Classifying Network Traffic Using NBAR in Cisco IOS XE Software

Last Updated: December 12, 2011

Network-Based Application Recognition (NBAR) is a classification engine that recognizes and classifies a wide variety of protocols and applications. When NBAR recognizes and classifies a protocol or application, the network can be configured to apply the appropriate quality of service (QoS) for that application or traffic with that protocol.

This module contains an overview of classifying network traffic using NBAR in Cisco IOS XE software.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Restrictions for Classifying Network Traffic Using NBAR

NBAR does not support the following applications:

  • Non-IP traffic.
  • Multiprotocol Label Switching (MPLS)-labeled packets. NBAR classifies IP packets only. You can, however, use NBAR to classify IP traffic before the traffic is handed over to MPLS. Use the modular QoS CLI (MQC) to set the IP differentiated services code point (DSCP) field on the NBAR-classified packets and make MPLS map the DSCP setting to the MPLS experimental (EXP) setting inside the MPLS header.
  • NBAR processing. By design, NBAR processing is temporarily disabled during the In-Service Software Upgrade (ISSU). The following syslog message indicates the restart of the NBAR classification once ISSU is complete: "%NBAR_HA-5-NBAR_INFO: NBAR sync DONE!".
  • Multicast packet classification.
  • Asymmetric flows with stateful protocols.
  • Packets that originate from or destined to the router running NBAR.

Note
In the NBAR context, asymmetric flows are flows in which different packets of the flow go through different routers, for reasons such as load balancing implementation or asymmetric routing, where packets flow through different routes in different directions.

NBAR is not supported on the following logical interfaces:

  • Dialer interfaces
  • Dynamic tunnels such as Dynamic Virtual Tunnel Interface (DVTI)
  • Fast Etherchannels
  • IPv6 tunnels that terminate on the router
  • Multilink interfaces such as Multilink Point-to-Point Protocol (MLPPP) and Multilink Frame Relay (MLFR)
  • MPLS
  • Overlay Transport Virtualization (OTV) overlay interfaces
  • Port channels
  • VRF-Aware Service Infrastructure (VASI)

Note
In cases where encapsulation is not supported by NBAR on some of the links, you can apply NBAR on other interfaces of the router to perform input classification. For example, you can configure NBAR on LAN interfaces to classify output traffic on the WAN link.
The following virtual interfaces are supported in Cisco IOS XE Release 3.5S and later releases:
  • Generic routing encapsulation (GRE)
  • IPsec IPv4 tunnel (including tunneled IPv6) in protocol discovery mode and MQC mode (cryptomap mode is not supported)
  • IPsec IPv6 tunnel in protocol discovery mode but not in MQC mode (cryptomap mode is not supported)
  • Multipoint GRE/Dynamic Multipoint VPN in protocol discovery mode

Note
NBAR requires more CPU power when NBAR is enabled on tunneled interfaces.

If protocol discovery is enabled on both the tunnel interface and the physical interface on which the tunnel interface is configured, the packets that are designated to the tunnel interface are counted on both interfaces. On the physical interface, the packets are classified and are counted based on the encapsulation. On the tunnel interface, the packets are classified and are counted based on the L7 protocol.

Information About Classifying Network Traffic Using NBAR

NBAR Functionality

NBAR is a classification engine that recognizes and classifies a wide variety of protocols and applications, including web-based and other difficult-to-classify applications and protocols that use dynamic TCP/UDP port assignments.

When NBAR recognizes and classifies a protocol or application, the network can be configured to apply the appropriate QoS for that application or traffic with that protocol. The QoS is applied using the MQC.


Note
For more information about the MQC, see the "Applying QoS Features Using the MQC" module.

NBAR introduces several classification features that identify applications and protocols from Layer 4 through Layer 7. These classification features are as follows:

  • Statically assigned TCP and UDP port numbers.
  • Non-TCP and non-UDP IP protocols.
  • Dynamically assigned TCP and UDP port numbers. This kind of classification requires stateful inspection, that is, the ability to inspect a protocol across multiple packets during packet classification.
  • Subport classification or classification based on deep packet inspection, that is, classification inspecting the packets.

Note
Access Control Lists (ACLs) can also be used for classifying static port protocols. However, NBAR is easier to configure and can provide classification statistics that are not available when ACLs are used.

NBAR includes a Protocol Discovery feature that provides an easy way to discover application protocols that are operating on an interface. For more information about Protocol Discovery, see the "Enabling Protocol Discovery" module.


Note
NBAR classifies network traffic by application or protocol. Network traffic can be classified without using NBAR. For information about classifying network traffic without using NBAR, see the "Classifying Network Traffic" module.

NBAR includes the Protocol Pack feature that provides an easy way to load protocols and helps NBAR recognize additional protocols for network traffic classification. A protocol pack is set a of protocols developed and packed together. A new protocol pack can be loaded on the router to replace the default IOS protocol pack that is already present in the router.

NBAR Benefits

Identifying and classifying network traffic is an important first step in implementing QoS. A network administrator can more effectively implement QoS in a networking environment after identifying the number and types of applications and protocols that are running on a network.

NBAR gives network administrators the ability to see the different types of protocols and the amount of traffic generated by each protocol. After NBAR gathers this information, users can organize traffic into classes. These classes can then be used to provide different levels of service for network traffic, thereby allowing better network management by providing the appropriate level of network resources for the network traffic.

NBAR and Classification of HTTP Traffic

This section includes information about the following topics:

Classification of HTTP Traffic by URL Host or MIME

NBAR can classify application traffic by looking beyond the TCP/UDP port numbers of a packet. This is called subport classification. NBAR looks into the TCP/UDP payload itself and classifies packets based on content within the payload such as the transaction identifier, message type, or other similar data.

Classification of HTTP traffic by URL, host, or Multipurpose Internet Mail Extension (MIME) type is an example of subport classification. NBAR classifies HTTP traffic by text within the URL or host fields of a request using regular expression matching. HTTP client request matching in NBAR supports most HTTP request methods such as GET, PUT, HEAD, POST, DELETE, OPTIONS, CONNECT, and TRACE. The NBAR engine then converts the specified match string into a regular expression.

The figure below illustrates a network topology with NBAR in which Router Y is the NBAR-enabled router.



When specifying a URL for classification, include only the portion of the URL that follows the www.hostname.domain in the match statement. For example, for the URL www.cisco.com/latest/whatsnew.html, include only /latest/whatsnew.html with the match statement (for instance, match protocol http url /latest/whatsnew.html).

Host specifications are identical to URL specifications. NBAR performs a regular expression match on the host field contents inside an HTTP packet and classifies all packets from that host. For example, for the URL www.cisco.com/latest/whatsnew.html, include only www.cisco.com.

For MIME type matching, the MIME type can contain any user-specified text string. A list of the Internet Assigned Numbers Authority (IANA) supported MIME types can be found at the following URL:

http://www.iana.org/assignments/media-types/

When matching by MIME type, NBAR matches a packet containing the MIME type and all subsequent packets until the next HTTP transaction.

NBAR supports URL and host classification in the presence of persistent HTTP. NBAR does not classify packets that are part of a pipelined request. With pipelined requests, multiple requests are pipelined to the server before previous requests are serviced. Pipelined requests are not supported with subclassification and tunneled protocols that use HTTP as the transport protocol.

The NBAR Extended Inspection for HTTP Traffic feature allows NBAR to scan TCP ports that are not well known and to identify HTTP traffic that traverses these ports. HTTP traffic classification is no longer limited to the well-known and defined TCP ports.

Classification of HTTP Traffic Using HTTP Header Fields

NBAR introduces expanded ability for users to classify HTTP traffic using information in the HTTP header fields.

HTTP works using a client/server model. HTTP clients open connections by sending a request message to an HTTP server. The HTTP server then returns a response message to the HTTP client (this response message is typically the resource requested in the request message from the HTTP client). After delivering the response, the HTTP server closes the connection and the transaction is complete.

HTTP header fields are used to provide information about HTTP request and response messages. HTTP has numerous header fields. For additional information on HTTP headers, see section 14 of RFC 2616: Hypertext Transfer Protocol--HTTP/1.1. This RFC can be found at the following URL:

http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

NBAR is able to classify the following HTTP header fields:

  • For request messages (client to server), the following HTTP header fields can be identified using NBAR:
    • User-Agent
    • Referer
    • From
  • For response messages (server to client), the following HTTP header fields can be identified using NBAR:
    • Server
    • Location
    • Content-Base
    • Content-Encoding

Note
In Cisco IOS XE Release 3.1S and later releases, up to 56 parameters or subclassifications per protocol per router can be specified with the match protocol http command. These parameters or subclassifications can be a combination of any of the available match choices, such as host matches, MIME matches, server matches, and URL matches. For other Cisco IOS XE releases and platforms, the maximum is 24 parameters or subclassifications per protocol per router.

Within NBAR, the match protocol http c-header-field command is used to specify that NBAR identify request messages (the "c" in the c-header-field portion of the command is for client). The match protocol http s-header-field command is used to specify response messages (the "s" in the s-header-field portion of the command is for server).


Note
In Cisco IOS XE Release 3.1S and later releases, the c-header-field and s-header-field keywords and associated arguments in the match protocol http command are not available. The same functionality is achieved by using the individual keywords and arguments. For more information, see the syntax of the match protocol http command in the Cisco IOS Quality of Service Solutions Command Reference.

Note
The c-header-field performs subclassifications based on a single value in the user-agent, the referrer, or from header field values. The s-header-field performs subclassifications based on a single value in the server, location, content-encoding, or content-base header field values. These header field values are not related to each other. Hence, the c-header and s-header fields are replaced by the user-agent, referrer, from, server, content-base, content-encoding, and location parameters as per the intent and need of HTTP subclassification.

Combinations of Classification of HTTP Headers and URL Host or MIME Type to Identify HTTP Traffic

Note that combinations of URL, Host, MIME type, and HTTP headers can be used during NBAR configuration. These combinations provide customers with more flexibility to classify specific HTTP traffic based on their network requirements.

NBAR and Classification of Citrix ICA Traffic

NBAR can classify Citrix Independent Computing Architecture (ICA) traffic and perform subport classification of Citrix traffic based on the published application name or ICA tag number.

This section includes information about the following topics:

Classification of Citrix ICA Traffic by Published Application Name

NBAR can monitor Citrix ICA client requests for a published application destined to a Citrix ICA Master browser. After the client requests the published application, the Citrix ICA Master browser directs the client to the server with the most available memory. The Citrix ICA client then connects to this Citrix ICA server for the application.


Note
For Citrix to monitor and classify traffic by the published application name, Server Browser Mode on the Master browser must be used.

In Server Browser Mode, NBAR statefully tracks and monitors traffic and performs a regular expression search on the packet contents for the published application name specified by the match protocol citrix command. The published application name is specified by using the app keyword and the application-name-string argument of the match protocol citrix command. For more information about the match protocol citrix command, see the Cisco IOS Quality of Service Solutions Command Reference.

The Citrix ICA session triggered to carry the specified application is cached, and traffic is classified appropriately for the published application name.

Citrix ICA Client Modes

Citrix ICA clients can be configured in various modes. NBAR cannot distinguish among Citrix applications in all modes of operation. Therefore, network administrators might need to collaborate with Citrix administrators to ensure that NBAR properly classifies Citrix traffic.

A Citrix administrator can configure Citrix to publish Citrix applications individually or as the entire desktop. In the Published Desktop mode of operation, all applications within the published desktop of a client use the same TCP session. Therefore, differentiation among applications is impossible, and NBAR can be used to classify Citrix applications only as aggregates (by looking at port 1494).

The Published Application mode for Citrix ICA clients is recommended when you use NBAR. In Published Application mode, a Citrix administrator can configure a Citrix client in either seamless or nonseamless (windows) modes of operation. In nonseamless mode, each Citrix application uses a separate TCP connection, and NBAR can be used to provide interapplication differentiation based on the name of the published application.

Seamless mode clients can operate in one of two submodes: session sharing or nonsession sharing. In seamless session sharing mode, all clients share the same TCP connection, and NBAR cannot differentiate among applications. Seamless sharing mode is enabled by default in some software releases. In seamless nonsession sharing mode, each application for each particular client uses a separate TCP connection. NBAR can provide interapplication differentiation in seamless nonsession sharing mode.


Note
NBAR operates properly in Citrix ICA secure mode. Pipelined Citrix ICA client requests are not supported.

Classification of Citrix ICA Traffic by ICA Tag Number

Citrix uses one TCP session each time an application is opened. In the TCP session, a variety of Citrix traffic may be intermingled in the same session. For example, print traffic may be intermingled with interactive traffic, causing interruption and delay for a particular application. Most users likely would prefer that printing be handled as a background process and that printing not interfere with the processing of higher-priority traffic.

To accommodate this preference, the Citrix ICA protocol includes the ability to identify Citrix ICA traffic based on the ICA tag number of the packet. The ability to identify, tag, and prioritize Citrix ICA traffic is referred to as ICA Priority Packet Tagging. With ICA Priority Packet Tagging, Citrix ICA traffic is categorized as high, medium, low, and background, depending on the ICA tag of the packet.

When ICA traffic priority tag numbers are used, and the priority of the traffic is determined, QoS features can be implemented to determine how the traffic will be handled. For example, QoS traffic policing can be configured to transmit or drop packets with a specific priority.

Citrix ICA Packet Tagging

The Citrix ICA tag is included in the first two bytes of the Citrix ICA packet, after the initial negotiations are completed between the Citrix client and server. These bytes are not compressed or encrypted.

The first two bytes of the packet (byte 1 and byte 2) contain the byte count and the ICA priority tag number. Byte 1 contains the low-order byte count, and the first two bits of byte 2 contain the priority tags. The other six bits contain the high-order byte count.

The ICA priority tag value can be a number from 0 to 3. The number indicates the packet priority, with 0 being the highest priority and 3 being the lowest priority.

To prioritize Citrix traffic by the ICA tag number of the packet, you must specify the tag number using the ica-tag keyword and the ica-tag-value argument of the match protocol citrix command. For more information about the match protocol citrix command, see the Cisco IOS Quality of Service Solutions Command Reference .

The table below contains information about different Citrix traffic and the respective priority tags.

Table 1 Citrix ICA Packet Tagging

Priority

ICA Bits (decimal)

Sample Virtual Channels

High

0

Video, mouse, and keyboard screen updates

Medium

1

Program neighborhood, clipboard, audio mapping, and license management

Low

2

Client common equipment (COM) port mapping and client drive mapping

Background

3

Auto client update, client printer mapping, and original equipment manufacturers (OEM) channels

NBAR and RTP Payload Type Classification

Real-time Transport Protocol (RTP) is a packet format for multimedia data streams. It can be used for media-on-demand and for interactive services such as Internet telephony. RTP consists of a data part and a control part. The control part is called Real-Time Transport Control Protocol (RTCP). RTCP is a separate protocol that is supported by NBAR. It is important to note that the NBAR RTP Payload Type Classification feature does not identify RTCP packets and that RTCP packets run on odd-numbered ports and RTP packets run on even-numbered ports.

