Table Of Contents
Default Service Configuration Reference Tables
Filter Rules
Information About Protocols
Generic Protocols
Signature-Based Protocols
IP Protocols
Port-Based Protocols
Protocols Identified on Unidirectional Flows
Services
RDR Settings
Rules
System Mode
Default Service Configuration Reference Tables
This chapter describes the default service configuration provided with the Cisco Service Control Application for Broadband (SCA BB). The default service configuration serves as a starting point for creating a service configuration tailored to customers' needs.
•
Filter Rules
•Information About Protocols
•Services
•RDR Settings
•Rules
•System Mode
Filter Rules
Filter rules allow you to instruct the Service Control Engine (SCE) platform to ignore some types of flow based on the flow's Layer 3 and Layer 4 properties, and transmit the flows unchanged.
Table 1-1 lists the filter rules defined in the default service configuration.
Table 1-1 Filter Rules
Flow Filter Name
|
Default State
|
Description
|
ICMP Filter
|
Active
|
Applies to ICMP packets, packets bypass the policy engine and are mapped to CoS BE
|
DNS (to network)
|
Active
|
Applies to UDP packets, network-side port is equal to 53, packets bypass the policy engine and are mapped to CoS BE
|
DNS (to subscriber)
|
Active
|
Applies to UDP packets, subscriber-side port is equal to 53, packets bypass the policy engine and are mapped to CoS BE
|
net-bios (to network)
|
Active
|
Applies to UDP packets, network-side port is equal to 137, packets bypass the policy engine and are mapped to CoS BE
|
net-bios (to subscriber)
|
Active
|
Applies to UDP packets, subscriber-side port is equal to 137, packets bypass the policy engine and are mapped to CoS BE
|
eDonkey UDP (to network)
|
Active
|
Applies to UDP packets, network-side ports in the range 4661 to 4665, packets bypass the policy engine and are mapped to CoS BE
|
eDonkey UDP (to subscriber)
|
Active
|
Applies to UDP packets, subscriber-side ports in the range 4661 to 4665, packets bypass the policy engine and are mapped to CoS BE
|
eMule UDP (to network)
|
Active
|
Applies to UDP packets, network-side ports in the range 4670 to 4674, packets bypass the policy engine and are mapped to CoS BE
|
eMule UDP (to subscriber)
|
Active
|
Applies to UDP packets, subscriber-side ports in the range 4670 to 4674, packets bypass the policy engine and are mapped to CoS BE
|
eMule UDP 2 (to network)
|
Active
|
Applies to UDP packets, network-side ports in the range 5670 to 5674, packets bypass the policy engine and are mapped to CoS BE
|
eMule UDP 2 (to subscriber)
|
Active
|
Applies to UDP packets, subscriber-side ports in the range 5670 to 5674, packets bypass the policy engine and are mapped to CoS BE
|
eMule UDP 3 (to network)
|
Active
|
Applies to UDP packets, network-side ports in the range 5780 to 5784, packets bypass the policy engine and are mapped to CoS BE
|
eMule UDP 3 (to subscriber)
|
Active
|
Applies to UDP packets, subscriber-side ports in the range 5780 to 5784, packets bypass the policy engine and are mapped to CoS BE
|
BGP Filter
|
Inactive
|
Applies to TCP packets, network-side port is equal to 179, packets bypass the policy engine and are mapped to CoS BE
|
DHCP Filter
|
Inactive
|
Applies to UDP packets, network-side ports in the range 67 to 68, packets bypass the policy engine and are mapped to CoS BE
|
OSPF Filter
|
Inactive
|
Applies to OSPFIGP packets, packets bypass the policy engine and are mapped to CoS BE
|
IS-IS Filter
|
Inactive
|
Applies to ISIS packets, packets bypass the policy engine and are mapped to CoS BE
|
IGRP Filter
|
Inactive
|
Applies to IGP packets, packets bypass the policy engine and are mapped to CoS BE
|
EIGRP Filter
|
Inactive
|
Applies to EIGRP packets, packets bypass the policy engine and are mapped to CoS BE
|
HSRP Filter 1
|
Inactive
|
Applies to UDP packets, network-side IP is equal to 224.0.0.2, packets bypass the policy engine and are mapped to CoS BE
|
HSRP Filter 2
|
Inactive
|
Applies to UDP packets, network-side port is equal to 1985, packets bypass the policy engine and are mapped to CoS BE
|
HSRP Filter 3
|
Inactive
|
Applies to UDP packets, subscriber-side port is equal to 1985, packets bypass the policy engine and are mapped to CoS BE
|
RIP Filter 1
|
Inactive
|
Applies to UDP packets, network-side IP is equal to 224.0.0.9, packets bypass the policy engine and are mapped to CoS BE
|
RIP Filter 2
|
Inactive
|
Applies to UDP packets, network-side port is equal to 520, packets bypass the policy engine and are mapped to CoS BE
|
RIP Filter 3
|
Inactive
|
Applies to UDP packets, subscriber-side port is equal to 520, packets bypass the policy engine and are mapped to CoS BE
|
RADIUS Filter
|
Inactive
|
Applies to UDP packets, network-side port is equal to 1812, packets bypass the policy engine and are mapped to CoS BE
|
RADIUS Filter (early deployment)
|
Inactive
|
Applies to UDP packets, network-side ports in the range 1645 to 1646, packets bypass the policy engine and are mapped to CoS BE
|
Information About Protocols
Protocols are divided into four groups:
•Generic Protocols—These protocols are used for transactions that were not mapped to a service by one of the more specific protocol types.
•Signature-Based Protocols—Protocols classified according to a Layer 7 application signature. This group includes the most common protocols, such as HTTP and FTP, and a large group of popular P2P protocols.
•IP Protocols—Protocols (such as ICMP), other than TCP and UDP protocols, identified according to the IP protocol number of the transaction.
•Port-Based Protocols—TCP and UDP protocols that are classified according to their well-known ports. The default configuration includes more than 600 common port-based protocols.
You may add new protocols (for example, to classify a new gaming protocol that uses a specific port) and edit or remove existing ones.
The tables in the following sections list the protocols defined in the default service configuration.
•Generic Protocols
•Signature-Based Protocols
•IP Protocols
•Port-Based Protocols
•Protocols Identified on Unidirectional Flows
Generic Protocols
The three generic protocols (IP, TCP, and UDP) serve as default containers for classifying transactions of the relevant type (IP, TCP, or UDP) that were not classified as belonging to a more specific protocol.
A transaction is classified as belonging to one of the generic protocols if it meets both the following conditions:
•It was not classified as belonging to a signature-based protocol.
•It was not classified as belonging to an IP or port-based protocol that is specifically mapped to a service.
Table 1-2 Generic Protocols
Protocol Name
|
ID
|
Description
|
Generic IP
|
10
|
Any non-TCP/UDP transaction where the related IP protocol is not specifically mapped to a service.
|
Generic TCP
|
0
|
Any TCP transaction that does not match any signature-based protocol, and where the related port-based protocol (if it exists) is not specifically mapped to a service1.
|
Generic UDP
|
1
|
Any UDP transaction that does not match any signature-based protocol, and where the related port-based protocol (if it exists) is not specifically mapped to a service.
|
Signature-Based Protocols
A transaction is classified as belonging to one of the signature-based protocols if it is carried on the protocol's well-known port or matches the protocol's signature.
