ssl common-name
httpUrl	3.7	—	String	3	80	13313	URL extracted from the HTTP transaction. The URL is required per transaction.	NBAR	collect application http url
httpHostName	3.7	—	String	3	80	13314	Host Name extracted from the HTTP transaction. The URL is required per transaction.	NBAR	collect application http host
httpUserAgent	3.7	—	String	3	80	13315	User agent field extracted from the HTTP transaction.	NBAR	collect application http user-agent
httpReferer	3.7	—	String	3	80	13316	REFERER extracted from the HTTP transaction.	NBAR	collect application http referer
rtspHostName	3.7	—	String	3	554	13313	RTSP host name extracted from the RTSP transaction.	NBAR	collect application rtsp host-name
smtpServer	3.7	—	String	3	25	13313	Server name extracted from an SMTP transaction.	NBAR	collect application smtp server
smtpSender	3.7	—	String	3	25	13314	Sender name extracted from an SMTP transaction.	NBAR	collect application smtp sender
pop3Server	3.7	—	String	3	110	13313	Server name extracted from a POP3 transaction.	NBAR	collect application pop3 server
nntpGroupName	3.7	—	String	3	119	13313	Group name extracted from an NNTP transaction.	NBAR	collect application nntp group-name
sipSrcDomain	3.7	—	String	3	5060	13314	Source domain extracted from a SIP transaction.	NBAR	collect application sip source
sipDstDomain	3.7	—	String	3	5060	13313	Destination domain extracted from a SIP transaction.	NBAR	collect application sip destination

Notes

Beginning with IOS XE release 3.7, the fields are exported using the field subApplicationValue (ID=45003). The field is encoded as { applicationID (4B), subApplicationID (2B), Value (Variable Len)} merged together. If the field is not observed, the size of the field is 6 and includes only applicationTag and subApplicationTag.
The sub-application-table option template maps the extracted field ID to name and description, as follows:

– Extracted field ID: subApplicationTag (ID=97)

– Name: subApplicationName (ID=109)

– Description: subApplicationDesc (ID=110)

All HTTP-based applications, such as YouTube, SharePoint, and so on, use the same sub-application ID, defined by the subApplicationID, as defined by the HTTP application.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)