The data part of RTP is a thin protocol that provides support for applications with real-time properties such as continuous media (audio and video), which includes timing reconstruction, loss detection, and security and content identification. RTP is discussed in RFC 1889 (A Transport Protocol for Real-Time Applications)and RFC 1890 (RTP Profile for Audio and Video Conferences with Minimal Control).

The RTP payload type is the data transported by RTP in a packet, for example audio samples or compressed video data.

NBAR RTP Payload Type Classification feature not only allows real-time audio and video traffic to be statefully identified, but can also differentiate on the basis of audio and video codecs to provide more granular QoS. The RTP Payload Type Classification feature, therefore, looks deep into the RTP header to classify RTP packets.

For more information on the classification of RTP with NBAR, see http://www.cisco.com/en/US/products/ps6616/products_white_paper09186a0080110040.shtml

NBAR and Classification of Custom Protocols and Applications

NBAR supports the use of custom protocols to identify custom applications. Custom protocols support static port-based protocols and applications that NBAR does not currently support. You can add to the set of protocols and application types that NBAR recognizes by creating custom protocols.

Custom protocols extend the capability of NBAR Protocol Discovery to classify and monitor additional static port applications and allow NBAR to classify nonsupported static port traffic.

Once the custom protocols are defined, you can then use them with the help of NBAR Protocol Discovery and the MQC to classify the traffic.

With NBAR supporting the use of custom protocols, NBAR can map static TCP and UDP port numbers to the custom protocols.

There are two types of custom protocols:

  • Predefined custom protocols
  • User-defined custom protocols

NBAR includes the following features related to predefined custom protocols and applications:

  • Custom protocols have to be named custom-xx, with xx being a number.
  • Ten custom applications can be assigned using NBAR, and each custom application can have up to 16 TCP and 16 UDP ports each mapped to an individual custom protocol. The real-time statistics of each custom protocol can be monitored using Protocol Discovery.
  • When you create a custom protocol after creating a variable, you can use the match protocol command to classify traffic on the basis of a specific value in the custom protocol.

NBAR includes the following features related to user-defined custom protocols and applications:

  • The ability to inspect the payload for certain matching string patterns at a specific offset.
  • The ability to allow users to define the names of their custom protocol applications. The user-named protocol can then be used by Protocol Discovery, the Protocol Discovery MIB, the match protocol command, and the ip nbar port-map command as an NBAR-supported protocol.
  • The ability of NBAR to inspect custom protocols specified by traffic direction (that is, traffic heading toward a source or destination rather than traffic in both directions), if desired by the user.
  • CLI support that allows a user configuring a custom application to specify a range of ports rather than to specify each port individually.
  • The variable keyword, the field-name argument, and the field-length argument were added to the ip nbar custom command.

This additional keyword and two additional arguments allow for creation of more than one custom protocol based on the same port numbers.


Note
Defining a user-defined custom protocol restarts the NBAR feature, whereas defining predefined custom protocol does not restart the NBAR feature.

NBAR and Classification with Dynamic PDLMs

Dynamic Packet Description Language Modules (PDLM) allow new protocol support or enhance existing protocol support for NBAR without the requirement of a Cisco IOS XE release upgrade and router reload. If the support is for enhancing protocols for NBAR, then the module version of the PDLM should be greater than the existing version of the PDLM. Subsequent Cisco IOS XE releases incorporate support for these new protocols.


Note
PDLMs must be loaded on both Route Processors (RPs) when using the ASR 1006 redundant hardware setup.

Dynamic PDLMs are platform-specific and have Software Family Identifier (SFI) embedded in them. Dynamic PDLMs of other platforms cannot be loaded on Cisco ASR 1000 Series Routers.

NBAR and Classification of Peer-to-Peer File-Sharing Applications

The following applications are the most common peer-to-peer file-sharing applications supported by NBAR:

  • BitTorrent
  • DirectConnect
  • eDonkey
  • eMule
  • FastTrack
  • KazaA (and KazaA Lite and KazaA Lite Resurrection)
  • Win MX
  • POCO

In Cisco IOS XE Release 2.5 the DirectConnect and the eDonkey P2P protocols support the following subclassifications:

  • eDonkey supports the following subclassification options:
    • file-transfer
    • search-file-name
    • text-chat
  • KazaA, FastTrack, and Gnuetella support the file-transfer subclassification.

The Gnutella file sharing became classifiable using NBAR in Cisco IOS XE Release 2.5.

Applications that use the Gnutella protocol are Bearshare, Gnewtellium, Gnucleus, Gtk-Gnutella, Limewire, Mutella, Phex, Qtella, Swapper, and Xolo. The traffic from the applications that use the Gnutella protocol will be classified as Gnutella and not as the respective application.

NBAR Scalability

Interface Scalability

In Cisco IOS XE Release 2.4 and earlier releases, there is no limit on the number of interfaces on which protocol discovery can be enabled.

The table below provides the details of the protocol discovery supported interface and the release number.

Table 2 Release and Protocol Discovery Interface Support

Release

Number of Interfaces Supported with Protocol Discovery

Cisco IOS XE Release 2.5

128

Cisco IOS XE Release 2.6

256

Cisco IOS XE Release 2.7

32

Cisco IOS XE Release 3.2S and later releases

32

Flow Scalability

In Cisco IOS XE Release 2.5, the following flows are supported:

  • A maximum of 250K bidirectional flows on Edge Services Processor (ESP)10 and ESP20 hardware.
  • A maximum of 125K bidirectional flows on ESP5.

If this limit is exceeded or there is a flow memory constraint, new flows will be classified as Unknown.

In Cisco IOS XE Release 3.1, the following flows are supported:

  • A maximum of 125K bidirectional flows on Forwarding Processor (FP)5 platform.
  • A maximum of 250K bidirectional flows on FP10, FP20, and FP40 platform.

If this limit is exceeded or there is a flow memory constraint, new flows will be classified as Unknown.

In Cisco IOS XE Release 3.2, the following flows are supported:

  • A maximum of 500K bidirectional flows on FP5/1Rack Units (RU) platform.
  • A maximum of 1M bidirectional flows on 10/10/40 platform.

If this limit is exceeded or there is a flow memory constraint, new flows will be classified as Unknown.

In Cisco IOS XE Release 3.3S, the number of bidirectional flows and the platforms supported are the same as in Cisco IOS XE Release 3.2. A new method to reduce the number of active flows based on quick aging is introduced.

Quick aging occurs under the following conditions:

  • TCP flows that do not reach the established state.
  • UDP flows with fewer than five packets that are not classified within the specified quick aging timeout.
  • Flows that are not classified within the specified quick aging timeout.

The quick aging method reduces the number of flows required for NBAR operation up to three times or more depending on the network behavior.

In Cisco IOS XE Release 3.4S, the following flows are supported:

  • A default flow capacity of 500K bidirectional flows on ESP5/1Rack Units (RU) platform.
  • A default flow capacity of 1M bidirectional flows on 10/20/40 platform.

Flow Table Sizing

The ip nbar resources flow max-sessions command provides the option to override the default maximum flow sessions to be allowed in a flow table. The performance of the router with the NBAR feature depends on the memory size and the number of flows configured for the flow table. The flexibility to change the number of flows helps in increasing the performance of the system depending on the capacity of the router. To verify the NBAR flow statistics, use the show ip nbar resources flow command.

The following table provides the details of the platform and the flow size limits.

Table 3 Platform and Flow Size Details

Platform

Maximum number of flows

Default number of flows

Memory upper limit [MB] (70% of platform memory)

ESP5/1RU

750,000

500,000

179

ESP10

1,650,000

1,000,000

358

ESP20

3,500,000

1,000,000

716

ESP40

3,500,000

1,000,000

716

The recommended number of flow configuration on all the platforms is 50,000 flows.


Note
The flow size cannot be increased if the overall system memory usage is already 90%.

NBAR-Supported Protocols

The match protocol(NBAR) command is used to classify traffic on the basis of protocols supported by NBAR. NBAR can classify the following types of protocols:

  • Non-UDP and non-TCP IP protocols
  • TCP and UDP protocols that use statically assigned port numbers
  • TCP and UDP protocols that use statically assigned port numbers, but still require stateful inspection.
  • TCP and UDP protocols that dynamically assign port numbers and therefore require stateful inspection

The table below lists the NBAR-supported protocols available in Cisco IOS XE software, sorted by category. The table also provides information about the protocol type, the well-known port numbers (if applicable), the syntax for entering the protocol in NBAR, and the Cisco IOS XE software release in which the protocol was initially supported. This table is updated when a protocol becomes supported in Cisco IOS XE software.

Table 4 NBAR-Supported Protocols

Category

Protocol

Type

WKP/IP Protocol

Description

Syntax

Cisco IOS XE Release

Enterprise Applications

Novadigm

TCP/ UDP

3460-3465

Novadigm Enterprise Desktop Manager (EDM)

novadigm

Cisco IOS XE Release 2.3

Citrix (ICA, CGP, IMA, SB)

TCP/ UDP

TCP: 1494, 2512, 2513, 2598

UDP: 1604

Citrix ICA traffic

citrix

citrix app

citrix ica-tag

Cisco IOS XE Release 2.5

Oracle

TCP

1525

Oracle

ora-srv

Cisco IOS XE Release 2.3

PCAnywhere

TCP/UDP

TCP: 5631, 65301 UDP: 22, 5632

Symantic PCAnywhere

pcanywhere

Cisco IOS XE Release 2.3

SAP

TCP

3300-3315 3200-3215 3600-3615

SAP Systems Applications Product in Data processing

sap

Cisco IOS XE Release 2.5

Exchange 1

TCP

135

MS-RPC for Exchange

exchange

Cisco IOS XE Release 2.5

Routing Protocols

BGP

TCP/ UDP

179

Border Gateway Protocol

bgp

Cisco IOS XE Release 2.3

EGP

IP

8

Exterior Gateway Protocol

egp

Cisco IOS XE Release 2.3

EIGRP

IP

88

Enhanced Interior Gateway Routing Protocol

eigrp

Cisco IOS XE Release 2.3

OSPF

IP

89

Open Shortest Path First

ospf

Cisco IOS XE Release 2.3

RIP

UDP

520

Routing Information Protocol

rip

Cisco IOS XE Release 2.3

STUN-NAT

TCP/UDP

3478

Session Traversal Utilities for NAT (STUN)

stun-nat

Cisco IOS XE Release 3.5S

Database

SQL-exec

TCP/UDP

9088

SQL Exec

sqlexec

Cisco IOS XE Release 2.3

SQL*NET

TCP/ UDP

1521

SQL*NET for Oracle

sqlnet

Cisco IOS XE Release 2.5

Financial

FIX

TCP

Heuristic

Financial Information Exchange

fix

Cisco IOS XE Release 2.5

Security and Tunneling

GRE

IP

47

Generic Routing Encapsulation

gre

Cisco IOS XE Release 2.3

IPINIP

IP

4

IP in IP

ipinip

Cisco IOS XE Release 2.3

IPsec

IP/TCP

50, 51 TCP-Heuristic

IP Encapsulating Security Payload/ Authentication- Header

ipsec

Cisco IOS XE Release 2.3 Cisco IOS XE Release 3.3S

L2TP

UDP

1701

L2F/L2TP Tunnel

l2tp

Cisco IOS XE Release 2.3

PPTP

TCP

1723

Point-to-Point Tunneling Protocol for VPN

pptp

Cisco IOS XE Release 2.3

SFTP

TCP

990

Secure FTP

secure-ftp

Cisco IOS XE Release 2.3

SHTTP

TCP

443

Secure HTTP

secure-http

Cisco IOS XE Release 2.1

SIMAP

TCP/ UDP

585, 993

Secure Internet Message Access Protocol

secure-imap

Cisco IOS XE Release 2.3

SIRC

TCP/ UDP

994

Secure Internet Relay Chat

secure-irc

Cisco IOS XE Release 2.3

SLDAP

TCP/ UDP

636

Secure Lightweight Directory Access Protocol

secure-ldap

Cisco IOS XE Release 2.3

SNNTP

TCP/ UDP

563

Secure Network News Transfer Protocol

secure-nntp

Cisco IOS XE Release 2.3

SOCKS

TCP

1080

Firewall Security Protocol

socks

Cisco IOS XE Release 2.3

SPOP3

TCP/ UDP

995

Secure POP3

secure-pop3

Cisco IOS XE Release 2.3

SSH

TCP

22

Secured Shell

ssh

Cisco IOS XE Release 2.3

STELNET

TCP

992

Secure Telnet

secure-telnet

Cisco IOS XE Release 2.3

Network Management

ICMP

IP

1

Internet Control Message Protocol

icmp

Cisco IOS XE Release 2.3

SNMP

TCP/ UDP

161, 162

Simple Network Management Protocol

snmp

Cisco IOS XE Release 2.3

Syslog

UDP

514

System Logging Utility

syslog

Cisco IOS XE Release 2.3

Network Mail Services

Gmail

Gmail and Gmail-chat traffic

gmail | chat

Cisco IOS XE Release 3.5S

IMAP

TCP/ UDP

143, 220

Internet Message Access Protocol

imap

Cisco IOS XE Release 2.3

Notes

TCP/ UDP

1352

Lotus Notes

notes

Cisco IOS XE Release 2.3

Cisco IOS XE Release 2.3

POP3

TCP/ UDP

110, Heuristic

Post Office Protocol

pop3

Cisco IOS XE Release 2.1

SMTP

TCP

25, Heuristic

Simple Mail Transfer Protocol

smtp

Cisco IOS XE Release 2.3

Directory

DHCP/ BOOTP

UDP

67, 68

Dynamic Host Configuration Protocol/Bootstrap Protocol

dhcp

Cisco IOS XE Release 2.1

DNS

TCP/ UDP

53

Domain Name System

dns

Cisco IOS XE Release 2.1

Finger

TCP

79

Finger User Information Protocol

finger

Cisco IOS XE Release 2.3

Kerberos

TCP/ UDP

88, 749

Kerberos Network Authentication Service

kerberos

Cisco IOS XE Release 2.3

LDAP

TCP/ UDP

389

Lightweight Directory Access Protocol

ldap

Cisco IOS XE Release 2.3

Internet

FTP

TCP

21, 21000, Heuristic

File Transfer Protocol

ftp

Cisco IOS XE Release 2.3

Gopher

TCP/ UDP

70

Internet Gopher Protocol

gopher

Cisco IOS XE Release 2.3

HTTP

TCP

80, Heuristic

Hypertext Transfer Protocol

http

Cisco IOS XE Release 2.1

Cisco IOS XE Release 2.5

IRC

TCP/ UDP

194

Internet Relay Chat

irc

Cisco IOS XE Release 2.3

NNTP

TCP/ UDP

119, Heuristic

Network News Transfer Protocol

nntp

Cisco IOS XE Release 2.3

Telnet

TCP

23

Telnet Protocol

telnet

Cisco IOS XE Release 2.1

TFTP

UDP

69

Trivial File Transfer Protocol

tftp

Cisco IOS XE Release 2.5

Signaling

AppleQTC

TCP/UDP

458

Apple Quick Time

appleqtc

Cisco IOS XE Release 2.3

Chargen

TCP/UDP

19

Character Generator

chargen

Cisco IOS XE Release 2.3

ClearCase

TCP/UDP

371

Clear Case Protocol Software Informer

clearcase

Cisco IOS XE Release 2.3

Corba

TCP/UDP

683, 684

Corba Internet Inter-Orb Protocol (IIOP)