Table 1-3 Signature-Based Protocols
Protocol Name
|
ID
|
TCP Ports
|
UDP Ports
|
Behavioral P2P
|
1044
|
|
|
Behavioral Upload/Download
See note following table
|
127
|
|
|
CUWorld
|
117
|
|
|
DHCP Sniff
|
33
|
|
|
DingoTel
|
42
|
|
|
DNS
|
933
|
|
|
Flash
|
1033
|
|
|
Flash YouTube
|
1034
|
|
|
Flash MySpace
|
1035
|
|
|
Flash Yahoo
|
1036
|
|
|
FTP
|
4
|
21
|
|
Generic Non-Established TCP
See note following table
|
126
|
|
|
GoogleEarth
|
118
|
|
|
Hopster
|
115
|
|
|
HTTP Browsing
|
2
|
80, 8080
|
|
HTTP Tunnel
|
55
|
|
|
ICQ
|
119
|
|
|
IRC
|
62
|
|
|
Jabber
|
116
|
|
|
MMS
|
6
|
1755
|
|
Mobile MMS
|
46
|
|
|
MS Push Mail
|
1048
|
|
|
NNTP
|
15
|
119
|
|
NTP
|
54
|
|
|
POP3
|
9
|
110
|
|
QQ
|
52
|
|
|
RTSP Streaming
|
5
|
554, 1554, 7070
|
|
Sling
|
112
|
|
|
SMTP
|
8
|
25
|
|
Location Free
|
1045
|
|
|
STUN
|
114
|
|
|
Thunder
|
50
|
|
|
UC
|
48
|
|
|
Yahoo Messenger
|
40
|
5000-5001
|
5000-5001
|
imap
|
59
|
143
|
143
|
radius
|
738
|
|
|
tftp
|
60
|
69
|
69
|
•Behavioral Upload/Download—Transactions that have download packet flow characteristics and do not match a more specific signature are classified to this protocol. This protocol applies to downloads both from the network side and from the subscriber side.
•Generic Non-Established TCP—TCP flows that are not established properly (syn-ack is missing) are mapped to this protocol.
Table 1-4 Signature-Based P2P Protocols
Protocol Name
|
ID
|
TCP Ports
|
UDP Ports
|
AntsP2P
|
113
|
|
|
BaiBao
|
43
|
|
|
BitTorrent
|
24
|
6881-6889
|
|
DHT
|
106
|
|
|
Dijjer
|
120
|
|
|
DirectConnect
|
19
|
411-413
|
|
Entropy
|
125
|
|
|
Exosee
|
121
|
|
|
FastTrack KaZaA File Transfer
|
14
|
|
|
FastTrack KaZaA Networking
|
13
|
1214
|
|
Filetopia
|
31
|
|
|
Freenet
|
107
|
|
|
Furthur
|
123
|
|
|
Gnutella File Transfer
|
12
|
|
|
Gnutella Networking
|
11
|
6346-6349
|
|
Hotline
|
20
|
|
|
Joost
|
1046
|
|
|
Konspire2b
|
1031
|
6085
|
6085
|
Kontiki
|
124
|
|
|
LOCO
|
5123
|
|
|
Manolito
|
22
|
|
|
Mute
|
34
|
|
|
Napster
|
32
|
|
|
NeoNet
|
37
|
|
|
NodeZilla
|
35
|
|
|
PeerEnabler
|
122
|
|
|
Poco
|
51
|
|
|
PPLive
|
44
|
|
|
PPStream
|
49
|
|
|
QQ-Live
|
1032
|
|
|
Rodi
|
111
|
|
|
Share
|
27
|
|
|
Soulseek
|
29
|
|
|
SSDP
|
53
|
|
|
TVAnts
|
109
|
|
|
Warez/FileCroc
|
39
|
|
|
Waste
|
36
|
|
|
WinMX/OpenNap
|
16
|
6257, 6699
|
6257
|
Winny
|
17
|
7742-7745, 7773
|
|
Zattoo
|
1047
|
|
|
eDonkey
|
18
|
4661-4665, 4672-4673, 4711, 5662, 5773, 5783
|
4661-4665, 4672-4673, 4711, 5662, 5773, 5783
|
eMuleEncrypted
|
105
|
|
|
guruguru
|
66
|
|
|
iTunes
|
30
|
|
|
kuro
|
67
|
|
|
soribada
|
69
|
|
|
v-share
|
71
|
|
|
Table 1-5 Signature-Based VoIP Protocols
Protocol Name
|
ID
|
TCP Ports
|
UDP Ports
|
H323
|
28
|
1720
|
|
ICQ VoIP
|
110
|
|
|
MGCP
|
38
|
|
2427, 2727
|
Primus
|
108
|
|
|
PTT Winphoria
|
61
|
|
|
RTP
|
57
|
|
|
SIP
|
23
|
5060-5061
|
5060-5061
|
Skinny
|
41
|
|
|
Skype
|
25
|
|
|
Yahoo Messenger VoIP
|
45
|
33033
|
|
Yahoo VoIP over SIP
|
1039
|
|
|
IP Protocols
This section lists the IP protocols supported by SCA BB.
Table 1-6 IP Protocols
IP Protocol Number
|
Protocol Name
|
Protocol ID
|
0
|
HOPOPT
|
756
|
1
|
ICMP
|
757
|
2
|
IGMP
|
758
|
3
|
GGP
|
759
|
4
|
IP
|
760
|
5
|
ST
|
761
|
6
|
Generic TCP
|
0
|
7
|
CBT
|
762
|
8
|
EGP
|
763
|
9
|
IGP
|
764
|
10
|
BBN-RCC-MON
|
765
|
11
|
NVP-II
|
766
|
12
|
PUP
|
767
|
13
|
ARGUS
|
768
|
14
|
EMCON
|
769
|
15
|
XNET
|
770
|
16
|
CHAOS
|
771
|
17
|
Generic UDP
|
1
|
18
|
MUX
|
772
|
19
|
DCN-MEAS
|
773
|
20
|
HMP
|
774
|
21
|
PRM
|
775
|
22
|
XNS-IDP
|
776
|
23
|
TRUNK-1
|
777
|
24
|
TRUNK-2
|
778
|
25
|
LEAF-1
|
779
|
26
|
LEAF-2
|
780
|
27
|
RDP
|
781
|
28
|
IRTP
|
782
|
29
|
ISO-TP4
|
783
|
30
|
NETBLT
|
784
|
31
|
MFE-NSP
|
785
|
32
|
MERIT-INP
|
786
|
33
|
SEP
|
787
|
34
|
3PC
|
788
|
35
|
IDPR
|
789
|
36
|
XTP
|
790
|
37
|
DDP
|
791
|
38
|
IDPR-CMTP
|
792
|
39
|
TP++
|
793
|
40
|
IL
|
794
|
41
|
IPv6-Over-IPv4
|
795
|
42
|
SDRP
|
796
|
43
|
IPv6-Route
|
797
|
44
|
IPv6-Frag
|
798
|
45
|
IDRP
|
799
|
46
|
RSVP
|
800
|
47
|
GRE
|
801
|
48
|
MHRP
|
802
|
49
|
BNA
|
803
|
50
|
ESP
|
804
|
51
|
AH
|
805
|
52
|
I-NLSP
|
806
|
53
|
SWIPE
|
807
|
54
|
NARP
|
808
|
55
|
MOBILE
|
809
|
56
|
TLSP
|
810
|
57
|
SKIP
|
811
|
58
|
IPv6-ICMP
|
812
|
59
|
IPv6-NoNxt
|
813
|
60
|
IPv6-Opts
|
814
|
61
|
any host internal protocol
|
815
|
62
|
CFTP
|
816
|
63
|
any local network
|
817
|
64
|
SAT-EXPAK
|
818
|
65
|
KRYPTOLAN
|
819
|
66
|
RVD
|
820
|
67
|
IPPC
|
821
|
68
|
any distributed file system
|
822
|
69
|
SAT-MON
|
823
|
70
|
VISA
|
824
|
71
|
IPCV
|
825
|
72
|
CPNX
|
826
|
73
|
CPHB
|
827
|
74
|
WSN
|
828
|
75
|
PVP
|
829
|
76
|
BR-SAT-MON
|
830
|
77
|
SUN-ND
|
831
|
78
|
WB-MON
|
832
|
79
|
WB-EXPAK
|
833
|
80
|
ISO-IP
|
834
|
81
|
VMTP
|
835
|
82
|
SECURE-VMTP
|
836
|
83
|
VINES
|
837
|
84
|
TTP
|
838
|
85
|
NSFNET-IGP
|
839
|
86
|
DGP
|
840
|
87
|
TCF
|
841
|
88
|
EIGRP
|
842
|
89
|
OSPFIGP
|
843
|
90
|
Sprite-RPC
|
844
|
91
|
LARP
|
845
|
92
|
MTP
|
846
|
93
|
AX.25
|
847
|
94
|
IPIP
|
848
|
95
|
MICP
|
849
|
96
|
SCC-SP
|
850
|
97
|
ETHERIP
|
851
|
98
|
ENCAP
|
852
|
99
|
any private encryption scheme
|
853
|
100
|
GMTP
|
854
|
101
|
IFMP
|
855
|
102
|
PNNI
|
856
|
103
|
PIM
|
857
|
104
|
ARIS
|
858
|
105
|
SCPS
|
859
|
106
|
QNX
|
860
|
107
|
A/N
|
861
|
108
|
IPComp
|
862
|
109
|
SNP
|
863
|
110
|
Compaq-Peer
|
864
|
111
|
IPX-in-IP
|
865
|
112
|
VRRP
|
866
|
113
|
PGM
|
867
|
114
|
any 0-hop protocol
|
868
|
115
|
L2TP
|
869
|
116
|
DDX
|
870
|
117
|
IATP
|
871
|
118
|
STP
|
872
|
119
|
SRP
|
873
|
120
|
UTI
|
874
|
121
|
SMP
|
875
|
122
|
SM
|
876
|
123
|
PTP
|
877
|
124
|
ISIS
|
878
|
125
|
FIRE
|
879
|
126
|
CRTP
|
880
|
Port-Based Protocols
This section lists the TCP/UDP port-based protocols defined in the SCA BB default service configuration.
