- Release Notes for NBAR2 Protocol Pack 9.0.0
- 3COM-AMP3 through AYIYA-IPV6-TUNNELED
- BABELGUM through BR-SAT-MON
- CABLEPORT through CYCLESERV2
- DASP through DWR
- ECHO through EXEC
- FACEBOOK through FUJITSU-DEV
- GACP through GTP-USER
- H323 through HYPERWAVE-ISP
- IAFDBASE through JARGON
- KALI through LWAPP
- MAC-SRVR-ADMIN through MYSQL
- NAME through NXEDIT
- OBEX through OSU-NMS
- P10 through PWDGEN
- QBIKGDP through RXE
- SAFT through SYSTAT
- TACACS through TWITTER
- UAAC through VSLMP
- WAP-PUSH through ZSERV
- Index
NBAR2 Protocol Pack 9.0.0
Platforms
NBAR2 Protocol Pack 9.0.0
NBAR2 Protocol Pack 9.0.0
in NBAR2 Protocol Pack 9.0.0
Protocol Pack 9.0.0
Limitations in NBAR2 Protocol Pack 9.0.0
Configurations
Release Notes for
NBAR2 Protocol Pack 9.0.0
The newly added
features in NBAR2 Protocol Pack 9.0.0, after NBAR2 Protocol Pack 6.4.0, are:
Release Notes for
NBAR2 Protocol Pack 9.0.0
Supported Platforms
 Note | Though the NBAR2 protocol library and the protocol signatures support IPv6 traffic classification, Cisco Wireless LAN Controller platforms currently support only IPv4 traffic classification. |
NBAR2 Protocol Pack 9.0.0 is the default built-in protocol pack provided along with the 8.0 software release. NBAR2 Protocol Pack 9.0.0 is supported on the following Cisco Wireless LAN Controller platforms:
New Features
New Protocols in NBAR2 Protocol Pack 9.0.0
The following new protocols have been added in NBAR2 Protocol Pack 9.0.0, after NBAR2 Protocol Pack 6.4.0.
|
Common Name |
Syntax Name |
Description |
|---|---|---|
|
Cisco Jabber Audio |
cisco-jabber-audio |
Cisco Jabber is a unified communications client application that provides presence, instant messaging (IM), voice, and video calling capabilities on many platforms. This protocol classifies the audio calls part of Cisco Jabber. |
|
Cisco Jabber Control |
cisco-jabber-control |
Cisco Jabber is a unified communications client application that provides presence, instant messaging (IM), voice, and video calling capabilities on many platforms. This protocol classifies the control and signaling part of Cisco Jabber. |
|
Cisco Jabber IM |
cisco-jabber-im |
Cisco Jabber is a unified communications client application that provides presence, instant messaging (IM), voice, and video calling capabilities on many platforms. This protocol classifies the text messaging part of Cisco Jabber. |
|
Cisco Jabber Video |
cisco-jabber-video |
Cisco Jabber is a unified communications client application that provides presence, instant messaging (IM), voice, and video calling capabilities on many platforms. This protocol classifies the video calls part of Cisco Jabber. |
|
Microsoft Lync Audio |
ms-lync-audio |
Microsoft Lync Audio is the audio calls support in MS Lync. This protocol classifies the voice part of video calls. The classification is based on STUN and RTP. |
|
Microsoft Lync Video |
ms-lync-video |
Microsoft Lync video is the video calls support in MS Lync. This protocol classifies the visual part of the video call. The voice in the video call is classified as MS-Lync-Audio. The classification is based on STUN and RTP. |
|
Microsoft Office Web Applications |
ms-office-web-apps |
Microsoft Office Web Apps is the web-based version of the Microsoft Office productivity suite. It includes the web-based versions of Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and Microsoft OneNote. The web applications allow users to access their documents within a web browser and collaborate with other users online. |
|
Microsoft SkyDrive |
skydrive |
Microsoft SkyDrive is a file hosting service that allows users to upload and sync files to a cloud storage and further access them from a web browser or a mobile application. |