corba-iiop

Cisco IOS XE Release 2.3

Daytime

TCP/UDP

13

Daytime Protocol

daytime

Cisco IOS XE Release 2.3

Doom

TCP/UDP

666

Doom

doom

Cisco IOS XE Release 2.3

Echo

TCP/UDP

7

Echo Protocol

echo

Cisco IOS XE Release 2.3

IBM DB2

TCP/UDP

523

IBM Information Management

ibm-db2

Cisco IOS XE Release 2.3

IPX

TCP/UDP

213

Internet Packet Exchange

server-ipx

Cisco IOS XE Release 2.3

ISAKMP

TCP/UDP

500

Internet Security Association and Key Management Protocol

isakmp

Cisco IOS XE Release 2.3

ISI-GL

TCP/UDP

55

Interoperable Self Installation Graphics Language

isi-gl

Cisco IOS XE Release 2.3

KLogin

TCP

543

KLogin

klogin

Cisco IOS XE Release 2.3

KShell

TCP

544

KShell

kshell

Cisco IOS XE Release 2.3

LockD

TCP/UDP

4045

LockD

lockd

Cisco IOS XE Release 2.3

MSSQL

TCP

1433

Microsoft Structured Query Language (SQL) Server

mssql

Cisco IOS XE Release 2.3

RSVP

IP/ UDP

IP: 46 UDP: 1698, 1699

Resource Reservation Protocol

rsvp

Cisco IOS XE Release 2.3

RPC

NFS

TCP/UDP

2049

Network File System

nfs

Cisco IOS XE Release 2.3

Sunrpc

TCP/ UDP

111, Heuristic

Sun Remote Procedure Call

sunrpc

Cisco IOS XE Release 2.5

Non-IP and LAN/ Legacy

NetBIOS

TCP/ UDP

TCP-137, 138 UDP-137,139

NetBIOS over IP (MS Windows)

netbios

Cisco IOS XE Release 2.3

Nickname

TCP/UDP

43

Nickname

nicname

Cisco IOS XE Release 2.3

NPP

TCP/UDP

92

Network Payment Protocol

npp

Cisco IOS XE Release 2.3

Voice

H.323

TCP

Heuristic

H.323 Teleconferencing Protocol

h323

Cisco IOS XE Release 2.1

SIP

TCP/UPD

5060

Session Initiation Protocol

sip

Cisco IOS XE Release 2.1

Skype2

TCP/UDP

TCP-80, Heuristic

VoIP Client Software

skype

Cisco IOS XE Release 2.1

Cisco IOS XE Release 2.5

RTP

TCP/ UDP

Heuristic

Real-Time Transport Protocol Payload Classification

rtp

Cisco IOS XE Release 2.5

Desktop Media

CUSeeMe

TCP/UDP

TCP: 7648, 7649 UDP: 24032

CU-SeeMe Desktop Video Conference

cuseeme

Cisco IOS XE Release 2.3

Streaming Media

RTSP

TCP

554, 8554

Real-Time Streaming Protocol

rtsp

Cisco IOS XE Release 2.3

Peer-to-Peer File-Sharing Applications

BitTorrent3

TCP

Heuristic, or 6881-6889

BitTorrent File Transfer Traffic

bittorrent

Cisco IOS XE Release 2.5

DirectConnect

TCP

80, 411-413, Heuristic

Direct Connect File Transfer Traffic

directconnect

Cisco IOS XE Release 2.5

eDonkey/eMule4

TCP

80, 4662, Heuristic

eDonkey File-Sharing Application

eMule traffic is also classified as eDonkey traffic in NBAR.

edonkey

Cisco IOS XE Release 2.5

eDonkey-static

TCP

80, 4662

Classifies some of the edonkey traffic based on WKP only.

edonkey-static

Cisco IOS XE Release 3.3S

Encrypted Emule

TCP

Heuristic

P2P file sharing encrypted protocol

encrypted-emule

Cisco IOS XE Release 3.4S

FastTrack

N/A

Heuristic

FastTrack traffic

fasttrack

Cisco IOS XE Release 2.5

FastTrack Static

N/A

Heuristic

FastTrack Static

fasttrack-static

Cisco IOS XE Release 3.3S

Gnutella

TCP/UDP

Heuristic, or TCP-80, 6346-6349, 6355,5634 UDP-6346-6348

Gnutella traffic

gnutella

Cisco IOS XE Release 2.5

Gnutella Networking

TCP/UDP

Heuristic, or UDP-6346-6348

Gnutella Networking traffic

networking-gnutella

Cisco IOS XE Release 3.4S

KaZaA

TCP/ UPD

Heuristic

KaZaA

Note that earlier KaZaA version 1 traffic can be classified using FastTrack.