Table 1-7 Port-Based Protocols
Protocol Name
|
ID
|
TCP Ports
|
UDP Ports
|
compressnet
|
900
|
2-3
|
2-3
|
RJE
|
901
|
5
|
5
|
Echo
|
902
|
7
|
7
|
Discard
|
903
|
9
|
9
|
systat
|
904
|
11
|
11
|
daytime
|
905
|
13
|
13
|
qotd
|
906
|
17
|
17
|
msp
|
907
|
18
|
18
|
chargen
|
908
|
19
|
19
|
ftp-data
|
909
|
20
|
20
|
ssh
|
910
|
22
|
22
|
telnet
|
911
|
23
|
23
|
nsw-fe
|
912
|
27
|
27
|
msg-icp
|
913
|
29
|
29
|
msg-auth
|
916
|
31
|
31
|
dsp
|
917
|
33
|
33
|
time
|
918
|
37
|
37
|
rap
|
919
|
38
|
38
|
rlp
|
920
|
39
|
39
|
graphics
|
921
|
41
|
41
|
name
|
922
|
42
|
42
|
nicname
|
923
|
43
|
43
|
mpm-flags
|
924
|
44
|
44
|
mpm
|
925
|
45
|
45
|
mpm-snd
|
926
|
46
|
46
|
ni-ftp
|
927
|
47
|
47
|
auditd
|
928
|
48
|
48
|
tacacs
|
929
|
49
|
49
|
re-mail-ck
|
930
|
50
|
50
|
la-maint
|
931
|
51
|
51
|
xns-time
|
932
|
52
|
52
|
xns-ch
|
934
|
54
|
54
|
isi-gl
|
935
|
55
|
55
|
xns-auth
|
936
|
56
|
56
|
xns-mail
|
937
|
58
|
58
|
ni-mail
|
938
|
61
|
61
|
acas
|
939
|
62
|
62
|
whois
|
940
|
63
|
63
|
covia
|
941
|
64
|
64
|
tacacs-ds
|
942
|
65
|
65
|
sql*net
|
943
|
66
|
66
|
bootps
|
944
|
67
|
67
|
bootpc
|
945
|
68
|
68
|
gopher
|
947
|
70
|
70
|
netrjs-1
|
948
|
71
|
71
|
netrjs-2
|
949
|
72
|
72
|
netrjs-3
|
950
|
73
|
73
|
netrjs-4
|
951
|
74
|
74
|
deos
|
952
|
76
|
76
|
finger
|
953
|
79
|
79
|
hosts2-ns
|
954
|
81
|
81
|
xfer
|
955
|
82
|
82
|
mit-ml-dev
|
956
|
83, 85
|
83, 85
|
ctf
|
957
|
84
|
84
|
mfcobol
|
958
|
86
|
86
|
kerberos
|
959
|
88
|
88
|
su-mit-tg
|
960
|
89
|
89
|
dnsix
|
961
|
90
|
90
|
mit-dov
|
962
|
91
|
91
|
npp
|
963
|
92
|
92
|
dcp
|
964
|
93
|
93
|
objcall
|
965
|
94
|
94
|
supdup
|
966
|
95
|
95
|
dixie
|
967
|
96
|
96
|
swift-rvf
|
968
|
97
|
97
|
tacnews
|
969
|
98
|
98
|
metagram
|
970
|
99
|
99
|
newacct
|
971
|
100
|
|
hostname
|
972
|
101
|
101
|
iso-tsap
|
973
|
102
|
102
|
gppitnp
|
974
|
103
|
103
|
acr-nema
|
975
|
104
|
104
|
csnet-ns
|
976
|
105
|
105
|
3com-tsmux
|
977
|
106
|
106
|
rtelnet
|
978
|
107
|
107
|
snagas
|
979
|
108
|
108
|
pop2
|
980
|
109
|
109
|
sunrpc
|
981
|
111
|
111
|
mcidas
|
982
|
112
|
112
|
auth
|
983
|
113
|
113
|
audionews
|
984
|
114
|
114
|
sftp
|
985
|
115
|
115
|
ansanotify
|
986
|
116
|
116
|
uucp-path
|
987
|
117
|
117
|
sqlserv
|
988
|
118
|
118
|
cfdptkt
|
989
|
120
|
120
|
erpc
|
990
|
121
|
121
|
smakynet
|
991
|
122
|
122
|
NTP
|
992
|
123
|
123
|
ansatrader
|
993
|
124
|
124
|
locus-map
|
994
|
125
|
125
|
nxedit
|
995
|
126
|
126
|
locus-con
|
996
|
127
|
127
|
gss-xlicen
|
997
|
128
|
128
|
pwdgen
|
998
|
129
|
129
|
cisco-fna
|
999
|
130
|
130
|
cisco-tna
|
1000
|
131
|
131
|
cisco-sys
|
1001
|
132
|
132
|
statsrv
|
1002
|
133
|
133
|
ingres-net
|
1003
|
134
|
134
|
epmap
|
128
|
135
|
135
|
profile
|
129
|
136
|
136
|
netbios-ns
|
130
|
137
|
137
|
netbios-dgm
|
131
|
138
|
138
|
netbios-ssn
|
132
|
139
|
139
|
emfis-data
|
133
|
140
|
140
|
emfis-cntl
|
134
|
141
|
141
|
bl-idm
|
135
|
142
|
142
|
uma
|
137
|
144
|
144
|
uaac
|
138
|
145
|
145
|
iso-tp0
|
139
|
146
|
146
|
iso-ip
|
140
|
147
|
147
|
jargon
|
141
|
148
|
148
|
aed-512
|
142
|
149
|
149
|
sql-net
|
143
|
150
|
150
|
hems
|
144
|
151
|
151
|
bftp
|
145
|
152
|
152
|
sgmp
|
146
|
153
|
153
|
netsc-prod
|
147
|
154
|
154
|
netsc-dev
|
148
|
155
|
155
|
sqlsrv
|
149
|
156
|
156
|
knet-cmp
|
150
|
157
|
157
|
pcmail-srv
|
151
|
158
|
158
|
nss-routing
|
152
|
159
|
159
|
sgmp-traps
|
153
|
160
|
160
|
snmp
|
154
|
161
|
161
|
snmptrap
|
155
|
162
|
162
|
cmip-man
|
156
|
163
|
163
|
cmip-agent
|
157
|
164
|
164
|
xns-courier
|
158
|
165
|
165
|
s-net
|
159
|
166
|
166
|
namp
|
160
|
167
|
167
|
rsvd
|
161
|
168
|
168
|
send
|
162
|
169
|
169
|
print-srv
|
163
|
170
|
170
|
multiplex
|
164
|
171
|
171
|
cl/1
|
165
|
172
|
172
|
xyplex-mux
|
166
|
173
|
173
|
mailq
|
167
|
174
|
174
|
vmnet
|
168
|
175
|
175
|
genrad-mux
|
169
|
176
|
176
|
xdmcp
|
170
|
177
|
177
|
nextstep
|
171
|
178
|
178
|
bgp
|
172
|
179
|
179
|
ris
|
173
|
180
|
180
|
unify
|
174
|
181
|
181
|
audit
|
175
|
182
|
182
|
ocbinder
|
176
|
183
|
183
|
ocserver
|
177
|
184
|
184
|
remote-kis
|
178
|
185
|
185
|
kis
|
179
|
186
|
186
|
aci
|
180
|
187
|
187
|
mumps
|
181
|
188
|
188
|
qft
|
182
|
189
|
189
|
gacp
|
183
|
190
|
190
|
prospero
|
184
|
191
|
191
|
osu-nms
|
185
|
192
|
192
|
srmp
|
186
|
193
|
193
|
IRC
|
187
|
194
|
194
|
dn6-nlm-aud
|
188
|
195
|
195
|
dn6-smm-red
|
189
|
196
|
196
|
dls
|
190
|
197
|
197
|
dls-mon
|