|
Modbus TCP/IP |
modbus |
Modbus is a standard communication protocol for connecting industrial electronic devices. Modbus TCP/IP uses the Modbus instruction set and wraps TCP/IP around it. |
|
Ares |
ares |
Ares is a P2P network which was originally operating on the Gnutella network. After that, it switched to its own network with a leaves-and-super nodes architecture. Ares Galaxy, which is an open source P2P software, is the main client which makes use of Ares network. |
|
iCloud |
icloud |
iCloud is Apple's cloud computing and storage service. It provides data storage (such as music, files and iOS applications) over remote computer servers and enables downloading stored data to multiple devices. |
|
NetBIOS's Datagram Distribution Service |
netbios-dgm |
NetBIOS's datagram distribution service is the part of the NetBIOS-over-TCP/UDP protocol suite for connectionless communication. NetBIOS provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. NetBIOS's datagram distribution service provides a connectionless service which means that the error detection and recovery are the application responsibility. |
|
NetBIOS's Session Service |
netbios-ssn |
NetBIOS's session service is the part of the NetBIOS-over-TCP/UDP protocol suite for connection oriented communication. NetBIOS provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. NetBIOS's session service allows two machines to form a connection, mechanisms for error detection and recovery and multiple packets messages. |
|
Orbix 2000 Config over SSL |
orbix-cfg-ssl |
Orbix is a CORBA ORB (Object Request Broker) from Micro Focus which helps programmers build distributed applications. Orbix cfg (config) works over SSL typically on port 3078. |
|
Secure Simple Mail Transfer Protocol |
secure-smtp |
Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail transmission across networks. Secure-smtp refers to a method for securing SMTP with transport layer security, typically works on TCP port 461. |
|
Apple services |
apple-services |
apple-services is a set of tools and APIs, such as AppStore and apple website, used by Apple applications. |
|
Internet Audio Streaming Web Apps |
internet-audio-streaming |
The internet audio streaming protocol gathers the top websites and web applications such as SoundCloud and Grooveshark for audio streaming on the internet . |
|
Internet Video Streaming Web Apps |
Internet-video-streaming |
The internet video streaming protocol gathers the top websites and web applications such as Ustream and DailyMotion for video streaming on the internet. |
|
iTunes-Audio |
itunes-audio |
iTunes is a media player and media library application developed by Apple Inc. It is used to play, download, and organize digital audio and video on personal computers running the OS X and Microsoft Windows operating systems. Through the iTunes Store, users can purchase and download music, music videos, television shows, audiobooks, podcasts, movies, etc. on their MAC/Win PC/iDevices running iTunes. iTunes-audio refers to all audio streaming media services generated by iTunes such as play music, podcasts, and audiobooks. |
|
iTunes-Video |
itunes-video |
iTunes is a media player and media library application developed by Apple Inc. It is used to play, download, and organize digital audio and video on personal computers running the OS X and Microsoft Windows operating systems. Through the iTunes Store, users can purchase and download music, music videos, television shows, audiobooks, podcasts, movies, etc. on their MAC/Win PC/iDevices running iTunes. iTunes-video refers to all video streaming media services generated by iTunes such as play movies, TV shows, videocasts and videos. |
|
Naver Line |
naver-line |