kazaa2

Cisco IOS XE Release 2.5

WinMX

TCP

6699

WinMX Peer-to-Peer File-Sharing

winmx

Cisco IOS XE Release 2.5

Voice and Video

cisco-ip-camera

Cisco Video Surveillance Camera

cisco-ip-camera

Cisco IOS XE Release 3.5S

gtalk-video

Google Talk Video Call

gtalk-video

Cisco IOS XE Release 3.5S

gtalk-voip

Google Talk Voice

gtalk-voip

Cisco IOS XE Release 3.5S

livemeeting

Microsoft Office Live Meeting

livemeeting

Cisco IOS XE Release 3.5S

megavideo

Video Hosting Service

megavideo

Cisco IOS XE Release 3.5S

netflix

Netflix Video

netflix

Cisco IOS XE Release 3.5S

rtmpe

Real Time Messaging Protocol

rtmpe

Cisco IOS XE Release 3.5S

viber

Viber VoIP is an iPhone voice communication application

viber

Cisco IOS XE Release 3.5S

Miscellaneous

3Com AMP3

TCP/UDP

629

3Com AMP3

3com-amp3

Cisco IOS XE Release 3.1S

3Com TSMUX

TCP/UDP

106

3Com TSMUX

3com-tsmux

Cisco IOS XE Release 3.1S

3PC

TCP/UDP

34

Third Party Connect Protocol

3pc

Cisco IOS XE Release 3.1S

914 C/G

TCP/UDP

211

Texas Instruments 914 Terminal

914c/g

Cisco IOS XE Release 3.1S

9PFS

TCP/UDP

564

Plan 9 file service

9pfs

Cisco IOS XE Release 3.1S

ACAP

TCP/UDP

674

ACAP

acap

Cisco IOS XE Release 3.1S

ACAS

TCP/UDP

62

ACA Services

acas

Cisco IOS XE Release 3.1S

AccessBuilder

TCP/UDP

888

Access Builder

accessbuilder

Cisco IOS XE Release 3.1S

AccessNetwork

TCP/UDP

699

Access Network

accessnetwork

Cisco IOS XE Release 3.1S

ACP

TCP/UDP

599

Aeolon Core Protocol

acp

Cisco IOS XE Release 3.1S

ACR-NEMA

TCP/UDP

104

ACR-NEMA Digital Img

acr-nema

Cisco IOS XE Release 3.1S

AED-512

TCP/UDP

149

AED 512 Emulation service

aed-512

Cisco IOS XE Release 3.1S

Agentx

TCP/UDP

705

AgentX

agentx

Cisco IOS XE Release 3.1S

Alpes

TCP/UDP

463

Alpes

alpes

Cisco IOS XE Release 3.1S

AMInet

TCP/UDP

2639

AMInet

aminet

Cisco IOS XE Release 3.1S

AN

TCP/UDP

107

Active Networks

an

Cisco IOS XE Release 3.1S

ANET

TCP/UDP

212

ATEXSSTR

anet

Cisco IOS XE Release 3.1S

ANSANotify

TCP/UDP

116

ANSA REX Notify

ansanotify

Cisco IOS XE Release 3.1S

ANSATrader

TCP/UDP

124

ansatrader

ansatrader

Cisco IOS XE Release 3.1S

AODV

TCP/UDP

654

AODV

aodv

Cisco IOS XE Release 3.1S

Apertus-LDP

TCP/UDP

539

Apertus Tech Load Distribution

apertus-ldp

Cisco IOS XE Release 3.1S

AppleQTC

TCP/UDP

458

apple quick time

appleqtc

Cisco IOS XE Release 3.1S

AppleQTSRVR

TCP/UDP

545

appleqtcsrvr

appleqtcsrvr

Cisco IOS XE Release 3.1S

Applix

TCP/UDP

999

Applix ac

applix

Cisco IOS XE Release 3.1S

ARCISDMS

TCP/UDP

262

arcisdms

arcisdms

Cisco IOS XE Release 3.1S

ARGUS

TCP/UDP

13

ARGUS

argus

Cisco IOS XE Release 3.1S

Ariel2

TCP/UDP

419

Ariel1

ariel1

Cisco IOS XE Release 3.1S

Ariel2

TCP/UDP

421

Ariel2

ariel2

Cisco IOS XE Release 3.1S

Ariel3

TCP/UDP

422

Ariel3

ariel3

Cisco IOS XE Release 3.1S

ARIS

TCP/UDP

104

ARIS

aris

Cisco IOS XE Release 3.1S

ARNS

TCP/UDP

384

A remote network server system

arns

Cisco IOS XE Release 3.1S

ASA

TCP/UDP

386

ASA Message router object def

asa

Cisco IOS XE Release 3.1S

ASA-Appl-Proto

TCP/UDP

502

asa-appl-proto

asa-appl-proto

Cisco IOS XE Release 3.1S

ASIPRegistry

TCP/UDP

687

asipregistry

asipregistry

Cisco IOS XE Release 3.1S

ASIP-Webadmin

TCP/UDP

311

AppleShare IP WebAdmin

asip-webadmin

Cisco IOS XE Release 3.1S

AS-Servermap

TCP/UDP

449

AS Server Mapper

as-servermap

Cisco IOS XE Release 3.1S

AT-3

TCP/UDP

203

AppleTalk Unused

at-3

Cisco IOS XE Release 3.1S

AT-5

TCP/UDP

205

AppleTalk Unused

at-5

Cisco IOS XE Release 3.1S

AT-7

TCP/UDP

207

AppleTalk Unused

at-7

Cisco IOS XE Release 3.1S

AT-8

TCP/UDP

208

AppleTalk Unused

at-8

Cisco IOS XE Release 3.1S

AT-Echo

TCP/UDP

204

AppleTalk Echo

at-echo

Cisco IOS XE Release 3.1S

AT-NBP

TCP/UDP

202

AppleTalk Name Binding

at-nbp

Cisco IOS XE Release 3.1S

AT-RTMP TCP/UDP

201

AppleTalk Routing Maintenance

at-rtmp

Cisco IOS XE Release 3.1S

AT-ZIS

TCP/UDP

206

AppleTalk Zone Information

at-zis

Cisco IOS XE Release 3.1S

Audit

TCP/UDP

182

Unisys Audit SITP

audit

Cisco IOS XE Release 3.1S

Auditd

TCP/UDP

48

Digital Audit daemon

auditd

Cisco IOS XE Release 3.1S

Aurora-CMGR

TCP/UDP

364

Aurora CMGR

aurora-cmgr

Cisco IOS XE Release 3.1S

AURP

TCP/UDP

387

Appletalk Update-Based Routing Protocol

aurp

Cisco IOS XE Release 3.1S

AUTH

TCP/UDP

113

Authentication Service

auth

Cisco IOS XE Release 3.1S

Avian

TCP/UDP

486

avian

avian

Cisco IOS XE Release 3.1S

AX25

TCP/UDP

93

AX.25 Frames

ax25

Cisco IOS XE Release 3.1S

Banyan-RPC

TCP/UDP

567

Banyan-RPC

banyan-rpc

Cisco IOS XE Release 3.1S

Banyan-VIP

TCP/UDP

573

Banyan-VIP

banyan-vip

Cisco IOS XE Release 3.1S

BBNRCCMON

TCP/UDP

10

BBN RCC Monitoring

bbnrccmon

Cisco IOS XE Release 3.1S

BDP

TCP/UDP

581

Bundle Discovery protocol

bdp

Cisco IOS XE Release 3.1S

BFTP

TCP/UDP

152

Background File Transfer Program

bftp

Cisco IOS XE Release 3.1S

BGMP

TCP/UDP

264

Border Gateway Multicast Protocol

bgmp

Cisco IOS XE Release 3.1S

BGP

TCP/UDP

179

Border Gateway Protocol

bgp

Cisco IOS XE Release 3.1S

BGS-NSI

TCP/UDP

482

BGS-NSI

bgs-nsi

Cisco IOS XE Release 3.1S

Bhevent

TCP/UDP

357

Bhevent

bhevent

Cisco IOS XE Release 3.1S

BHFHS

TCP/UDP

248

BHFHS

bhfhs

Cisco IOS XE Release 3.1S

BHMDS

TCP/UDP

310

BHMDS

bhmds

Cisco IOS XE Release 3.1S

BL-IDM

TCP/UDP

142

Britton Lee IDM

bl-idm

Cisco IOS XE Release 3.1S

BMPP

TCP/UDP

632

BMPP

bmpp

Cisco IOS XE Release 3.1S

BNA

TCP/UDP

49

BNA

bna

Cisco IOS XE Release 3.1S

Bnet

TCP/UDP

415

BNET

bnet

Cisco IOS XE Release 3.1S

Borland-DSJ

TCP/UDP

707

Borland-dsj

borland-dsj

Cisco IOS XE Release 3.1S

BR-SAT-Mon

TCP/UDP

76

Backroom SATNET Monitoring

br-sat-mon

Cisco IOS XE Release 3.1S

Cableport-AX

TCP/UDP

282

Cable Port A/X

cableport-ax

Cisco IOS XE Release 3.1S

Cab-Protocol

TCP/UDP

595

CAB Protocol

cab-protocol

Cisco IOS XE Release 3.1S

Cadlock

TCP/UDP

770

Cadlock

cadlock

Cisco IOS XE Release 3.1S

CAIlic

TCP/UDP

216

Computer Associates Intl License Server

CAIlic

Cisco IOS XE Release 3.1S

CBT

TCP/UDP

7

CBT

cbt

Cisco IOS XE Release 3.1S

CDC

TCP/UDP

223

Certificate Distribution Center

cdc

Cisco IOS XE Release 3.1S

CFDPTKT

TCP/UDP

120

cfdptkt

cfdptkt

Cisco IOS XE Release 3.1S

CFTP

TCP/UDP

62

CFTP

cftp

Cisco IOS XE Release 3.1S

CHAOS

TCP/UDP

16

Chaos

chaos

Cisco IOS XE Release 3.1S

CharGen

TCP/UDP

19

Character Generator

chargen

Cisco IOS XE Release 3.1S

Cisco IOS XE Release 3.1S

ChShell

TCP/UDP

562

chcmd

chshell

Cimplex

TCP/UDP

673

Cimplex

cimplex

Cisco IOS XE Release 3.1S

Cisco-FNA

TCP/UDP

130

Cisco FNATIVE

cisco-fna

Cisco IOS XE Release 3.1S

Cisco-SYS

TCP/UDP

132

Cisco SYSMAINT

cisco-sys

Cisco IOS XE Release 3.1S

Cisco-TDP

TCP/UDP

711

Cisco TDP

cisco-tdp

Cisco IOS XE Release 3.1S

Cisco-TNA

TCP/UDP

131

Cisco TNATIVE

cisco-tna

Cisco IOS XE Release 3.1S

Clearcase

TCP/UDP

371

Clearcase

clearcase

Cisco IOS XE Release 3.1S

Cloanto-Net-1

TCP/UDP

356

Cloanto-net-1

cloanto-net-1

Cisco IOS XE Release 3.1S

CMIP-Agent

TCP/UDP

164

CMIP/TCP Agent

cmip-agent

Cisco IOS XE Release 3.1S

CMIP-Man

TCP/UDP

163

CMIP/TCP Manager

cmip-man

Cisco IOS XE Release 3.1S

Coauthor

TCP/UDP

1529

Oracle

coauthor

Cisco IOS XE Release 3.1S

Codaauth2

TCP/UDP

370

Codaauth2

codaauth2

Cisco IOS XE Release 3.1S

Collaborator

TCP/UDP

622

Collaborator

collaborator

Cisco IOS XE Release 3.1S

Commerce

TCP/UDP

542

Commerce

commerce

Cisco IOS XE Release 3.1S

Compaq-Peer

TCP/UDP

110

Compaq Peer Protocol

compaq-peer

Cisco IOS XE Release 3.1S

Compressnet

TCP/UDP

2

Management Utility

compressnet

Cisco IOS XE Release 3.1S

COMSCM

TCP/UDP

437

COMSCM

comscm

Cisco IOS XE Release 3.1S

CON

TCP/UDP

759

Con

con

Cisco IOS XE Release 3.1S

Conference

TCP/UDP

531

Chat

conference

Cisco IOS XE Release 3.1S

Connendp

TCP/UDP

693

Almanid Connection Endpoint

connendp

Cisco IOS XE Release 3.1S

ContentServer

TCP/UDP

3365

Contentserver

contentserver

Cisco IOS XE Release 3.1S

CoreRJD

TCP/UDP

284

Corerjd

corerjd

Cisco IOS XE Release 3.1S

Courier

TCP/UDP

530

RPC

courier

Cisco IOS XE Release 3.1S

Covia

TCP/UDP

64

Communications Integrator

covia

Cisco IOS XE Release 3.1S

CPHB

TCP/UDP

73

Computer Protocol Heart Beat

cphb

Cisco IOS XE Release 3.1S

CPNX

TCP/UDP

72

Computer Protocol Network Executive

cpnx

Cisco IOS XE Release 3.1S

Creativepartnr

TCP/UDP

455

Creativepartnr

creativepartnr

Cisco IOS XE Release 3.1S

Creativeserver

TCP/UDP

453

Creativeserver

creativeserver

Cisco IOS XE Release 3.1S

CRS

TCP/UDP

507

CRS

crs

Cisco IOS XE Release 3.1S

CRTP

TCP/UDP

126

Combat Radio Transport Protocol

crtp

Cisco IOS XE Release 3.1S

CRUDP

TCP/UDP

127

Combat Radio User Datagram

crudp

Cisco IOS XE Release 3.1S

CryptoAdmin

TCP/UDP

624

Crypto Admin

cryptoadmin

Cisco IOS XE Release 3.1S

CSI-SGWP

TCP/UDP

348

Cabletron Management Protocol

csi-sgwp

Cisco IOS XE Release 3.1S

CSNET-NS

TCP/UDP

105

Mailbox Name Nameserver

csnet-ns

Cisco IOS XE Release 3.1S

CTF

TCP/UDP

84

Common Trace Facility

ctf

Cisco IOS XE Release 3.1S

CUSTIX

TCP/UDP

528

Customer Ixchange

custix

Cisco IOS XE Release 3.1S

CVC_Hostd

TCP/UDP

442

CVC_Hostd

cvc_hostd

Cisco IOS XE Release 3.1S

Cybercash

TCP/UDP

551

Cybercash

cybercash

Cisco IOS XE Release 3.1S

Cycleserv

TCP/UDP

763

Cycleserv

cycleserv

Cisco IOS XE Release 3.1S

Cycleserv2

TCP/UDP

772

Cycleserv2

cycleserv2

Cisco IOS XE Release 3.1S

Dantz

TCP/UDP

497

Dantz

dantz

Cisco IOS XE Release 3.1S

DASP

TCP/UDP

439

Dasp

dasp

Cisco IOS XE Release 3.1S

DataSurfSRV

TCP/UDP

461

DataRamp Svr

datasurfsrv

Cisco IOS XE Release 3.1S

DataSurfSRVSec

TCP/UDP

462

DataRamp Svr svs

datasurfsrvsec

Cisco IOS XE Release 3.1S

Datex-ASN

TCP/UDP

355

datex-asn

datex-asn

Cisco IOS XE Release 3.1S

Daytime

TCP/UDP

13

Daytime (RFC 867)