191
|
198
|
198
|
smux
|
192
|
199
|
199
|
src
|
193
|
200
|
200
|
at-rtmp
|
194
|
201
|
201
|
at-nbp
|
195
|
202
|
202
|
at-3
|
196
|
203
|
203
|
at-echo
|
197
|
204
|
204
|
at-5
|
198
|
205
|
205
|
at-zis
|
199
|
206
|
206
|
at-7
|
200
|
207
|
207
|
at-8
|
201
|
208
|
208
|
qmtp
|
202
|
209
|
209
|
z39.50
|
203
|
210
|
210
|
914c/g
|
204
|
211
|
211
|
anet
|
205
|
212
|
212
|
ipx
|
206
|
213
|
213
|
vmpwscs
|
207
|
214
|
214
|
softpc
|
208
|
215
|
215
|
CAIlic
|
209
|
216
|
216
|
dbase
|
210
|
217
|
217
|
mpp
|
211
|
218
|
218
|
uarps
|
212
|
219
|
219
|
imap3
|
213
|
220
|
220
|
fln-spx
|
214
|
221
|
221
|
rsh-spx
|
215
|
222
|
222
|
cdc
|
216
|
223
|
223
|
masqdialer
|
217
|
224
|
224
|
direct
|
218
|
242
|
242
|
sur-meas
|
219
|
243
|
243
|
inbusiness
|
220
|
244
|
244
|
link
|
221
|
245
|
245
|
dsp3270
|
222
|
246
|
246
|
subntbcst_tftp
|
223
|
247
|
247
|
bhfhs
|
224
|
248
|
248
|
set
|
225
|
257
|
257
|
yak-chat
|
226
|
258
|
258
|
esro-gen
|
227
|
259
|
259
|
openport
|
228
|
260
|
260
|
nsiiops
|
229
|
261
|
261
|
arcisdms
|
230
|
262
|
262
|
hdap
|
231
|
263
|
263
|
bgmp
|
232
|
264
|
264
|
x-bone-ctl
|
233
|
265
|
265
|
sst
|
234
|
266
|
266
|
td-service
|
235
|
267
|
267
|
td-replica
|
236
|
268
|
268
|
http-mgmt
|
237
|
280
|
280
|
personal-link
|
238
|
281
|
281
|
cableport-ax
|
239
|
282
|
282
|
rescap
|
240
|
283
|
283
|
corerjd
|
241
|
284
|
284
|
fxp-1
|
242
|
286
|
286
|
k-block
|
243
|
287
|
287
|
novastorbakcup
|
244
|
308
|
308
|
entrusttime
|
245
|
309
|
309
|
bhmds
|
246
|
310
|
310
|
asip-webadmin
|
247
|
311
|
311
|
vslmp
|
248
|
312
|
312
|
magenta-logic
|
249
|
313
|
313
|
opalis-robot
|
250
|
314
|
314
|
dpsi
|
251
|
315
|
315
|
decauth
|
252
|
316
|
316
|
zannet
|
253
|
317
|
317
|
pkix-timestamp
|
254
|
318
|
318
|
ptp-event
|
255
|
319
|
319
|
ptp-general
|
256
|
320
|
320
|
pip
|
257
|
321
|
321
|
rtsps
|
258
|
322
|
322
|
texar
|
259
|
333
|
333
|
pdap
|
260
|
344
|
344
|
pawserv
|
261
|
345
|
345
|
zserv
|
262
|
346
|
346
|
fatserv
|
263
|
347
|
347
|
csi-sgwp
|
264
|
348
|
348
|
mftp
|
265
|
349
|
349
|
matip-type-a
|
266
|
350
|
350
|
matip-type-b
|
267
|
351
|
351
|
dtag-ste-sb
|
268
|
352
|
352
|
ndsauth
|
269
|
353
|
353
|
bh611
|
270
|
354
|
354
|
datex-asn
|
271
|
355
|
355
|
cloanto-net-1
|
272
|
356
|
356
|
bhevent
|
273
|
357
|
357
|
shrinkwrap
|
274
|
358
|
358
|
nsrmp
|
275
|
359
|
359
|
scoi2odialog
|
276
|
360
|
360
|
semantix
|
277
|
361
|
361
|
srssend
|
278
|
362
|
362
|
rsvp_tunnel
|
279
|
363
|
363
|
aurora-cmgr
|
280
|
364
|
364
|
dtk
|
281
|
365
|
365
|
odmr
|
282
|
366
|
366
|
mortgageware
|
283
|
367
|
367
|
qbikgdp
|
284
|
368
|
368
|
rpc2portmap
|
285
|
369
|
369
|
codaauth2
|
286
|
370
|
370
|
clearcase
|
287
|
371
|
371
|
ulistproc
|
288
|
372
|
372
|
legent-1
|
289
|
373
|
373
|
legent-2
|
290
|
374
|
374
|
hassle
|
291
|
375
|
375
|
nip
|
292
|
376
|
376
|
tnETOS
|
293
|
377
|
377
|
dsETOS
|
294
|
378
|
378
|
is99c
|
295
|
379
|
379
|
is99s
|
296
|
380
|
380
|
hp-collector
|
297
|
381
|
381
|
hp-managed-node
|
298
|
382
|
382
|
hp-alarm-mgr
|
299
|
383
|
383
|
arns
|
300
|
384
|
384
|
ibm-app
|
301
|
385
|
385
|
asa
|
302
|
386
|
386
|
aurp
|
303
|
387
|
387
|
unidata-ldm
|
304
|
388
|
388
|
ldap
|
305
|
|
389
|
uis
|
306
|
390
|
390
|
synotics-relay
|
307
|
391
|
391
|
synotics-broker
|
308
|
392
|
392
|
meta5
|
309
|
393
|
393
|
embl-ndt
|
310
|
394
|
394
|
netware-ip
|
311
|
396
|
396
|
mptn
|
312
|
397
|
397
|
kryptolan
|
313
|
398
|
398
|
iso-tsap-c2
|
314
|
399
|
399
|
work-sol
|
315
|
400
|
400
|
ups
|
316
|
401
|
401
|
genie
|
317
|
402
|
402
|
decap
|
318
|
403
|
403
|
nced
|
319
|
404
|
404
|
ncld
|
320
|
405
|
405
|
imsp
|
321
|
406
|
406
|
timbuktu
|
322
|
407
|
407
|
prm-sm
|
323
|
408
|
408
|
prm-nm
|
324
|
409
|
409
|
decladebug
|
325
|
410
|
410
|
rmt
|
326
|
|
411
|
synoptics-trap
|
327
|
|
412
|
smsp
|
328
|
|
413
|
infoseek
|
329
|
414
|
414
|
bnet
|
330
|
415
|
415
|
silverplatter
|
331
|
416
|
416
|
onmux
|
332
|
417
|
417
|
hyper-g
|
333
|
418
|
418
|
ariel1
|
334
|
419
|
419
|
smpte
|
335
|
420
|
420
|
ariel2
|
336
|
421
|
421
|
ariel3
|
337
|
422
|
422
|
opc-job-start
|
338
|
423
|
423
|
opc-job-track
|
339
|
424
|
424
|
icad-el
|
340
|
425
|
425
|
smartsdp
|
341
|
426
|
426
|
svrloc
|
342
|
427
|
427
|
ocs_cmu
|
343
|
428
|
428
|
ocs_amu
|
344
|
429
|
429
|
utmpsd
|
345
|
430
|
430
|
utmpcd
|
346
|
431
|
431
|
iasd
|
347
|
432
|
432
|
nnsp
|
348
|
433
|
433
|