Naver-line is a Japanese proprietary application for instant messaging on smartphones and PCs. Naver-Line users exchange text messages, graphics, video and audio media, make free VoIP calls, and hold free audio or video conferences. |
|
QQ Instant Messenger |
qq-im |
QQ instant messenger is the most popular IM software service in China. QQ IM was developed by Tencent Holding LTD. and has clients for Windows, Mac, Android, and iPhone. A Chinese version is available as well as an English version (QQ International). |
|
Share |
share |
Share is a closed-source P2P application being developed in Japan by an anonymous author. It was developed as the successor of Winny and focuses on higher security. Share uses encrypted caches, file names and IP addresses, and is based on node-organized architecture. |
Updated Protocols in NBAR2 Protocol Pack 9.0.0
The following table displays the protocols that have been updated in NBAR2 Protocol Pack 9.0.0, after NBAR2 Protocol Pack 6.4.0:
|
Protocol |
Updates |
|---|---|
|
ms-lync |
Updated signatures to support Microsoft Lync 2013. |
|
sip |
Updated signatures. |
|
sling |
Updated signatures to support mac client. |
|
youtube |
Updated signatures. |
|
corba-iiop-ssl |
Updated signatures. |
|
ddm-ssl |
Updated signatures. |
|
Exchange |
Updated signatures to support encrypted exchange traffic. |
|
ftps-data |
Updated signatures. |
|
h323 |
Updated signatures. |
|
ieee-mms-ssl |
Updated signatures. |
|
msft-gc-ssl |
Updated signatures. |
|
netflix |
Updated signatures to support Netflix in set-top-boxes, media streamers, game consoles and latest Windows, Apple and Android OSs. |
|
nsiiops |
Updated signatures. |
|
orbix-loc-ssl |
Updated signatures. |
|
secure-ftp |
Updated signatures. |
|
secure-imap |
Updated signatures. |
|
secure-irc |
Updated signatures. |
|
secure-ldap |
Updated signatures. |
|
secure-nntp |
Updated signatures. |
|
secure-pop3 |
Updated signatures. |
|
secure-telnet |
Updated signatures. |
|
sshell |
Updated signatures. |
|
blizwow |
Updated signatures. |
|
dnp |
Updated signatures to support DNP 3.0. |
|
espn-browsing |
Updated signatures. |
|
espn-video |
Updated signatures. |
|
imap |
Updated signatures. |
|
ms-office-365 |
Updated signatures. |
|
outlook-web-service |
Updated signatures to support outlook.com email service. |
|
rtp |
Updated signatures to support dynamic payload types. |
|
sip |
Updated signatures. |
|
telnet |
Updated signatures. |
|
aim |
Updated signatures to support t AIM pro client. |
|
baidu-movie |
Updated signatures. |
|
gbridge |
Updated signatures. |
|
google-services |
Updated signatures. |
|
google-talk |
Updated signatures to support Japanese client. |
|
itunes |
Updated signatures to support iTunes 11. |
|
ms-lync |
Updated signatures to support lync in office-365. |
|
oracle-sqlnet |
Updated signatures. |
|
yahoo-im |
Updated signatures to support Japanese client. |
|
youtube |
Updated signatures. |
Deprecated Protocols in NBAR2 Protocol Pack 9.0.0
The following table displays the protocols that are deprecated in NBAR2 Protocol Pack 9.0.0, after NBAR2 Protocol Pack 6.4.0.:
|
Protocol |
Reason |
|---|---|
|
ghostsurf |
Service is no longer available. |
|
guruguru |
Service is no longer available. |
|
hotmail |
Has been replaced with outlook-web-service. |
|
livemeeting |
Has been replaced with ms-lync. |
|
megavideo |
Service is no longer available. |
|
ms-lync-media |
Has been replaced with ms-lync-audio and ms-lync-video. |
The predefined custom protocols (named custom-01, custom-02…custom-10) have been deprecated in this protocol pack. In order to define custom protocols, users are advised to use the user-defined custom protocols. The support for protocol NetBIOS is also deprecated.