daytime

Cisco IOS XE Release 3.1S

Dbase

TCP/UDP

217

dBASE Unix

dbase

Cisco IOS XE Release 3.1S

DCCP

TCP/UDP

33

Datagram Congestion Control Protocol

dccp

Cisco IOS XE Release 3.1S

DCN-Meas

TCP/UDP

19

DCN Measurement Subsystems

dcn-meas

Cisco IOS XE Release 3.1S

DCP

TCP/UDP

93

Device Control Protocol

dcp

Cisco IOS XE Release 3.1S

DCTP

TCP/UDP

675

DCTP

dctp

Cisco IOS XE Release 3.1S

DDM-DFM

TCP/UDP

447

DDM Distributed File management

ddm-dfm

Cisco IOS XE Release 3.1S

DDM-RDB

TCP/UDP

446

DDM-Remote Relational Database Access

ddm-rdb

Cisco IOS XE Release 3.1S

DDM-SSL

TCP/UDP

448

DDM-Remote DB Access Using Secure Sockets

ddm-ssl

Cisco IOS XE Release 3.1S

DDP

TCP/UDP

37

Datagram Delivery Protocol

ddp

Cisco IOS XE Release 3.1S

DDX

TCP/UDP

116

D-II Data Exchange

ddx

Cisco IOS XE Release 3.1S

DEC_DLM

TCP/UDP

625

dec_dlm

dec_dlm

Cisco IOS XE Release 3.1S

Decap

TCP/UDP

403

Decap

decap

Cisco IOS XE Release 3.1S

Decauth

TCP/UDP

316

Decauth

decauth

Cisco IOS XE Release 3.1S

Decbsrv

TCP/UDP

579

Decbsrv

decbsrv

Cisco IOS XE Release 3.1S

Decladebug

TCP/UDP

410

DECLadebug Remote Debug Protocol

decladebug

Cisco IOS XE Release 3.1S

Decvms-sysmgt

TCP/UDP

441

Decvms-sysmgt

decvms-sysmgt

Cisco IOS XE Release 3.1S

DEI-ICDA

TCP/UDP

618

dei-icda

dei-icda

Cisco IOS XE Release 3.1S

DEOS

TCP/UDP

76

Distributed External Object Store

deos

Cisco IOS XE Release 3.1S

Device

TCP/UDP

801

Device

device

Cisco IOS XE Release 3.1S

DGP

TCP/UDP

86

Dissimilar Gateway Protocol

dgp

Cisco IOS XE Release 3.1S

DHCP-Failover

TCP/UDP

647

DHCP Failover

dhcp-failover

Cisco IOS XE Release 3.1S

DHCP-Failover2

TCP/UDP

847

dhcp-failover2

dhcp-failover2

Cisco IOS XE Release 3.1S

DHCPv6-client

TCP/UDP

546

DHCPv6 Client

dhcpv6-client

Cisco IOS XE Release 3.1S

DHCPv6-server

TCP/UDP

547

DHCPv6 Server

dhcpv6-server

Cisco IOS XE Release 3.1S

Dicom

TCP/UDP

Heuristic

Digital Imaging and Communications in Medicine

dicom

Cisco IOS XE Release 3.3S

Digital-VRC

TCP/UDP

466

digital-vrc

digital-vrc

Cisco IOS XE Release 3.1S

Directplay

TCP/UDP

2234

DirectPlay

directplay

Cisco IOS XE Release 3.1S

Directplay8

TCP/UDP

6073

DirectPlay8

directplay8

Cisco IOS XE Release 3.1S

Directv-Catlg

TCP/UDP

3337

Direct TV Data Catalog

directv-catlg

Cisco IOS XE Release 3.1S

Directv-Soft

TCP/UDP

3335

Direct TV Software Updates

directv-soft

Cisco IOS XE Release 3.1S

Directv-Tick

TCP/UDP

3336

Direct TV Tickers

directv-tick

Cisco IOS XE Release 3.1S

Directv-Web

TCP/UDP

3334

Direct TV Webcasting

directv-web

Cisco IOS XE Release 3.1S

Discard

TCP/UDP

9

Discard

discard

Cisco IOS XE Release 3.1S

Disclose

TCP/UDP

667

campaign contribution disclosures

disclose

Cisco IOS XE Release 3.1S

Dixie

TCP/UDP

96

DIXIE Protocol Specification

dixie

Cisco IOS XE Release 3.1S

DLS

TCP/UDP

Directory Location Service

dls

Cisco IOS XE Release 3.1S

DLS-Mon

TCP/UDP

198

Directory Location Service Monitor

dls-mon

Cisco IOS XE Release 3.1S

DN6-NLM-AUD

TCP/UDP

195

DNSIX Network Level Module Audit

dn6-nlm-aud

Cisco IOS XE Release 3.1S

DNA-CML

TCP/UDP

436

DNA-CML

dna-cml

Cisco IOS XE Release 3.1S

DNS

TCP/UDP

53

Domain Name Server lookup

dns

Cisco IOS XE Release 3.1S

DNSIX

TCP/UDP

90

DNSIX Security Attribute Token Map

dnsix

Cisco IOS XE Release 3.1S

DOOM

TCP/UDP

666

Doom Id Software

doom

Cisco IOS XE Release 3.1S

DPSI

TCP/UDP

315

DPSI

dpsi

Cisco IOS XE Release 3.1S

DSFGW

TCP/UDP

438

DSFGW

dsfgw

Cisco IOS XE Release 3.1S

DSP

TCP/UDP

33

Display Support Protocol

dsp

Cisco IOS XE Release 3.1S

DSP3270

TCP/UDP

246

Display Systems Protocol

dsp3270

Cisco IOS XE Release 3.1S

DSR

TCP/UDP

48

Dynamic Source Routing Protocol

dsr

Cisco IOS XE Release 3.1S

DTAG-DTE-SB

TCP/UDP

352

DTAG

dtag-ste-sb

Cisco IOS XE Release 3.1S

Cisco IOS XE Release 3.1S

DTK

TCP/UDP

365

DTK

dtk

DWR

TCP/UDP

644

DWR

dwr

Cisco IOS XE Release 3.1S

Echo

TCP/UDP

7

Echo

echo

Cisco IOS XE Release 3.1S

EGP

TCP/UDP

8

Exterior Gateway Protocol

egp

Cisco IOS XE Release 3.1S

EIGRP

TCP/UDP

88

Enhanced Interior Gateway Routing Protocol

eigrp

Cisco IOS XE Release 3.1S

ELCSD

TCP/UDP

704

errlog copy/server daemon

elcsd

Cisco IOS XE Release 3.1S

EMBL-NDT

TCP/UDP

394

EMBL Nucleic Data Transfer

embl-ndt

Cisco IOS XE Release 3.1S

EMCON

TCP/UDP

14

EMCON

emcon

Cisco IOS XE Release 3.1S

EMFIS-CNTLl

TCP/UDP

141

EMFIS Control Service

emfis-cntl

Cisco IOS XE Release 3.1S

EMFIS-Data

TCP/UDP

140

EMFIS Data Service

emfis-data

Cisco IOS XE Release 3.1S

Encap

TCP/UDP

98

Encapsulation Header

encap

Cisco IOS XE Release 3.1S

Encrypted BitTorrent

TCP

Heuristic

Encrypted BitTorrent

encrypted-bittorrent

Cisco IOS XE Release 3.4S

Entomb

TCP/UDP

775

Entomb

entomb

Cisco IOS XE Release 3.1S

Entrust-AAAS

TCP/UDP

680

Entrust-aaas

entrust-aaas

Cisco IOS XE Release 3.1S

Entrust-AAMS

TCP/UDP

681

Entrust-aams

entrust-aams

Cisco IOS XE Release 3.1S

Entrust-ASH

TCP/UDP

710

Entrust Administration Service Handler

entrust-ash

Cisco IOS XE Release 3.1S

Entrust-KMSH

TCP/UDP

709

Entrust Key Management Service Handler

entrust-kmsh

Cisco IOS XE Release 3.1S

Entrust-SPS

TCP/UDP

640

entrust-sps

entrust-sps

Cisco IOS XE Release 3.1S

ERPC

TCP/UDP

121

Encore Expedited Remote Pro.Call

erpc

Cisco IOS XE Release 3.1S

ESCP-IP

TCP/UDP

621

escp-ip

escp-ip

Cisco IOS XE Release 3.1S

ESRO-GEN

TCP/UDP

259

Efficient Short Remote Operations

esro-gen

Cisco IOS XE Release 3.1S

ESRP-EMSDP

TCP/UDP

642

ESRO-EMSDP V1.3

esro-emsdp

Cisco IOS XE Release 3.1S

EtherIP

TCP/UDP

97

Ethernet-within-IP Encapsulation

etherip

Cisco IOS XE Release 3.1S

Eudora-Set

TCP/UDP

592

Eudora Set

eudora-set

Cisco IOS XE Release 3.1S

EXEC

TCP/UDP

512

remote process execution

exec

Cisco IOS XE Release 3.1S

Fatserv

TCP/UDP

347

Fatmen Server

fatserv

Cisco IOS XE Release 3.1S

FC

TCP/UDP

133

Fibre Channel

fc

Cisco IOS XE Release 3.1S

FCP

TCP/UDP

510

FirstClass Protocol

fcp

Cisco IOS XE Release 3.1S

Finger

TCP/UDP

79

Finger

finger

Cisco IOS XE Release 3.1S

FIRE

TCP/UDP

125

FIRE

fire

Cisco IOS XE Release 3.1S

FlexLM

TCP/UDP

744

Flexible License Manager

flexlm

Cisco IOS XE Release 3.1S

FLN-SPX

TCP/UDP

221

Berkeley rlogind with SPX auth

fln-spx

Cisco IOS XE Release 3.1S

FTP-Agent

TCP/UDP

574

FTP Software Agent System

ftp-agent

Cisco IOS XE Release 3.1S

FTP-Data

TCP/UDP

20

FTP-Data

ftp-data

Cisco IOS XE Release 3.1S

FTPS-Data

TCP/UDP

989

ftp protocol, data, over TLS/SSL

ftps-data

Cisco IOS XE Release 3.1S

Fujitsu-Dev

TCP/UDP

747

Fujitsu Device Control

fujitsu-dev

Cisco IOS XE Release 3.1S

GACP

TCP/UDP

190

Gateway Access Control Protocol

gacp

Cisco IOS XE Release 3.1S

GDOMAP

TCP/UDP

538

gdomap

gdomap

Cisco IOS XE Release 3.1S

Genie

TCP/UDP

402

Genie Protocol

genie

Cisco IOS XE Release 3.1S

Genrad-MUX

TCP/UDP

176

Genrad-mux

genrad-mux

Cisco IOS XE Release 3.1S

GGF-NCP

TCP/UDP

678

GNU Generation Foundation NCP

ggf-ncp

Cisco IOS XE Release 3.1S

GGP

TCP/UDP

3

Gateway-to-Gateway

ggp

Cisco IOS XE Release 3.1S

Ginad

TCP/UDP

634

ginad

ginad

Cisco IOS XE Release 3.1S

GMTP

TCP/UDP

100

GMTP

gmtp

Cisco IOS XE Release 3.1S

Go-Login

TCP/UDP

491

Go-login

go-login

Cisco IOS XE Release 3.1S

Gopher

TCP/UDP

70

Gopher

gopher

Cisco IOS XE Release 3.1S

Graphics

TCP/UDP

41

Graphics

graphics

Cisco IOS XE Release 3.1S

GRE

TCP/UDP

47

General Routing Encapsulation

gre

Cisco IOS XE Release 3.1S

GRIDFTP

-

-

File Transfer Protocol over the Grid

gridftp

Cisco IOS XE Release 3.5S

Groove

TCP/UDP

2492

Groove

groove

Cisco IOS XE Release 3.1S

GSS-HTTP

TCP/UDP

488

gss-http

gss-http

Cisco IOS XE Release 3.1S

GSS-XLICEN

TCP/UDP

128

GNU Generation Foundation NCP

gss-xlicen

Cisco IOS XE Release 3.1S

gtalk-chat

-

-

Instant messaging between Google Talk servers and its clients

gtalk-chat

Cisco IOS XE Release 3.5S

GTP-User

TCP/UDP

2152

GTP-User Plane

gtp-user

Cisco IOS XE Release 3.1S

HA-Cluster

TCP/UDP

694

ha-cluster

ha-cluster

Cisco IOS XE Release 3.1S

HAP

TCP/UDP

661

hap

hap

Cisco IOS XE Release 3.1S

Hassle

TCP/UDP

375

Hassle

hassle

Cisco IOS XE Release 3.1S

HCP-Wismar

TCP/UDP

686

Hardware Control Protocol Wismar

hcp-wismar

Cisco IOS XE Release 3.1S

HDAP

TCP/UDP

263

hdap

hdap

Cisco IOS XE Release 3.1S

Hello-port

TCP/UDP

652

HELLO_PORT

hello-port

Cisco IOS XE Release 3.1S

HEMS

TCP/UDP

151

hems

hems

Cisco IOS XE Release 3.1S

HIP

TCP/UDP

139

Host Identity Protocol

hip

Cisco IOS XE Release 3.1S

HMMP-IND

TCP/UDP

612

HMMP Indication

hmmp-ind

Cisco IOS XE Release 3.1S

HMMP-OP

TCP/UDP

613

HMMP Operation

hmmp-op

Cisco IOS XE Release 3.1S

HMP

TCP/UDP

20

Host Monitoring

hmp

Cisco IOS XE Release 3.1S

HOPOPT

TCP/UDP

0

IPv6 Hop-by-Hop Option

hopopt

Cisco IOS XE Release 3.1S

Hostname

TCP/UDP

101

NIC Host Name Server

hostname

Cisco IOS XE Release 3.1S

HP-Alarm-Mgr

TCP/UDP

383

HP performance data alarm manager

hp-alarm-mgr

Cisco IOS XE Release 3.1S

HP-Collector

TCP/UDP

381

HP performance data collector

hp-collector

Cisco IOS XE Release 3.1S

HP-Managed-Node

TCP/UDP

382

HP performance data managed node

hp-managed-node

Cisco IOS XE Release 3.1S

HTTP-ALT

TCP/UDP

8080

HTTP Alternate

http-alt

Cisco IOS XE Release 3.1S

HTTP-Mgmt

TCP/UDP

280

http-mgmt

http-mgmt

Cisco IOS XE Release 3.1S

HTTP-RPC-EPMAP

TCP/UDP

593

HTTP RPC Ep Map

http-rpc-epmap

Cisco IOS XE Release 3.1S

Hybrid-POP

TCP/UDP

473

Hybrid-pop

hybrid-pop

Cisco IOS XE Release 3.1S

Hyper-G

TCP/UDP

418

Hyper-g

hyper-g

Cisco IOS XE Release 3.1S

Hyperwave-ISP

TCP/UDP

692

Hyperwave-isp

hyperwave-isp

Cisco IOS XE Release 3.1S

IAFDBase

TCP/UDP

480

iafdbase

iafdbase

Cisco IOS XE Release 3.1S

IAFServer

TCP/UDP

479

iafserver

iafserver

Cisco IOS XE Release 3.1S

IASD

TCP/UDP

432

iasd

iasd

Cisco IOS XE Release 3.1S

IATP

TCP/UDP

117

Interactive Agent Transfer Protocol

iatp

Cisco IOS XE Release 3.1S

IBM-App

385

IBM Application

ibm-app

Cisco IOS XE Release 3.1S

IBM-DB2

TCP/UDP

523

IBM-DB2

ibm-db2

Cisco IOS XE Release 3.1S

IBProtocol

TCP/UDP

6714

Internet Backplane Protocol

ibprotocol

Cisco IOS XE Release 3.1S

ICLCNet-Locate

TCP/UDP

886

ICL coNETion locate server

iclcnet-locate

Cisco IOS XE Release 3.1S

ICLNet_SVInfo

TCP/UDP

887

ICL coNETion server info

iclcnet_svinfo

Cisco IOS XE Release 3.1S

ICMP

TCP/UDP

1

Internet Control Message

icmp

Cisco IOS XE Release 3.1S

IDFP

TCP/UDP

549

idfp

idfp

Cisco IOS XE Release 3.1S

IDPR

TCP/UDP

35

Inter-Domain Policy Routing Protocol

idpr

Cisco IOS XE Release 3.1S

IDPRr-CMTP

TCP/UDP

38

IDPR Control Message Transport Protocol

idpr-cmtp

Cisco IOS XE Release 3.1S

IDRP

TCP/UDP

45

Inter-Domain Routing Protocol

idrp

Cisco IOS XE Release 3.1S

IEEE-MMS

TCP/UDP

651

ieee-mms

ieee-mms

Cisco IOS XE Release 3.1S

IEEE-MMS-SSL

TCP/UDP

695

ieee-mms-ssl

ieee-mms-ssl

Cisco IOS XE Release 3.1S

IFMP

TCP/UDP

101

Ipsilon Flow Management Protocol

ifmp

Cisco IOS XE Release 3.1S

IGRP

TCP/UDP

9

Cisco interior gateway

igrp

Cisco IOS XE Release 3.1S

IIOP

TCP/UDP

535

iiop

iiop

Cisco IOS XE Release 3.1S

IL

TCP/UDP

40

IL Transport Protocol

il

Cisco IOS XE Release 3.1S

IMSP

TCP/UDP

406

Interactive Mail Support Protocol

imsp

Cisco IOS XE Release 3.1S

InBusiness

TCP/UDP

244

Inbusiness

inbusiness

Cisco IOS XE Release 3.1S

Infoseek

TCP/UDP

414

InfoSeek

infoseek

Cisco IOS XE Release 3.1S

Ingres-Net

TCP/UDP

134

INGRES-NET Service

ingres-net

Cisco IOS XE Release 3.1S

I-NLSP

TCP/UDP

52

Integrated Net Layer Security TUBA

i-nlsp

Cisco IOS XE Release 3.1S

Intecourier