mobileip-agent
|
349
|
434
|
434
|
mobilip-mn
|
350
|
435
|
435
|
dna-cml
|
351
|
436
|
436
|
comscm
|
352
|
437
|
437
|
dsfgw
|
353
|
438
|
438
|
dasp
|
354
|
439
|
439
|
sgcp
|
355
|
440
|
440
|
decvms-sysmgt
|
356
|
441
|
441
|
cvc_hostd
|
357
|
442
|
442
|
https
|
358
|
443
|
|
snpp
|
359
|
444
|
444
|
microsoft-ds
|
360
|
445
|
445
|
ddm-rdb
|
361
|
446
|
446
|
ddm-dfm
|
362
|
447
|
447
|
ddm-ssl
|
363
|
448
|
448
|
as-servermap
|
364
|
449
|
449
|
tserver
|
365
|
450
|
450
|
sfs-smp-net
|
366
|
451
|
451
|
sfs-config
|
367
|
452
|
452
|
creativeserver
|
368
|
453
|
453
|
contentserver
|
369
|
454
|
454
|
creativepartnr
|
370
|
455
|
455
|
scohelp
|
371
|
457
|
457
|
appleqtc
|
372
|
458
|
458
|
ampr-rcmd
|
373
|
459
|
459
|
skronk
|
374
|
460
|
460
|
datasurfsrv
|
375
|
461
|
461
|
datasurfsrvsec
|
376
|
462
|
462
|
alpes
|
377
|
463
|
463
|
kpasswd
|
378
|
464
|
464
|
url-rendezvous
|
379
|
465
|
465
|
digital-vrc
|
380
|
466
|
466
|
mylex-mapd
|
381
|
467
|
467
|
photuris
|
382
|
468
|
468
|
rcp
|
383
|
469
|
469
|
scx-proxy
|
384
|
470
|
470
|
mondex
|
385
|
471
|
471
|
ljk-login
|
386
|
472
|
472
|
hybrid-pop
|
387
|
473
|
473
|
tn-tl-w1
|
388
|
474
|
|
tn-tl-w2
|
389
|
|
474
|
tn-tl-fd1
|
390
|
476
|
476
|
ss7ns
|
391
|
477
|
477
|
spsc
|
392
|
478
|
478
|
iafserver
|
393
|
479
|
479
|
iafdbase
|
394
|
480
|
480
|
ph
|
395
|
481
|
481
|
bgs-nsi
|
396
|
482
|
482
|
ulpnet
|
397
|
483
|
483
|
integra-sme
|
398
|
484
|
484
|
powerburst
|
399
|
485
|
485
|
avian
|
400
|
486
|
486
|
saft
|
401
|
487
|
487
|
gss-http
|
402
|
488
|
488
|
nest-protocol
|
403
|
489
|
489
|
micom-pfs
|
404
|
490
|
490
|
go-login
|
405
|
491
|
491
|
ticf-1
|
406
|
492
|
492
|
ticf-2
|
407
|
493
|
493
|
pov-ray
|
408
|
494
|
494
|
intecourier
|
409
|
495
|
495
|
pim-rp-disc
|
410
|
496
|
496
|
dantz
|
411
|
497
|
497
|
siam
|
412
|
498
|
498
|
iso-ill
|
413
|
499
|
499
|
isakmp
|
414
|
500
|
500
|
stmf
|
415
|
501
|
501
|
asa-appl-proto
|
416
|
502
|
502
|
intrinsa
|
417
|
503
|
503
|
citadel
|
418
|
504
|
504
|
mailbox-lm
|
419
|
505
|
505
|
ohimsrv
|
420
|
506
|
506
|
crs
|
421
|
507
|
507
|
xvttp
|
422
|
508
|
508
|
snare
|
423
|
509
|
509
|
fcp
|
424
|
510
|
510
|
passgo
|
425
|
511
|
511
|
exec
|
426
|
512
|
|
biff
|
427
|
|
512
|
login
|
428
|
513
|
|
who
|
429
|
|
513
|
shell
|
430
|
514
|
|
syslog
|
431
|
|
514
|
printer
|
432
|
515
|
515
|
videotex
|
433
|
516
|
516
|
talk
|
434
|
517
|
517
|
ntalk
|
435
|
518
|
518
|
utime
|
436
|
519
|
519
|
efs
|
437
|
520
|
|
router
|
438
|
|
520
|
ripng
|
439
|
521
|
521
|
ulp
|
440
|
522
|
522
|
ibm-db2
|
441
|
523
|
523
|
ncp
|
442
|
524
|
524
|
timed
|
443
|
525
|
525
|
tempo
|
444
|
526
|
526
|
stx
|
445
|
527
|
527
|
custix
|
446
|
528
|
528
|
irc-serv
|
447
|
529
|
529
|
courier
|
448
|
530
|
530
|
conference
|
449
|
531
|
531
|
netnews
|
450
|
532
|
532
|
netwall
|
451
|
533
|
533
|
mm-admin
|
452
|
534
|
534
|
iiop
|
453
|
535
|
535
|
opalis-rdv
|
454
|
536
|
536
|
nmsp
|
455
|
537
|
537
|
gdomap
|
456
|
538
|
538
|
apertus-ldp
|
457
|
539
|
539
|
uucp
|
458
|
540
|
540
|
uucp-rlogin
|
459
|
541
|
541
|
commerce
|
460
|
542
|
542
|
klogin
|
461
|
543
|
543
|
kshell
|
462
|
544
|
544
|
appleqtcsrvr
|
463
|
545
|
545
|
dhcpv6-client
|
464
|
546
|
546
|
dhcpv6-server
|
465
|
547
|
547
|
idfp
|
466
|
549
|
549
|
new-rwho
|
467
|
550
|
550
|
cybercash
|
468
|
551
|
551
|
deviceshare
|
469
|
552
|
552
|
pirp
|
470
|
553
|
553
|
remotefs
|
471
|
556
|
556
|
openvms-sysipc
|
472
|
557
|
557
|
sdnskmp
|
473
|
558
|
558
|
teedtap
|
474
|
559
|
559
|
rmonitor
|
475
|
560
|
560
|
monitor
|
476
|
561
|
561
|
chshell
|
477
|
562
|
562
|
nntps
|
478
|
563
|
563
|
9pfs
|
479
|
564
|
564
|
whoami
|
480
|
565
|
565
|
streettalk
|
481
|
566
|
566
|
banyan-rpc
|
482
|
567
|
567
|
ms-shuttle
|
483
|
568
|
568
|
ms-rome
|
484
|
569
|
569
|
meter
|
485
|
570-571
|
570-571
|
sonar
|
486
|
572
|
572
|
banyan-vip
|
487
|
573
|
573
|
ftp-agent
|
488
|
574
|
574
|
vemmi
|
489
|
575
|
575
|
ipcd
|
490
|
576
|
576
|
vnas
|
491
|
577
|
577
|
ipdd
|
492
|
578
|
578
|
decbsrv
|
493
|
579
|
579
|
sntp-heartbeat
|
494
|
580
|
580
|
bdp
|
495
|
581
|
581
|
scc-security
|
496
|
582
|
582
|
philips-vc
|
497
|
583
|
583
|
keyserver
|
498
|
584
|
584
|
imap4-ssl
|
499
|
585
|
585
|
password-chg
|
500
|
586
|
586
|
submission
|
501
|
587
|
587
|
cal
|
502
|
588
|
588
|
eyelink
|
503
|
589
|
589
|
tns-cml
|
504
|
590
|
590
|
http-alt
|
505
|
591
|
591
|
eudora-set
|