Caveats in NBAR2 Protocol Pack 9.0.0
Note | If you have an account on Cisco.com, you can also use the Bug Search Tool to find select caveats of any severity. To reach the Bug Search Tool, log in to Cisco.com and go to https://tools.cisco.com/bugsearch/search . (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.) |
Resolved Caveats in NBAR2 Protocol Pack 9.0.0
The following table lists the resolved caveats in NBAR2 Protocol Pack 9.0.0, after NBAR2 Protocol Pack 6.4.0:
|
Resolved Caveat |
Description |
|---|---|
|
CSCue08462 |
Some Xunlei-KanKan traffic may be misclassified as Xunlei. |
|
CSCuh63870 |
Video traffic generated by some ESPN websites might be misclassified as unknown. |
|
CSCuh63889 |
Web traffic generated by some ESPN websites might be misclassified as unknown. |
|
CSCui76906 |
The drop policy may not work for ms-office-web-apps protocol |
|
CSCui84201 |
The drop policy may not work for sky-drive protocol |
|
CSCui85573 |
Cisco-jabber-video and cisco-phone might be misclassified when configured under a class-map |
|
CSCui85652 |
Cisco-jabber-video for windows may not be classified correctly |
|
CSCuj07892 |
Microsoft Lync might be misclassified in certain scenarios |
|
CSCui72228 |
Matching under ms-office-web-apps attributes might be misclassified. |
|
CSCui93597 |
MS-Lync traffic on Mac and mobile devices may be misclassified. |
|
CSCuj40958 |
PCoIP with no TH signature performance improvement. |
|
CSCuj67799 |
Video traffic generated by the webex-meeting iPhone app might be misclassified as video-over-http. |
|
CSCuj76966 |
NetBIOS traffic might be misclassified as unknown. |
|
CSCul02147 |
Some cisco-jabber traffic might be misclassified as webex-meeting. |
|
CSCul02157 |
Some cisco-jabber traffic might be misclassified as ssl. |
|
CSCul18924 |
Some ms-lync-video traffic via mobile classified as rtp. |
|
CSCub89835 |
gbridge pc client might not be blocked. |
|
CSCuc43505 |
Traffic generated by AIM Pro might be misclassified as unknown and webex-meeting |
|
CSCui50424 |
When using Microsoft Lync in Office-365, the traffic might be misclassified as rtp or SSL |
Known Caveats in NBAR2 Protocol Pack 9.0.0
The following table lists the known caveats in NBAR2 Protocol Pack 9.0.0:
|
Known Caveat |
Description |
|---|---|
|
CSCub62860 |
gtalk-video might be misclassified as rtp |
|
CSCuh49380 |
PCoIP session-priority configuration limitation |
|
CSCuq72371 |
AVC pp 9.0 doesn't drop bit torrent traffic with existing torrent file |
Restrictions and Limitations in NBAR2 Protocol Pack 9.0.0
The following table lists the limitations and restrictions in NBAR2 Protocol Pack 9.0.0:
|
Protocol |
Limitation/Restriction |
|---|---|
|
bittorrent |
http traffic generated by the bitcomet bittorrent client might be classified as http |
|
capwap-data |
For capwap-data to be classified correctly, capwap-control must also be enabled |
|
cisco-jabber |
Encrypted cisco jabber might be classified as unknown. |
|
hulu |
Encrypted video streaming generated by hulu might be classified as its underlying protocol rtmpe |
|
logmein |
Traffic generated by the logmein android app might be misclassified as ssl |
|
ms-lync |
Login and chat traffic generated by the ms-lync client might be misclassified as ssl |
|
pcanywhere |
Traffic generated by pcanywhere for mac might be classified as unknown. |
|
qq-accounts |
Login to QQ applications which is not via web may not be classified as qq-accounts |
|
secondlife |
Voice traffic generated by secondlife might be misclassified as ssl |
Recommended Configurations
The following configurations are tested and recommended for blocking the respective traffic.
| Recommended Configuration | Caveat for reference |
|---|---|
| To block Picasa traffic, you need to block Google services and the Picasa application, because Google applications share signatures. | CSCud40143 |
| To block Gmail traffic, you need to block Google services and the Gmail application, because Google applications share signatures. | CSCud43226 |
Feedback