TCP/UDP

495

Intecourier

intecourier

Cisco IOS XE Release 3.1S

Integra-SME

TCP/UDP

484

Integra Software Management Environment

integra-sme

Cisco IOS XE Release 3.1S

Intrinsia

TCP/UDP

503

intrinsa

intrinsa

Cisco IOS XE Release 3.1S

IPCD

TCP/UDP

576

ipcd

ipcd

Cisco IOS XE Release 3.1S

IPComp

TCP/UDP

108

IP Payload Compression Protocol

ipcomp

Cisco IOS XE Release 3.1S

IPCServer

TCP/UDP

600

Sun IPC server

ipcserver

Cisco IOS XE Release 3.1S

IPCV

TCP/UDP

71

Internet Packet Core Utility

ipcv

Cisco IOS XE Release 3.1S

IPDD

TCP/UDP

578

ipdd

ipdd

Cisco IOS XE Release 3.1S

IPINIP

TCP/UDP

4

IP in IP

ipinip

Cisco IOS XE Release 3.1S

IPIP

TCP/UDP

94

IP-within-IP Encapsulation Protocol

ipip

Cisco IOS XE Release 3.1S

IPLT

TCP/UDP

129

IPLT

iplt

Cisco IOS XE Release 3.1S

IPP

TCP/UDP

631

Internet Printing Protocol

ipp

Cisco IOS XE Release 3.1S

IPPC

TCP/UDP

67

Internet Pluribus Packet Core

ippc

Cisco IOS XE Release 3.1S

Ipv6-Frag

TCP/UDP

44

Fragment Header for IPv6

ipv6-frag

Cisco IOS XE Release 3.1S

Ipv6-ICMP

TCP/UDP

58

ICMP for IPv6

ipv6-icmp

Cisco IOS XE Release 3.1S

Ipv6INIP

TCP/UDP

41

Ipv6 encapsulated

ipv6inip

Cisco IOS XE Release 3.1S

ipv6-NonXT

TCP/UDP

59

No Next Header for IPv6

ipv6-nonxt

Cisco IOS XE Release 3.1S

Ipv6-OPTS

TCP/UDP

60

Destination Options for IPv6

ipv6-opts

Cisco IOS XE Release 3.1S

Ipv6-Route

TCP/UDP

43

Routing Header for IPv6

ipv6-route

Cisco IOS XE Release 3.1S

IRC

TCP/UDP

194

Internet Relay Chat

irc

Cisco IOS XE Release 3.1S

IRC-SERV

TCP/UDP

529

IRC-SERV

irc-serv

Cisco IOS XE Release 3.1S

IRTP

TCP/UDP

28

Internet Reliable Transaction

irtp

Cisco IOS XE Release 3.1S

IS99C

TCP/UDP

379

TIA/EIA/IS-99 modem client

is99c

Cisco IOS XE Release 3.1S

IS99S

TCP/UDP

380

TIA/EIA/IS-99 modem server

is99s

Cisco IOS XE Release 3.1S

ISAKMP

UDP

500, 4500

Internet Security Association & Key Management Protocol

isakmp

Cisco IOS XE Release 3.1S

ISI-GI

TCP/UDP

55

ISI Graphics Language

isi-gl

Cisco IOS XE Release 3.1S

ISIS

TCP/UDP

124

ISIS over IPv4

isis

Cisco IOS XE Release 3.1S

ISO-ILL

TCP/UDP

499

ISO ILL Protocol

iso-ill

Cisco IOS XE Release 3.1S

ISO-IP

TCP/UDP

147

iso-ip

iso-ip

Cisco IOS XE Release 3.1S

ISO-TP0

TCP/UDP

146

iso-tp0

iso-tp0

Cisco IOS XE Release 3.1S

ISO-TP4

TCP/UDP

29

ISO Transport Protocol Class 4

iso-tp4

Cisco IOS XE Release 3.1S

ISO-TSAP

TCP/UDP

102

ISO-TSAP Class 0

iso-tsap

Cisco IOS XE Release 3.1S

ISO-TSAP-C2

TCP/UDP

399

ISO Transport Class 2 Non-Control

iso-tsap-c2

Cisco IOS XE Release 3.1S

ITM-MCELL-S

TCP/UDP

828

itm-mcell-s

itm-mcell-s

Cisco IOS XE Release 3.1S

IXP-IN-IP

TCP/UDP

111

IPX in IP

ixp-in-ip

Cisco IOS XE Release 3.1S

Jargon

TCP/UDP

148

Jargon

jargon

Cisco IOS XE Release 3.1S

Kali

TCP/UDP

2213

Kali

kali

Cisco IOS XE Release 3.1S

K-Block

TCP/UDP

287

K-block

k-block

Cisco IOS XE Release 3.1S

Keyserver

TCP/UDP

584

Key Server

keyserver

Cisco IOS XE Release 3.1S

KIS

TCP/UDP

186

KIS Protocol

kis

Cisco IOS XE Release 3.1S

Klogin

TCP/UDP

543

klogin

klogin

Cisco IOS XE Release 3.1S

Knet-CMP

TCP/UDP

157

KNET/VM Command/Message Protocol

knet-cmp

Cisco IOS XE Release 3.1S

Konspire2b

TCP/UDP

6085

Konspire2b p2p network

Konspire2b

Cisco IOS XE Release 3.1S

Kpasswd

TCP/UDP

464

Kpasswd

kpasswd

Cisco IOS XE Release 3.1S

Kryptolan

TCP/UDP

398

Kryptolan

kryptolan

Cisco IOS XE Release 3.1S

Kshell

TCP/UDP

544

Kshell

kshell

Cisco IOS XE Release 3.1S

L2TP

TCP/UDP

1701

l2tp

l2tp

Cisco IOS XE Release 3.1S

LA-Maint

TCP/UDP

51

IMP Logical Address Maintenance

la-maint

Cisco IOS XE Release 3.1S

LANServer

TCP/UDP

637

lanserver

lanserver

Cisco IOS XE Release 3.1S

LARP

TCP/UDP

91

Locus Address Resolution Protocol

larp

Cisco IOS XE Release 3.1S

LDAP

TCP/UDP

389

Lightweight Directory Access Protocol

ldap

Cisco IOS XE Release 3.1S

LDP

TCP/UDP

646

LDP

ldp

Cisco IOS XE Release 3.1S

Leaf-1

TCP/UDP

25

Leaf-1

leaf-1

Cisco IOS XE Release 3.1S

Leaf-2

TCP/UDP

26

Leaf-2

leaf-2

Cisco IOS XE Release 3.1S

Legent-1

TCP/UDP

373

Legent Corporation

legent-1

Cisco IOS XE Release 3.1S

Legent-2

TCP/UDP

374

Legent Corporation

legent-2

Cisco IOS XE Release 3.1S

LJK-Login

TCP/UDP

472

ljk-login

ljk-login

Cisco IOS XE Release 3.1S

Lockd

TCP/UDP

4045

NFS Lock Daemon Manager

lockd

Cisco IOS XE Release 3.1S

Locus-Con

TCP/UDP

127

Locus PC-Interface Conn Server

locus-con

Cisco IOS XE Release 3.1S

Locus-Map

TCP/UDP

125

Locus PC-Interface Net Map Ser

locus-map

Cisco IOS XE Release 3.1S

MAC-SRVR-Admin

TCP/UDP

660

MacOS Server Admin

mac-srvr-admin

Cisco IOS XE Release 3.1S

Magenta-Logic

TCP/UDP

313

Magenta-logic

magenta-logic

Cisco IOS XE Release 3.1S

Mailbox-LM

TCP/UDP

505

Mailbox-lm

mailbox-lm

Cisco IOS XE Release 3.1S

Mailq

TCP/UDP

174

MAILQ

mailq

Cisco IOS XE Release 3.1S

Maitrd

TCP/UDP

997

Maitrd

maitrd

Cisco IOS XE Release 3.1S

MANET

TCP/UDP

138

MANET Protocols

manet

Cisco IOS XE Release 3.1S

MasqDialer

TCP/UDP

224

Masqdialer

masqdialer

Cisco IOS XE Release 3.1S

Matip-Type-A

TCP/UDP

350

MATIP Type A

matip-type-a

Cisco IOS XE Release 3.1S

Matip-Type-B

TCP/UDP

351

MATIP Type B

matip-type-b

Cisco IOS XE Release 3.1S

MCIDAS

TCP/UDP

112

McIDAS Data Transmission Protocol

mcidas

Cisco IOS XE Release 3.1S

MCNS-Sec

TCP/UDP

638

mcns-sec

mcns-sec

Cisco IOS XE Release 3.1S

MDC-Portmapper

TCP/UDP

685

mdc-portmapper

mdc-portmapper

Cisco IOS XE Release 3.1S

MeComm

TCP/UDP

668

MeComm

mecomm

Cisco IOS XE Release 3.1S

MeRegister

TCP/UDP

669

MeRegister

meregister

Cisco IOS XE Release 3.1S

Merit-INP

TCP/UDP

32

MERIT Internodal Protocol

merit-inp

Cisco IOS XE Release 3.1S

Meta5

TCP/UDP

393

Meta5

meta5

Cisco IOS XE Release 3.1S

Metagram

TCP/UDP

99

Metagram

metagram

Cisco IOS XE Release 3.1S

Meter

TCP/UDP

570

Meter

meter

Cisco IOS XE Release 3.1S

Mfcobol

TCP/UDP

86

Micro Focus Cobol

mfcobol

Cisco IOS XE Release 3.1S

MFE-NSP

TCP/UDP

31

MFE Network Services Protocol

mfe-nsp

Cisco IOS XE Release 3.1S

MFTP

TCP/UDP

349

mftp

mftp

Cisco IOS XE Release 3.1S

Micom-PFS

TCP/UDP

490

Micom-pfs

micom-pfs

Cisco IOS XE Release 3.1S

MICP

TCP/UDP

95

Mobile Internetworking Control Pro.

micp

Cisco IOS XE Release 3.1S

Micromuse-LM

TCP/UDP

1534

micromuse-lm

micromuse-lm

Cisco IOS XE Release 3.1S

MIT-DOV

TCP/UDP

91

MIT Dover Spooler

mit-dov

Cisco IOS XE Release 3.1S

MIT-ML-Dev

TCP/UDP

83

MIT ML Device

mit-ml-dev

Cisco IOS XE Release 3.1S

Mobile

TCP/UDP

55

IP Mobility

mobile

Cisco IOS XE Release 3.1S

MobileIP-Agent

TCP/UDP

434

mobileip-agent

mobileip-agent

Cisco IOS XE Release 3.1S

MobilIP-MN

TCP/UDP

435

mobilip-mn

mobilip-mn

Cisco IOS XE Release 3.1S

Mondex

TCP/UDP

471

Mondex

mondex

Cisco IOS XE Release 3.1S

Monitor

TCP/UDP

561

Monitor

monitor

Cisco IOS XE Release 3.1S

Mortgageware

TCP/UDP

367

Mortgageware

mortgageware

Cisco IOS XE Release 3.1S

MPLS-IN-IP

TCP/UDP

137

MPLS-in-IP

mpls-in-ip

Cisco IOS XE Release 3.1S

MPM

TCP/UDP

45

Message Processing Module

mpm

Cisco IOS XE Release 3.1S

MPM-Flags

TCP/UDP

44

MPM FLAGS Protocol

mpm-flags

Cisco IOS XE Release 3.1S

MPM-SND

TCP/UDP

46

MPM [default send]

mpm-snd

Cisco IOS XE Release 3.1S

MPP

TCP/UDP

218

Netix Message Posting Protocol

mpp

Cisco IOS XE Release 3.1S

MPTN

TCP/UDP

397

Multi Protocol Transport Network

mptn

Cisco IOS XE Release 3.1S

MRM

TCP/UDP

679

mrm

mrm

Cisco IOS XE Release 3.1S

MSDP

TCP/UDP

639

msdp

msdp

Cisco IOS XE Release 3.1S

MSExch-Routing

TCP/UDP

691

MS Exchange Routing

msexch-routing

Cisco IOS XE Release 3.1S

MSFT-GC

TCP/UDP

3268

Microsoft Global Catalog

msft-gc

Cisco IOS XE Release 3.1S

MSFT-GC-SSL

TCP/UDP

3269

Microsoft Global Catalog with LDAP/SSL

msft-gc-ssl

Cisco IOS XE Release 3.1S

MSG-AUTH

TCP/UDP

31

msg-auth

msg-auth

Cisco IOS XE Release 3.1S

MSG-ICP

TCP/UDP

29

msg-icp

msg-icp

Cisco IOS XE Release 3.1S

MSNP

TCP/UDP

1863

msnp

msnp

Cisco IOS XE Release 3.1S

MS-OLAP

TCP/UDP

2393

Microsoft OLAP

ms-olap

Cisco IOS XE Release 3.1S

MSP

TCP/UDP

18

Message Send Protocol

msp

Cisco IOS XE Release 3.1S

MS-Rome

TCP/UDP

569

Microsoft rome

ms-rome

Cisco IOS XE Release 3.1S

MS-Shuttle

TCP/UDP

568

Microsoft shuttle

ms-shuttle

Cisco IOS XE Release 3.1S

MS-wbt

TCP

3389/Heuristic

Microsoft Windows-based Terminal Services

ms-wbt

Cisco IOS XE Release 3.4S

MS-SQLl-M

TCP/UDP

1434

Microsoft-SQL-Monitor

ms-sql-m

Cisco IOS XE Release 3.1S

MTP

TCP/UDP

92

Multicast Transport Protocol

mtp

Cisco IOS XE Release 3.1S

Multiling-HTTP

TCP/UDP

777

Multiling HTTP

multiling-http

Cisco IOS XE Release 3.1S

Multiplex

TCP/UDP

171

Network Innovations Multiplex

multiplex

Cisco IOS XE Release 3.1S

Mumps

TCP/UDP

188

Plus Fives MUMPS

mumps

Cisco IOS XE Release 3.1S

MUX

TCP/UDP

18

Multiplexing

mux

Cisco IOS XE Release 3.1S

Mylex-MAPD

TCP/UDP

467

mylex-mapd

mylex-mapd

Cisco IOS XE Release 3.1S

MySQL

TCP/UDP

3306

MySQL

mysql

Cisco IOS XE Release 3.1S

Name

TCP/UDP

42

Host Name Server

name

Cisco IOS XE Release 3.1S

NAMP

TCP/UDP

167

namp

namp

Cisco IOS XE Release 3.1S

NARP

TCP/UDP

54

NBMA Address Resolution Protocol

narp

Cisco IOS XE Release 3.1S

NAS

TCP/UDP

991

Netnews Administration System

nas

Cisco IOS XE Release 3.1S

NCED

TCP/UDP

404

nced

nced

Cisco IOS XE Release 3.1S

NCLD

TCP/UDP

405

ncld

ncld

Cisco IOS XE Release 3.1S

NCP

TCP/UDP

524

NCP

ncp

Cisco IOS XE Release 3.1S

NDSAuth

TCP/UDP

353

NDSAUTH

ndsauth

Cisco IOS XE Release 3.1S

Nest-Protocol

TCP/UDP

489

Nest-protocol

nest-protocol

Cisco IOS XE Release 3.1S

Net8-CMAN

TCP/UDP

1830

Oracle Net8 CMan Admin

net8-cman

Cisco IOS XE Release 3.1S

Net-Assistant

TCP/UDP

3283

net-assistant

net-assistant

Cisco IOS XE Release 3.1S

Netblt

TCP/UDP

30

Bulk Data Transfer Protocol

netblt

Cisco IOS XE Release 3.1S

NetGW

TCP/UDP

741

netgw

netgw

Cisco IOS XE Release 3.1S

NetNews

TCP/UDP

532

readnews

netnews

Cisco IOS XE Release 3.1S

NetRCS

TCP/UDP

742

Network based RCS

netrcs

Cisco IOS XE Release 3.1S

NetRJS-1

TCP/UDP

71

Remote Job Service

netrjs-1

Cisco IOS XE Release 3.1S

NetRJS-2

TCP/UDP

72

Remote Job Service

netrjs-2

Cisco IOS XE Release 3.1S

NetRJS-3

TCP/UDP

73

Remote Job Service

netrjs-3

Cisco IOS XE Release 3.1S

NetRJS-4

TCP/UDP

74

Remote Job Service

netrjs-4

Cisco IOS XE Release 3.1S

NETSC-Dev

TCP/UDP

155

NETSC

netsc-dev

Cisco IOS XE Release 3.1S

NETSC-Prod

TCP/UDP

154

NETSC

netsc-prod

Cisco IOS XE Release 3.1S

NetViewDM1

TCP/UDP

729

IBM NetView M

netviewdm1

Cisco IOS XE Release 3.1S

NetviewDM2

TCP/UDP

730

IBM NetView DM

netviewdm2

Cisco IOS XE Release 3.1S

NetviewDM3

TCP/UDP

731

IBM NetView DM

netviewdm3

Cisco IOS XE Release 3.1S

Netwall

TCP/UDP

533

for emergency broadcasts

netwall

Cisco IOS XE Release 3.1S

Netware-IP

TCP/UDP

396

Novell Netware over IP

netware-ip

Cisco IOS XE Release 3.1S

New-RWHO

TCP/UDP

550

new who

new-rwho

Cisco IOS XE Release 3.1S

NextStep

TCP/UDP

178

NextStep Window Server

nextstep

Cisco IOS XE Release 3.1S

NFS

TCP/UDP

2049

Network File System

nfs

Cisco IOS XE Release 3.1S

NicName

TCP/UDP

43

Who Is

nicname

Cisco IOS XE Release 3.1S

NI-FTP

TCP/UDP

47

NI FTP

ni-ftp

Cisco IOS XE Release 3.1S

NI-Mail

TCP/UDP

61

NI MAIL

ni-mail

Cisco IOS XE Release 3.1S

Nlogin

TCP/UDP

758

nlogin

nlogin

Cisco IOS XE Release 3.1S

NMAP

TCP/UDP

689

nmap

nmap

Cisco IOS XE Release 3.1S

NMSP

TCP/UDP

537

Networked Media Streaming Protocol

nmsp

Cisco IOS XE Release 3.1S

NNSP

TCP/UDP

433

nnsp

nnsp

Cisco IOS XE Release 3.1S

Notes

TCP/UDP

1352

Lotus Notes(R)