506
|
592
|
592
|
http-rpc-epmap
|
507
|
593
|
593
|
tpip
|
508
|
594
|
594
|
cab-protocol
|
509
|
595
|
595
|
smsd
|
510
|
596
|
596
|
ptcnameservice
|
511
|
597
|
597
|
sco-websrvrmg3
|
512
|
598
|
598
|
acp
|
513
|
599
|
599
|
ipcserver
|
514
|
600
|
600
|
urm
|
515
|
606
|
606
|
nqs
|
516
|
607
|
607
|
sift-uft
|
517
|
608
|
608
|
npmp-trap
|
518
|
609
|
609
|
npmp-local
|
519
|
610
|
610
|
npmp-gui
|
520
|
611
|
611
|
hmmp-ind
|
521
|
612
|
612
|
hmmp-op
|
522
|
613
|
613
|
sshell
|
523
|
614
|
614
|
sco-inetmgr
|
524
|
615
|
615
|
sco-sysmgr
|
525
|
616
|
616
|
sco-dtmgr
|
526
|
617
|
617
|
dei-icda
|
527
|
618
|
618
|
digital-evm
|
528
|
619
|
619
|
sco-websrvrmgr
|
529
|
620
|
620
|
escp-ip
|
530
|
621
|
621
|
collaborator
|
531
|
622
|
622
|
aux_bus_shunt
|
532
|
623
|
623
|
cryptoadmin
|
533
|
624
|
624
|
dec_dlm
|
534
|
625
|
625
|
asia
|
535
|
626
|
626
|
passgo-tivoli
|
536
|
627
|
627
|
qmqp
|
537
|
628
|
628
|
3com-amp3
|
538
|
629
|
629
|
rda
|
539
|
630
|
630
|
ipp
|
540
|
631
|
631
|
bmpp
|
541
|
632
|
632
|
servstat
|
542
|
633
|
633
|
ginad
|
543
|
634
|
634
|
rlzdbase
|
544
|
635
|
635
|
ldaps
|
545
|
636
|
636
|
lanserver
|
546
|
637
|
637
|
mcns-sec
|
547
|
638
|
638
|
msdp
|
548
|
639
|
639
|
entrust-sps
|
549
|
640
|
640
|
repcmd
|
550
|
641
|
641
|
esro-emsdp
|
551
|
642
|
642
|
sanity
|
552
|
643
|
643
|
dwr
|
553
|
644
|
644
|
pssc
|
554
|
645
|
645
|
ldp
|
555
|
646
|
646
|
dhcp-failover
|
556
|
647
|
647
|
rrp
|
557
|
648
|
648
|
aminet
|
558
|
649
|
649
|
obex
|
559
|
650
|
650
|
ieee-mms
|
560
|
651
|
651
|
hello-port
|
561
|
652
|
652
|
repscmd
|
562
|
653
|
653
|
aodv
|
563
|
654
|
654
|
tinc
|
564
|
655
|
655
|
spmp
|
565
|
656
|
656
|
rmc
|
566
|
657
|
657
|
tenfold
|
567
|
658
|
658
|
mac-srvr-admin
|
568
|
660
|
660
|
hap
|
569
|
661
|
661
|
pftp
|
570
|
662
|
662
|
purenoise
|
571
|
663
|
663
|
secure-aux-bus
|
572
|
664
|
664
|
sun-dr
|
573
|
665
|
665
|
doom
|
574
|
666
|
666
|
disclose
|
575
|
667
|
667
|
mecomm
|
576
|
668
|
668
|
meregister
|
577
|
669
|
669
|
vacdsm-sws
|
578
|
670
|
670
|
vacdsm-app
|
579
|
671
|
671
|
vpps-qua
|
580
|
672
|
672
|
cimplex
|
581
|
673
|
673
|
acap
|
582
|
674
|
674
|
dctp
|
583
|
675
|
675
|
vpps-via
|
584
|
676
|
676
|
vpp
|
585
|
677
|
677
|
ggf-ncp
|
586
|
678
|
678
|
mrm
|
587
|
679
|
679
|
entrust-aaas
|
588
|
680
|
680
|
entrust-aams
|
589
|
681
|
681
|
xfr
|
590
|
682
|
682
|
corba-iiop
|
591
|
683
|
683
|
corba-iiop-ssl
|
592
|
684
|
684
|
mdc-portmapper
|
593
|
685
|
685
|
hcp-wismar
|
594
|
686
|
686
|
asipregistry
|
595
|
687
|
687
|
realm-rusd
|
596
|
688
|
688
|
nmap
|
597
|
689
|
689
|
vatp
|
598
|
690
|
690
|
msexch-routing
|
599
|
691
|
691
|
hyperwave-isp
|
600
|
692
|
692
|
connendp
|
601
|
693
|
693
|
ha-cluster
|
602
|
694
|
694
|
ieee-mms-ssl
|
603
|
695
|
695
|
rushd
|
604
|
696
|
696
|
uuidgen
|
605
|
697
|
697
|
olsr
|
606
|
698
|
698
|
accessnetwork
|
607
|
699
|
699
|
elcsd
|
608
|
704
|
704
|
agentx
|
609
|
705
|
705
|
silc
|
610
|
706
|
706
|
borland-dsj
|
611
|
707
|
707
|
entrust-kmsh
|
612
|
709
|
709
|
entrust-ash
|
613
|
710
|
710
|
cisco-tdp
|
614
|
711
|
711
|
netviewdm1
|
615
|
729
|
729
|
netviewdm2
|
616
|
730
|
730
|
netviewdm3
|
617
|
731
|
731
|
netgw
|
618
|
741
|
741
|
netrcs
|
619
|
742
|
742
|
flexlm
|
620
|
744
|
744
|
fujitsu-dev
|
621
|
747
|
747
|
ris-cm
|
622
|
748
|
748
|
kerberos-adm
|
623
|
749
|
749
|
rfile
|
624
|
750
|
|
kerberos-iv
|
625
|
|
750
|
pump
|
626
|
751
|
751
|
qrh
|
627
|
752
|
752
|
rrh
|
628
|
753
|
753
|
tell
|
629
|
754
|
754
|
nlogin
|
630
|
758
|
758
|
con
|
631
|
759
|
759
|
ns
|
632
|
760
|
760
|
rxe
|
633
|
761
|
761
|
quotad
|
634
|
762
|
762
|
cycleserv
|
635
|
763
|
763
|
omserv
|
636
|
764
|
764
|
webster
|
637
|
765
|
765
|
phonebook
|
638
|
767
|
767
|
vid
|
639
|
769
|
769
|
cadlock
|
640
|
770
|
770
|
rtip
|
641
|
771
|
771
|
cycleserv2
|
642
|
772
|
772
|
submit
|
643
|
773
|
|
notify
|
644
|
|
773
|
rpasswd
|
645
|
774
|
|
acmaint_dbd
|
646
|
|
774
|
entomb
|
647
|
775
|
|
acmaint_transd
|
648
|
|
775
|
wpages
|
649
|
776
|
776
|
multiling-http
|
650
|
777
|
777
|
wpgs
|
651
|
780
|
780
|
concert
|
652
|
786
|
786
|
qsc
|
653
|
|
787
|
mdbs_daemon
|
654
|
800
|
800
|
device
|
655
|
801
|
801
|
itm-mcell-s
|
656
|
828
|
828
|
pkix-3-ca-ra
|
657
|
829
|
829
|
dhcp-failover2
|
658
|
847
|
847
|
rsync
|
659
|
873
|
873
|
iclcnet-locate
|
660
|
886
|
886
|
iclcnet_svinfo
|
661
|
887
|
887
|