notes

Cisco IOS XE Release 3.1S

NovaStorBakcup

TCP/UDP

308

Novastor Backup

novastorbakcup

Cisco IOS XE Release 3.1S

NPMP-GUI

TCP/UDP

611

npmp-gui

npmp-gui

Cisco IOS XE Release 3.1S

NPMP-Local

TCP/UDP

610

npmp-local

npmp-local

Cisco IOS XE Release 3.1S

NPMP-Trap

TCP/UDP

609

npmp-trap

npmp-trap

Cisco IOS XE Release 3.1S

NPP

TCP/UDP

92

Network Printing Protocol

npp

Cisco IOS XE Release 3.1S

NQS

TCP/UDP

607

nqs

nqs

Cisco IOS XE Release 3.1S

NS

TCP/UDP

760

ns

ns

Cisco IOS XE Release 3.1S

NSFNET-IGP

TCP/UDP

85

NSFNET-IGP

nsfnet-igp

Cisco IOS XE Release 3.1S

NSIIOPS

TCP/UDP

261

IIOP Name Service over TLS/SSL

nsiiops

Cisco IOS XE Release 3.1S

NSRMP

TCP/UDP

359

Network Security Risk Management Protocol

nsrmp

Cisco IOS XE Release 3.1S

NSS-Routing

TCP/UDP

159

NSS-Routing

nss-routing

Cisco IOS XE Release 3.1S

NSW-FE

TCP/UDP

27

NSW User System FE

nsw-fe

Cisco IOS XE Release 3.1S

Ntalk

TCP/UDP

518

Ntalk

ntalk

Cisco IOS XE Release 3.1S

NTP

TCP/UDP

123

Network Time Protocol

ntp

Cisco IOS XE Release 2.3 Cisco IOS XE Release 3.1S

Cisco IOS XE Release 3.1S

NVP-II

TCP/UDP

11

Network Voice Protocol

nvp-ii

NXEdit

TCP/UDP

126

nxedit

nxedit

Cisco IOS XE Release 3.1S

OBCBinder

TCP/UDP

183

ocbinder

ocbinder

Cisco IOS XE Release 3.1S

OBEX

TCP/UDP

650

obex

obex

Cisco IOS XE Release 3.1S

ObjCall

TCP/UDP

94

Tivoli Object Dispatcher

objcall

Cisco IOS XE Release 3.1S

OCS_AMU

TCP/UDP

429

ocs_amu

ocs_amu

Cisco IOS XE Release 3.1S

OCS_CMU

TCP/UDP

428

ocs_cmu

ocs_cmu

Cisco IOS XE Release 3.1S

OCServer

TCP/UDP

184

ocserver

ocserver

Cisco IOS XE Release 3.1S

ODMR

TCP/UDP

366

odmr

odmr

Cisco IOS XE Release 3.1S

OHIMSRV

TCP/UDP

506

ohimsrv

ohimsrv

Cisco IOS XE Release 3.1S

OLSR

TCP/UDP

698

olsr

olsr

Cisco IOS XE Release 3.1S

OMGInitialRefs

TCP/UDP

900

omginitialrefs

omginitialrefs

Cisco IOS XE Release 3.1S

OMServ

TCP/UDP

764

omserv

omserv

Cisco IOS XE Release 3.1S

ONMUX

TCP/UDP

417

onmux

onmux

Cisco IOS XE Release 3.1S

Opalis-RDV

TCP/UDP

536

Opalis-rdv

opalis-rdv

Cisco IOS XE Release 3.1S

Opalis-Robot

TCP/UDP

314

Opalis-robot

opalis-robot

Cisco IOS XE Release 3.1S

OPC-Job-Start

TCP/UDP

423

IBM Operations Planning and Control Start

opc-job-start

Cisco IOS XE Release 3.1S

OPC-Job-Track

TCP/UDP

424

IBM Operations Planning and Control Track

opc-job-track

Cisco IOS XE Release 3.1S

Openport

TCP/UDP

260

Openport

openport

Cisco IOS XE Release 3.5S

OpenVMS-Sysipc

TCP/UDP

557

Openvms-sysipc

openvms-sysipc

Cisco IOS XE Release 3.1S

Open VPN

-

-

Open VPN Protocol

openvpn

Cisco IOS XE Release 3.5S

OracleNames

TCP/UDP

1575

Oraclenames

oraclenames

Cisco IOS XE Release 3.1S

OracleNet8CMAN

TCP/UDP

1630

Oracle Net8 Cman

oraclenet8cman

Cisco IOS XE Release 3.1S

ORA-Srv

TCP/UDP

1525

Oracle TCP/IP Listener

ora-srv

Cisco IOS XE Release 3.1S

Orbix-Config

TCP/UDP

3076

Orbix 2000 Config

orbix-config

Cisco IOS XE Release 3.1S

Orbix-Locator

TCP/UDP

3075

Orbix 2000 Locator

orbix-locator

Cisco IOS XE Release 3.1S

Orbix-Loc-SSL

TCP/UDP

3077

Orbix 2000 Locator SSL

orbix-loc-ssl

Cisco IOS XE Release 3.1S

OSPF

TCP/UDP

89

Open Shortest Path First

ospf

Cisco IOS XE Release 3.1S

OSU-NMS

TCP/UDP

192

OSU Network Monitoring System

osu-nms

Cisco IOS XE Release 3.1S

Parsec-Game

TCP/UDP

6582

Parsec Gameserver

parsec-game

Cisco IOS XE Release 3.1S

Passgo

TCP/UDP

511

Passgo

passgo

Cisco IOS XE Release 3.1S

Passgo-Tivoli

TCP/UDP

627

Passgo-tivoli

passgo-tivoli

Cisco IOS XE Release 3.1S

Password-Chg

TCP/UDP

586

Password Change

password-chg

Cisco IOS XE Release 3.1S

Pawserv

TCP/UDP

345

Perf Analysis Workbench

pawserv

Cisco IOS XE Release 3.1S

PCMail-SRV

TCP/UDP

158

PCMail Server

pcmail-srv

Cisco IOS XE Release 3.1S

PDAP

TCP/UDP

344

Prospero Data Access Protocol

pdap

Cisco IOS XE Release 3.1S

Personal-link

TCP/UDP

281

Personal-link

personal-link

Cisco IOS XE Release 3.1S

PFTP

TCP/UDP

662

Parallel File Transfer Protocol

pftp

Cisco IOS XE Release 3.1S

PGM

TCP/UDP

113

PGM Reliable Transport Protocol

pgm

Cisco IOS XE Release 3.1S

Philips-VC

TCP/UDP

583

Philips Video-Conferencing

philips-vc

Cisco IOS XE Release 3.1S

Phonebook

TCP/UDP

767

Phone

phonebook

Cisco IOS XE Release 3.1S

Photuris

TCP/UDP

468

Photuris

photuris

Cisco IOS XE Release 3.1S

PIM

TCP/UDP

103

Protocol Independent Multicast

pim

Cisco IOS XE Release 3.1S

PIM-RP-DISC

TCP/UDP

496

PIM-RP-DISC

pim-rp-disc

Cisco IOS XE Release 3.1S

PIP

TCP/UDP

1321

pip

pip

Cisco IOS XE Release 3.1S

PIPE

TCP/UDP

131

Private IP Encapsulation within IP

pipe

Cisco IOS XE Release 3.1S

PIRP

TCP/UDP

553

pirp

pirp

Cisco IOS XE Release 3.1S

PKIX-3-CA-RA

TCP/UDP

829

PKIX-3 CA/RA

pkix-3-ca-ra

Cisco IOS XE Release 3.1S

PKIX-Timestamp

TCP/UDP

318

pkix-timestamp

pkix-timestamp

Cisco IOS XE Release 3.1S

PNNI

TCP/UDP

102

PNNI over IP

pnni

Cisco IOS XE Release 3.1S

Pop2

TCP/UDP

109

Post Office Protocol - Version 2

pop2

Cisco IOS XE Release 3.1S

Pop3

TCP/UDP

110, Heuristic

Post Office Protocol 3

pop3

Cisco IOS XE Release 3.1S

POV-Ray

TCP/UDP

494

pov-ray

pov-ray

Cisco IOS XE Release 3.1S

Powerburst

TCP/UDP

485

Air Soft Power Burst

powerburst

Cisco IOS XE Release 3.1S

PPStream

TCP/UDP

Heuristic

P2P TV Application

ppstream

Cisco IOS XE Release 3.1S

PPTP

TCP/UDP

1723

Point-to-Point Tunneling Protocol

pptp

Cisco IOS XE Release 3.1S

Cisco IOS XE Release 3.1S

Printer

TCP/UDP

515

spooler

printer

Print-SRV

TCP/UDP

170

Network PostScript

print-srv

Cisco IOS XE Release 3.1S

PRM

TCP/UDP

21

Packet Radio Measurement

prm

Cisco IOS XE Release 3.1S

PRM-NM

TCP/UDP

409

Prospero Resource Manager Node Man

prm-nm

Cisco IOS XE Release 3.1S

PRM-SM

TCP/UDP

408

Prospero Resource Manager Sys. Man

prm-sm

Cisco IOS XE Release 3.1S

Profile

TCP/UDP

136

PROFILE Naming System

profile

Cisco IOS XE Release 3.1S

Prospero

TCP/UDP

191

Prosper Directory Service

prospero

Cisco IOS XE Release 3.1S

PTCNameService

TCP/UDP

597

PTC Name Service

ptcnameservice

Cisco IOS XE Release 3.1S

PTP

TCP/UDP

123

Performance Transparency Protocol

ptp

Cisco IOS XE Release 3.1S

PTP-Event

TCP/UDP

319

PTP Event

ptp-event

Cisco IOS XE Release 3.1S

PTP-General

TCP/UDP

320

PTP General

ptp-general

Cisco IOS XE Release 3.1S

Pump

TCP/UDP

751

Pump

pump

Cisco IOS XE Release 3.1S

PUP

TCP/UDP

12

PUP

pup

Cisco IOS XE Release 3.1S

Purenoise

TCP/UDP

663

purenoise

purenoise

Cisco IOS XE Release 3.1S

PVP

TCP/UDP

75

Packet Video Protocol

pvp

Cisco IOS XE Release 3.1S

PWDGen

TCP/UDP

129

Password Generator Protocol

pwdgen

Cisco IOS XE Release 3.1S

QBIKGDP

TCP/UDP

368

qbikgdp

qbikgdp

Cisco IOS XE Release 3.1S

QFT

TCP/UDP

189

Queued File Transport

qft

Cisco IOS XE Release 3.1S

QMQP

TCP/UDP

628

qmqp

qmqp

Cisco IOS XE Release 3.1S

QMTP

TCP/UDP

209

The Quick Mail Transfer Protocol

qmtp

Cisco IOS XE Release 3.1S

QNX

TCP/UDP

106

QNX

qnx

Cisco IOS XE Release 3.1S

QoTD

TCP/UDP

17

Quote of the Day

qotd

Cisco IOS XE Release 3.1S

QRH

TCP/UDP

752

qrh

qrh

Cisco IOS XE Release 3.1S

QUOTD

TCP/UDP

762

quotad

quotad

Cisco IOS XE Release 3.1S

RAP

TCP/UDP

38

Route Access Protocol

rap

Cisco IOS XE Release 3.1S

RCMD

TCP

512-514

BSD r-commands

rcmd

Cisco IOS XE Release 3.3S

RCP

TCP/UDP

469

Radio Control Protocol

rcp

Cisco IOS XE Release 2.3 Cisco IOS XE Release 3.1S

RDA

TCP/UDP

630

rda

rda

Cisco IOS XE Release 3.1S

RDB-DBS-DISP

TCP/UDP

1571

Oracle Remote Data Base

rdb-dbs-disp

Cisco IOS XE Release 3.1S

RDP

TCP/UDP

27

Reliable Data Protocol

rdp

Cisco IOS XE Release 3.1S

Realm-RUSD

TCP/UDP

688

ApplianceWare managment protocol

realm-rusd

Cisco IOS XE Release 3.1S

RE-Mail-CK

TCP/UDP

50

Remote Mail Checking Protocol

re-mail-ck

Cisco IOS XE Release 3.1S

RemoteFS

TCP/UDP

556

rfs server

remotefs

Cisco IOS XE Release 3.1S

Remote-KIS

TCP/UDP

185

Remote-kis

remote-kis

Cisco IOS XE Release 3.1S

REPCMD

TCP/UDP

641

repcmd

repcmd

Cisco IOS XE Release 3.1S

REPSCMD

TCP/UDP

653

repscmd

repscmd

Cisco IOS XE Release 3.1S

RESCAP

TCP/UDP

283

rescap

rescap

Cisco IOS XE Release 3.1S

RIP

TCP/UDP

520

Routing Information Protocol

rip

Cisco IOS XE Release 3.1S

RIPING

TCP/UDP

521

ripng

ripng

Cisco IOS XE Release 3.1S

RIS

TCP/UDP

180

Intergraph

ris

Cisco IOS XE Release 3.1S

RIS-CM

TCP/UDP

748

Russell Info Sci Calendar Manager

ris-cm

Cisco IOS XE Release 3.1S

RJE

TCP/UDP

5

Remote Job Entry

rje

Cisco IOS XE Release 3.1S

RLP

TCP/UDP

39

Resource Location Protocol

rlp

Cisco IOS XE Release 3.1S

RLZDBASE

TCP/UDP

635

rlzdbase

rlzdbase

Cisco IOS XE Release 3.1S

RMC

TCP/UDP

657

rmc

rmc

Cisco IOS XE Release 3.1S

RMIActivation

TCP/UDP

1098

rmiactivation

rmiactivation

Cisco IOS XE Release 3.1S

RMIRegistry

TCP/UDP

1099

rmiregistry

rmiregistry

Cisco IOS XE Release 3.1S

RMonitor

TCP/UDP

560

Rmonitord

rmonitor

Cisco IOS XE Release 3.1S

RMT

TCP/UDP

411

Remote MT Protocol

rmt

Cisco IOS XE Release 3.1S

RPC2Portmap

TCP/UDP

369

rpc2portmap

rpc2portmap

Cisco IOS XE Release 3.1S

RRH

TCP/UDP

753

rrh

rrh

Cisco IOS XE Release 3.1S

RRP

TCP/UDP

648

Registry Registrar Protocol

rrp

Cisco IOS XE Release 3.1S

RSH-SPX

TCP/UDP

222

Berkeley rshd with SPX auth

rsh-spx

Cisco IOS XE Release 3.1S

RSVD

TCP/UDP

168

rsvd

rsvd

Cisco IOS XE Release 3.1S

RSVP_Tunnel

TCP/UDP

363

rsvp_tunnel

rsvp_tunnel

Cisco IOS XE Release 3.1S

RSVP-E2E-Ignore

TCP/UDP

134

RSVP-E2E-IGNORE

rsvp-e2e-ignore

Cisco IOS XE Release 3.1S

Rsync

TCP/UDP

873

Rsync

rsync

Cisco IOS XE Release 3.1S

RTelnet

TCP/UDP

107

Remote Telnet Service

rtelnet

Cisco IOS XE Release 2.3 Cisco IOS XE Release 3.1S

RTIP

TCP/UDP

771

rtip

rtip

Cisco IOS XE Release 3.1S

RTMP

TCP

Heuristic

Real Time Messaging Protocol

rtmp

Cisco IOS XE Release 3.4S

RTSPS

TCP/UDP

322

RTSPS

rtsps

Cisco IOS XE Release 3.1S

Rushd

TCP/UDP

696

Rushd

rushd

Cisco IOS XE Release 3.1S

RVD

TCP/UDP

66

MIT Remote Virtual Disk Protocol

rvd

Cisco IOS XE Release 3.1S

RXE

TCP/UDP

761

rxe

rxe

Cisco IOS XE Release 3.1S

SAFT

TCP/UDP

487

saft Simple Asynchronous File Transfer

saft

Cisco IOS XE Release 3.1S

Sanity

TCP/UDP

643

Sanity

sanity

Cisco IOS XE Release 3.1S

SAT-EXPAK

TCP/UDP

64

SATNET and Backroom EXPAK

sat-expak

Cisco IOS XE Release 3.1S

SAT-Mon

TCP/UDP

69

SATNET Monitoring

sat-mon

Cisco IOS XE Release 3.1S

SCC-Security

TCP/UDP

582

scc-security

scc-security

Cisco IOS XE Release 3.1S

SCC-SP

TCP/UDP

96

Semaphore Communications Sec. Pro.