accessbuilder
|
662
|
888
|
888
|
omginitialrefs
|
663
|
900
|
900
|
smpnameres
|
664
|
901
|
901
|
ideafarm-chat
|
665
|
902
|
902
|
ideafarm-catch
|
666
|
903
|
903
|
xact-backup
|
667
|
911
|
911
|
ftps-data
|
668
|
989
|
989
|
ftps
|
669
|
990
|
990
|
nas
|
670
|
991
|
991
|
telnets
|
671
|
992
|
992
|
imaps
|
672
|
993
|
993
|
ircs
|
673
|
994
|
994
|
pop3s
|
674
|
995
|
995
|
vsinet
|
675
|
996
|
996
|
maitrd
|
676
|
997
|
997
|
busboy
|
677
|
998
|
|
puparp
|
678
|
|
998
|
garcon
|
679
|
999
|
|
applix
|
680
|
|
999
|
surf
|
681
|
1010
|
1010
|
Need For Speed 3
|
1018
|
1030
|
1030
|
rmiactivation
|
682
|
1098
|
1098
|
rmiregistry
|
683
|
1099
|
1099
|
Westwood Online
|
1028
|
1140, 1234
|
1140, 1234
|
GLT Poliane
|
882
|
1201
|
|
ms-sql-s
|
684
|
1433
|
1433
|
ms-sql-m
|
685
|
1434
|
1434
|
oracle
|
690
|
1521
|
1521
|
orasrv
|
691
|
1525
|
1525
|
tlisrv
|
692
|
1527
|
1527
|
coauthor
|
693
|
1529
|
1529
|
micromuse-lm
|
702
|
1534
|
1534
|
orbixd
|
703
|
1570
|
1570
|
rdb-dbs-disp
|
694
|
1571
|
1571
|
oraclenames
|
695
|
1575
|
1575
|
shockwave
|
707
|
1626
|
1626
|
oraclenet8cman
|
696
|
1630
|
1630
|
l2tp
|
742
|
1701
|
1701
|
pptp
|
739
|
1723
|
1723
|
net8-cman
|
697
|
1830
|
1830
|
msnp
|
713
|
1836
|
1836
|
MSN Messenger
|
883
|
1863
|
1863
|
gtp-user
|
740
|
2152
|
2152
|
kali
|
718
|
2213
|
2213
|
directplay
|
716
|
2234
|
2234
|
Rainbox six
|
1026
|
2346
|
2346
|
ms-olap
|
686
|
2382-2383, 2393-2394
|
2382-2383, 2393-2394
|
groove
|
715
|
2492
|
2492
|
citrixima
|
698
|
2512
|
2512
|
citrixadmin
|
699
|
2513
|
2513
|
worldfusion
|
719
|
2595-2596
|
2595-2596
|
citriximaclient
|
701
|
2598
|
2598
|
Black And White
|
1006
|
2611-2612
|
|
sitaraserver
|
708
|
2629
|
2629
|
sitaramgmt
|
709
|
2630
|
2630
|
sitaradir
|
710
|
2631
|
2631
|
wta-wsp-s
|
724
|
2805
|
2805
|
citrix-rtmp
|
700
|
2897
|
2897
|
wap-push
|
725
|
2948
|
2948
|
wap-pushsecure
|
726
|
2949
|
2949
|
xbox live
|
898
|
3074
|
3074
|
orbix-locator
|
704
|
3075
|
3075
|
orbix-config
|
705
|
3076
|
3076
|
orbix-loc-ssl
|
706
|
3077
|
3077
|
xdtp
|
741
|
3088
|
3088
|
Delta Force
|
1025
|
3100, 3999
|
3100, 3999, 3568, 3569
|
msft-gc
|
687
|
3268
|
3268
|
msft-gc-ssl
|
688
|
3269
|
3269
|
net-assistant
|
712
|
3283
|
3283
|
mysql
|
711
|
3306
|
3306
|
directv-web
|
720
|
3334
|
3334
|
directv-soft
|
721
|
3335
|
3335
|
directv-tick
|
722
|
3336
|
3336
|
directv-catlg
|
723
|
3337
|
3337
|
ms-term-services
|
689
|
3389
|
3389
|
Myth
|
1016
|
3453
|
3453
|
Warcraft
|
1023
|
3724
|
3724
|
Kohan Immortal Sovereigns
|
1014
|
3855, 17437
|
3855, 17437
|
F16
|
1011
|
|
3862, 3863
|
F22 Simulator (lightning 3)
|
1012
|
|
3874-3875, 4533, 4534
|
wap-push-http
|
727
|
4035
|
4035
|
wap-push-https
|
728
|
4036
|
4036
|
Ultima
|
1022
|
5002-5010, 7775-7777, 8888, 9999, 7875
|
|
aim
|
714
|
5190-5193
|
|
Google Talk
|
1030
|
5222
|
|
Outlaws
|
1020
|
5310
|
5310
|
directplay8
|
717
|
6073
|
6073
|
Konspire2b
|
1031
|
6085
|
6085
|
fsgs
|
743
|
6112
|
6112
|
Diablo
|
1009
|
6113-6119
|
6113-6119
|
game-spy
|
755
|
6500, 28900, 29000
|
6515, 27900
|
parsec-game
|
744
|
6582
|
6582
|
ibprotocol
|
737
|
6714
|
6714
|
Anarchy
|
1004
|
7013, 7500-7501
|
7013, 7500-7501
|
UnReal_UT
|
745
|
7778
|
7777-7783
|
Znes
|
1024
|
|
7845
|
Asherons Call
|
1005
|
9000-9013
|
9000-9013
|
wap-wsp
|
729
|
9200
|
9200
|
wap-wsp-wtp
|
730
|
9201
|
9201
|
wap-wsp-s
|
731
|
9202
|
9202
|
wap-wsp-wtp-s
|
732
|
9203
|
9203
|
wap-vcard
|
733
|
9204
|
9204
|
wap-vcal
|
734
|
9205
|
9205
|
wap-vcard-s
|
735
|
9206
|
9206
|
wap-vcal-s
|
736
|
9207
|
9207
|
Need For Speed
|
1017
|
9442
|
9442
|
ps2
|
899
|
10070-10080
|
10070
|
Yahoo Games
|
1029
|
11999
|
|
Motorhead
|
1015
|
16000, 16010-16030
|
16000, 16010-16030
|
Swat3
|
1021
|
16639
|
16638
|
SiN
|
746
|
22450
|
22450
|
Elite Force
|
1010
|
|
26000, 27500
|
Dark Reign
|
1008
|
26214
|
26214
|
Hexen
|
1013
|
|
26900
|
halflife
|
747
|
|
27015
|
Counter strike
|
1007
|
27020-27039
|
1200, 27000-27014
|
quake-server
|
754
|
27960
|
27910, 27960
|
tribes
|
748
|
28001
|
28001
|
heretic2
|
749
|
28910
|
|
Soldier of fortune
|
1027
|
|
28911-28915
|
starsiege
|
750
|
|
29001-29009
|
game-search
|
751
|
29001
|
|
KingPin
|
752
|
31510
|
31510
|
runescape
|
753
|
43594
|
|
Operation Flash Point
|
1019
|
47624
|
|
Protocols Identified on Unidirectional Flows
When unidirectional classification is enabled, the protocols listed in Table 1-8 can be detected on unidirectional flows.
•When a unidirectional flow (inbound or outbound) passes through the SCE platform it is matched against this set of protocol signatures.
•When a bidirectional flow passes through the SCE platform the protocol library tries to match it to one of its standard (bidirectional) protocol signatures.
Table 1-8 Unidirectionally-Detected Protocols
Protocol Name
|
Protocol ID
|
AntsP2P
|
113
|
BaiBao
|
43
|
Behavioral Upload/Download
|
127
|
BitTorrent
|
24
|
CUWorld
|
117
|
Dijjer
|
120
|
DingoTel
|
42
|
DirectConnect
|
19
|
EmuleEncrypted
|
105
|
Entropy
|
125
|
Exosee
|
121
|
FastTrack KaZaA File Transfer
|
14
|
Filetopia
|
31
|
Flash
|
1033
|
Flash MySpace
|
1035
|
Flash Yahoo
|
1036
|
Flash YouTube
|
1034
|
Furthur
|
123
|
Generic TCP
|
0
|
Gnutella File Transfer
|
12
|
Gnutella Networking
|
11
|
GoogleEarth
|
118
|
HTTP Browsing
|
2
|
HTTP Tunnel
|
55
|
Hopster
|
115
|
Hotline
|
20
|
ICQ
|
119
|
Jabber
|
116
|
Kontiki
|
124
|
Manolito
|
22
|
Mobile MMS
|
46
|
Mute
|
34
|
Napster
|
32
|
NeoNet
|
37
|
NodeZilla
|
35
|
POCO
|
51
|
PPLive
|
44
|
PPStream
|
49
|
PeerEnabler
|
122
|
QQ-Live
|
1032
|
Skype
|
25
|
Sling
|
112
|
TVAnts
|
109
|
Thunder
|
50
|
UC
|
48
|
Warez/FileCroc
|
39
|
WinMX/OpenNap
|
16
|
Yahoo Messenger
|
40
|
Yahoo Messenger VoIP
|
45
|
eDonkey
|
18
|
guruguru
|
66
|
iTunes
|
30
|
soribada
|
69
|
v-share
|
71
|
Services
Services are the building blocks of service configurations. Classification of a transaction to a service determines the accounting and control that applies to the transaction. Services are organized in a hierarchal structure used for both accounting and control.
Table 1-9 lists the services defined in the default service configuration. Both service usage counters, which are used to accumulate information about transactions classified to the service, have the same name.
Table 1-9 Installed Services
Name
|
ID
|
Name of Parent Service
|
Global Usage Counter and Subscriber Usage Counter
|
Default Service
|
0
|
|
Default Service*
|
Generic
|
1
|
Default Service
|
Default Service*
|
Generic TCP
|
2
|
Generic
|
Generic TCP
|
Generic UDP
|
3
|
Generic
|
Generic UDP
|
Generic IP
|
6
|
Generic
|
Generic IP
|
Behavioral Upload/Download
|
39
|
Generic
|
Behavioral Upload/Download
|
E-Mail
|
4
|
Default Service
|
E-Mail*
|
POP3
|
21
|
E-Mail
|
E-Mail*
|
SMTP
|
22
|
E-Mail
|
E-Mail*
|
IMAP
|
23
|
E-Mail
|
E-Mail*
|
MS Push Mail
|
47
|
E-Mail
|
E-Mail*
|
Browsing
|
7
|
Default Service
|
Browsing*
|
HTTP
|
16
|
Browsing
|
Browsing*
|
HTTPS
|
17
|
Browsing
|
Browsing*
|
Newsgroups
|
8
|
Default Service
|
Newsgroups
|
P2P
|
9
|
Default Service
|
P2P
|
eDonkey/eMule
|
14
|
P2P
|
eDonkey/eMule
|
Kazaa
|
15
|
P2P
|
Kazaa
|
BitTorrent
|
24
|
P2P
|
BitTorrent
|
Commercial File Sharing
|
26
|
P2P
|
Commercial File Sharing
|
Winny
|
27
|
P2P
|
Winny
|
Gnutella
|
30
|
P2P
|
Gnutella
|
WinMX
|
31
|
P2P
|
WinMX
|
VoIP
|
12
|
Default Service
|
VoIP
|
MGCP
|
5
|
VoIP
|
MGCP
|
SIP
|
10
|
VoIP
|
SIP
|
H323
|
11
|
VoIP
|
H323
|
Vonage
|
13
|
VoIP
|
Vonage
|
Skype
|
25
|
VoIP
|
Skype
|
Skinny
|
35
|
VoIP
|
Skinny
|
DingoTel
|
36
|
VoIP
|
DingoTel
|
Yahoo Messenger VoIP
|
37
|
VoIP
|
Yahoo Messenger VoIP
|
ICQ VoIP
|
40
|
VoIP
|
ICQ VoIP
|
Instant Messaging
|
28
|
Default Service
|
Instant Messaging
|
Gaming
|
29
|
Default Service
|
Gaming
|
FTP
|
32
|
Default Service
|
FTP
|
Net Admin
|
33
|
Default Service
|
Net Admin
|
Streaming
|
34
|
Default Service
|
Streaming*
|
Streaming over HTTP
|
18
|
Streaming
|
Streaming*
|
RTSP
|
19
|
Streaming
|
Streaming*
|
MMS
|
20
|
Streaming
|
Streaming*
|
Tunneling
|
38
|
Default Service
|
Tunneling
|
Note An asterisk is appended to a service usage counter name whenever the counter applies to more than one service.
RDR Settings
SCE platforms generate and transmit Raw Data Records (RDRs) that contain a wide variety of information and statistics, depending on the configuration of the system.
Table 1-10 Default RDR Settings
RDR Family
|
RDR Name
|
State
|
Rate
|
Rate Limit
|
Notes
|
Usage
|
Link
|
ON
|
Every 5 minutes
|
|
|
Package
|
ON
|
Every 5 minutes
|
|
|
Subscriber
|
ON
|
Every 10 minutes
|
200 per second
|
|
Virtual Links
|
OFF
|
Every 10 minutes
|
|
Default is ON for service configurations created in Virtual Links mode.
|
Transaction
|
Transaction
|
ON
|
|
100 per second
|
All services have the same relative weight.
|
Transaction Usage
|
Transaction Usage (TUR)
|
OFF
|
|
|
No threshold.
|
Interim TUR
|
OFF
|
|
|
|
Media Flow
|
ON
|
|
|
|
Quota
|
Breach
|
OFF
|
|
|
|
Remaining
|
OFF
|
Every 5 minutes
|
100 per second
|
|
Threshold
|
OFF
|
|
|
Generate RDR when balance goes below 10 MB.
|
Restore Quota
|
OFF
|
|
|
Generated upon subscriber introduction.
|
Log
|
Block
|
ON
|
|
20 per second
|
|
Real-Time Subscriber
|
Real-Time Subscriber Usage
|
ON
|
Every 1 minutes
|
100 per second
|
Enable for each subscriber separately, using CLI.
|
Real-Time Signaling
|
Flow Signaling
|
OFF
|
|
|
|
Attack Signaling
|
OFF
|
|
|
|
Malicious Traffic
|
Malicious Traffic
|
ON
|
|
|
|
Rules
Rules are set of configurable instructions telling the application how to handle flows classified to a service.
The default service configuration contains a single rule for the default service. Until you create other rules, the default service rule applies to all traffic processed by the SCE platform.
The default service rule places no restrictions on traffic:
•Flows are routed through the default BWCs, which have unlimited BW.
•No quota limitations are applied to the flows and external quota management mode is selected.
System Mode
The default System Operational Mode is Report Only, which means that the system is used for reporting but does not control traffic.
The default System Topological Mode is Duplex, which means that all inbound and outbound traffic goes through the SCE platform.
Note When unidirectional classification is enabled, there are some changes to the default service configuration:
•There are no predefined flavors.
•No service elements include a specified flavor.
•Periodic quota management mode is selected.
Feedback