scc-sp

Cisco IOS XE Release 3.1S

SCO-DTMgr

TCP/UDP

617

SCO Desktop Administration Server

sco-dtmgr

Cisco IOS XE Release 3.1S

SCOHELP

TCP/UDP

457

scohelp

scohelp

Cisco IOS XE Release 3.1S

SCOI2ODialog

TCP/UDP

360

scoi2odialog

scoi2odialog

Cisco IOS XE Release 3.1S

SCO-Inetmgr

TCP/UDP

615

Internet Configuration Manager

sco-inetmgr

Cisco IOS XE Release 3.1S

SCO-SysMgr

TCP/UDP

616

SCO System Administration Server

sco-sysmgr

Cisco IOS XE Release 3.1S

SCO-WebsrvrMg3

TCP/UDP

598

SCO Web Server Manager 3

sco-websrvrmg3

Cisco IOS XE Release 3.1S

SCO-WebsrvrMgr

TCP/UDP

620

SCO WebServer Manager

sco-websrvrmgr

Cisco IOS XE Release 3.1S

SCPS

TCP/UDP

105

SCPS

scps

Cisco IOS XE Release 3.1S

SCTP

TCP/UDP

132

Stream Control Transmission Protocol

sctp

Cisco IOS XE Release 3.1S

SCX-Proxy

TCP/UDP

470

scx-proxy

scx-proxy

Cisco IOS XE Release 3.1S

SDNSKMP

TCP/UDP

558

SDNSKMP

sdnskmp

Cisco IOS XE Release 3.1S

SDRP

TCP/UDP

42

Source Demand Routing Protocol

sdrp

Cisco IOS XE Release 3.1S

Secure-ftp

TCP/UDP

990

ftp protocol, control, over TLS/SSL

secure-ftp

Cisco IOS XE Release 3.1S

Secure-IRC

TCP/UDP

994

irc protocol over TLS

secure-irc

Cisco IOS XE Release 3.1S

Secure-LDAP

TCP/UDP

636

ldap protocol over TLS

secure-ldap

Cisco IOS XE Release 3.1S

Secure-NNTP

TCP/UDP

563

nntp protocol over TLS

secure-nntp

Cisco IOS XE Release 3.1S

Secure-Pop3

TCP/UDP

995

pop3 protocol over TLS

secure-pop3

Cisco IOS XE Release 3.1S

Secure-Telnet

TCP/UDP

992

telnet protocol over TLS

secure-telnet

Cisco IOS XE Release 3.1S

Secure-VMTP

TCP/UDP

82

SECURE-VMTP

secure-vmtp

Cisco IOS XE Release 3.1S

Semantix

TCP/UDP

361

Semantix

semantix

Cisco IOS XE Release 3.1S

Send

TCP/UDP

169

SEND

send

Cisco IOS XE Release 3.1S

Server-IPX

TCP/UDP

213

Internetwork Packet Exchange Protocol

server-ipx

Cisco IOS XE Release 3.1S

Servstat

TCP/UDP

633

Service Status update

servstat

Cisco IOS XE Release 3.1S

SET

TCP/UDP

257

Secure Electronic Transaction

set

Cisco IOS XE Release 3.1S

SFS-Config

TCP/UDP

452

Cray SFS config server

sfs-config

Cisco IOS XE Release 3.1S

SFS-SMP-Net

TCP/UDP

451

Cray Network Semaphore server

sfs-smp-net

Cisco IOS XE Release 3.1S

SFTP

TCP/UDP

115

Simple File Transfer Protocol

sftp

Cisco IOS XE Release 3.1S

SGCP

TCP/UDP

440

sgcp

sgcp

Cisco IOS XE Release 3.1S

SGMP

TCP/UDP

153

sgmp

sgmp

Cisco IOS XE Release 3.1S

SGMP-Traps

TCP/UDP

160

sgmp-traps

sgmp-traps

Cisco IOS XE Release 3.1S

Shockwave

TCP/UDP

1626

Shockwave

shockwave

Cisco IOS XE Release 3.1S

Shrinkwrap

TCP/UDP

358

Shrinkwrap

shrinkwrap

Cisco IOS XE Release 3.1S

SIAM

TCP/UDP

498

siam

siam

Cisco IOS XE Release 3.1S

SIFT-UFT

TCP/UDP

608

Sender-Initiated/Unsolicited File Transfer

sift-uft

Cisco IOS XE Release 3.1S

SILC

TCP/UDP

706

silc

silc

Cisco IOS XE Release 3.1S

SitaraDir

TCP/UDP

2631

Sitaradir

sitaradir

Cisco IOS XE Release 3.1S

SitaraMgmt

TCP/UDP

2630

Sitaramgmt

sitaramgmt

Cisco IOS XE Release 3.1S

Sitaraserver

TCP/UDP

2629

sitaraserver

sitaraserver

Cisco IOS XE Release 3.1S

SKIP

TCP/UDP

57

SKIP

skip

Cisco IOS XE Release 3.1S

SKRONK

TCP/UDP

460

skronk

skronk

Cisco IOS XE Release 3.1S

SM

TCP/UDP

122

SM

sm

Cisco IOS XE Release 3.1S

Smakynet

TCP/UDP

122

Smakynet

smakynet

Cisco IOS XE Release 3.1S

SmartSDP

TCP/UDP

426

Smartsdp

smartsdp

Cisco IOS XE Release 3.1S

SMP

TCP/UDP

121

Simple Message Protocol

smp

Cisco IOS XE Release 3.1S

SMPNameRes

TCP/UDP

901

smpnameres

smpnameres

Cisco IOS XE Release 3.1S

SMSD

TCP/UDP

596

smsd

smsd

Cisco IOS XE Release 3.1S

SMSP

TCP/UDP

413

Storage Management Services Protocol

smsp

Cisco IOS XE Release 3.1S

SMUX

TCP/UDP

199

SMUX

smux

Cisco IOS XE Release 3.1S

SNAGas

TCP/UDP

108

SNA Gateway Access Server

snagas

Cisco IOS XE Release 3.1S

Snare

TCP/UDP

509

Snare

snare

Cisco IOS XE Release 3.1S

S-Net

TCP/UDP

166

Sirius Systems

s-net

Cisco IOS XE Release 3.1S

SNP

TCP/UDP

109

Sitara Networks Protocol

snp

Cisco IOS XE Release 3.1S

SNPP

TCP/UDP

444

Simple Network Paging Protocol

snpp

Cisco IOS XE Release 3.1S

SNTP-Heartbeat

TCP/UDP

580

SNTP HEARTBEAT

sntp-heartbeat

Cisco IOS XE Release 3.1S

SoftPC

TCP/UDP

215

Insignia Solutions

softpc

Cisco IOS XE Release 3.1S

Sonar

TCP/UDP

572

Sonar

sonar

Cisco IOS XE Release 3.1S

SPMP

TCP/UDP

656

spmp

spmp

Cisco IOS XE Release 3.1S

Sprite-RPC

TCP/UDP

90

Sprite RPC Protocol

sprite-rpc

Cisco IOS XE Release 3.1S

SPS

TCP/UDP

130

Secure Packet Shield

sps

Cisco IOS XE Release 3.1S

SPSC

TCP/UDP

478

spsc

spsc

Cisco IOS XE Release 3.1S

SQL*Net

TCP/UDP

66

Oracle SQL*NET

sql*net

Cisco IOS XE Release 3.1S

SQLExec

TCP/UDP

9088

SQL Informix

sqlexec

Cisco IOS XE Release 3.1S

SQL-Net

TCP/UDP

150

SQL-NET

sql-net

Cisco IOS XE Release 3.1S

Cisco IOS XE Release 3.1S

SQLServ

TCP/UDP

118

SQL Services

sqlserv

SQLServer

TCP/UDP

1433

Microsoft-SQL-Server

sqlserver

Cisco IOS XE Release 3.1S

SRC

TCP/UDP

200

IBM System Resource Controller

src

Cisco IOS XE Release 3.1S

SRMP

TCP/UDP

193

Spider Remote Monitoring Protocol

srmp

Cisco IOS XE Release 3.1S

SRP

TCP/UDP

119

SpectraLink Radio Protocol

srp

Cisco IOS XE Release 3.1S

SRSSend

TCP/UDP

362

srssend

srssend

Cisco IOS XE Release 3.1S

SS7NS

TCP/UDP

477

ss7ns

ss7ns

Cisco IOS XE Release 3.1S

SSCOPMCE

TCP/UDP

128

SSCOPMCE

sscopmce

Cisco IOS XE Release 3.1S

SSH

TCP/UDP

22

Secure Shell Protocol

ssh

Cisco IOS XE Release 3.1S

Sshell

TCP/UDP

614

SSLshell

sshell

Cisco IOS XE Release 3.1S

SSL

-

-

Secure Socket Layer Protocol

ssl

Cisco IOS XE Release 3.5S

SST

TCP/UDP

266

SCSI on ST

sst

Cisco IOS XE Release 3.1S

ST

TCP/UDP

5

Stream

st

Cisco IOS XE Release 3.1S

StatSRV

TCP/UDP

133

Statistics Service

statsrv

Cisco IOS XE Release 3.1S

STMF

TCP/UDP

501

stmf

stmf

Cisco IOS XE Release 3.1S

STP

TCP/UDP

118

Schedule Transfer Protocol

stp

Cisco IOS XE Release 3.1S

StreetTalk

TCP/UDP

566

Streettalk

streettalk

Cisco IOS XE Release 3.1S

Stun-NAT

TCP/UDP

3478

STUN

stun-nat

Cisco IOS XE Release 3.1S

STX

TCP/UDP

527

Stock IXChange

stx

Cisco IOS XE Release 3.1S

Submission

TCP/UDP

587

Submission

submission

Cisco IOS XE Release 3.1S

Subntbcst_TFTP

TCP/UDP

247

subntbcst_tftp

subntbcst_tftp

Cisco IOS XE Release 3.1S

SU-MIT-TG

TCP/UDP

89

SU/MIT Telnet Gateway

su-mit-tg

Cisco IOS XE Release 3.1S

Sun-DR

TCP/UDP

665

sun-dr

sun-dr

Cisco IOS XE Release 3.1S

Sun-ND

TCP/UDP

77

SUN ND PROTOCOL-Temporary

sun-nd

Cisco IOS XE Release 3.1S

SupDup

TCP/UDP

95

SUPDUP

supdup

Cisco IOS XE Release 3.1S

Surf

TCP/UDP

1010

Surf

surf

Cisco IOS XE Release 3.1S

Sur-Meas

TCP/UDP

243

Survey Measurement

sur-meas

Cisco IOS XE Release 3.1S

Svrloc

TCP/UDP

427

Server Location

svrloc

Cisco IOS XE Release 3.1S

Swift-RVF

TCP/UDP

97

Swift Remote Virtural File Protocol

swift-rvf

Cisco IOS XE Release 3.1S

Swipe

TCP/UDP

53

IP with Encryption

swipe

Cisco IOS XE Release 3.1S

Synoptics-Trap

TCP/UDP

412

Trap Convention Port

synoptics-trap

Cisco IOS XE Release 3.1S

Synotics-Broker

TCP/UDP

392

SynOptics Port Broker Port

synotics-broker

Cisco IOS XE Release 3.1S

Synotics-Relay

TCP/UDP

391

SynOptics SNMP Relay Port

synotics-relay

Cisco IOS XE Release 3.1S

Systat

TCP/UDP

11

Active Users

systat

Cisco IOS XE Release 2.3 Cisco IOS XE Release 3.1S

TACACS

TCP/UDP

49, 65

Terminal Access Controller Access Control System

tacacs

Cisco IOS XE Release 2.3 Cisco IOS XE Release 3.1S

TAC News

TCP/UDP

98

TAC News

tacnews

Cisco IOS XE Release 3.1S

Talk

TCP/UDP

517

Talk

talk

Cisco IOS XE Release 3.1S

TCF

TCP/UDP

87

TCF

tcf

Cisco IOS XE Release 3.1S

Cisco IOS XE Release 3.1S

TD-Replica

TCP/UDP

268

Tobit David Replica

td-replica

TD-Service

TCP/UDP

267

Tobit David Service Layer

td-service

Cisco IOS XE Release 3.1S

Teedtap

TCP/UDP

559

Teedtap

teedtap

Cisco IOS XE Release 3.1S

Tell

TCP/UDP

754

Send

tell

Cisco IOS XE Release 3.1S

Telnet

TCP/UDP

23

Telnet

telnet

Cisco IOS XE Release 3.1S

Tempo

TCP/UDP

526

newdate

tempo

Cisco IOS XE Release 3.1S

Tenfold

TCP/UDP

658

Tenfold

tenfold

Cisco IOS XE Release 3.1S

Texar

TCP/UDP

333

Texar Security Port

texar

Cisco IOS XE Release 3.1S

TICF-1

TCP/UDP

492

Transport Independent Convergence for FNA

ticf-1

Cisco IOS XE Release 3.1S

TICF-2

TCP/UDP

493

Transport Independent Convergence for FNA

ticf-2

Cisco IOS XE Release 3.1S

Timbuktu

TCP/UDP

407

Timbuktu

timbuktu

Cisco IOS XE Release 3.1S

Time

TCP/UDP

37

Time

time

Cisco IOS XE Release 2.3 Cisco IOS XE Release 3.1S

Timed

TCP/UDP

525

Timeserver

timed

Cisco IOS XE Release 3.1S

TINC

TCP/UDP

655

tinc

tinc

Cisco IOS XE Release 3.1S

TLISRV

TCP/UDP

1527

Oracle

tlisrv

Cisco IOS XE Release 3.1S

TLSP

TCP/UDP

56

Transport Layer Security Protocol

tlsp

Cisco IOS XE Release 3.1S

TNETOS

TCP/UDP

377

NEC Corporation

tnETOS

Cisco IOS XE Release 3.1S

TNS-CML

TCP/UDP

590

tns-cml

tns-cml

Cisco IOS XE Release 3.1S

TN-TL-FD1

TCP/UDP

476

tn-tl-fd1

tn-tl-fd1

Cisco IOS XE Release 3.1S

TOR

-

-

TOR Anonymity Online

tor

Cisco IOS XE Release 3.5S

TP++

TCP/UDP

39

TP++ Transport Protocol

tp++

Cisco IOS XE Release 3.1S

TPIP

TCP/UDP

594

tpip

tpip

Cisco IOS XE Release 3.1S

Trunk-1

TCP/UDP

23

Trunk-1

trunk-1

Cisco IOS XE Release 3.1S

Trunk-2

TCP/UDP

24

Trunk-2

trunk-2

Cisco IOS XE Release 3.1S

TServer

TCP/UDP

450

Computer Supported Telecomunication Applications

tserver

Cisco IOS XE Release 3.1S

TTP

TCP/UDP

84

TTP

ttp

Cisco IOS XE Release 3.1S

UAAC

TCP/UDP

145

UAAC Protocol

uaac

Cisco IOS XE Release 3.1S

UARPs

TCP/UDP

219

Unisys ARPs

uarps

Cisco IOS XE Release 3.1S

UDPLite

TCP/UDP

136

UDPLite

udplite

Cisco IOS XE Release 3.1S

UIS

TCP/UDP

390

uis

uis

Cisco IOS XE Release 3.1S

uLISTProc

TCP/UDP

372

List Processor

ulistproc

Cisco IOS XE Release 3.1S

ULP

TCP/UDP

522

ulp

ulp

Cisco IOS XE Release 3.1S

ULPNet

TCP/UDP

483

ulpnet

ulpnet

Cisco IOS XE Release 3.1S

Unidata-LDM

TCP/UDP

388

Unidata LDM

unidata-ldm

Cisco IOS XE Release 3.1S

Unify

TCP/UDP

181

Unify

unify

Cisco IOS XE Release 3.1S

UPS

TCP/UDP

401

Uninterruptible Power Supply

ups

Cisco IOS XE Release 3.1S

URM

TCP/UDP

606

Cray Unified Resource Manager

urm

Cisco IOS XE Release 3.1S

UTI

TCP/UDP

120

UTI

uti

Cisco IOS XE Release 3.1S

Utime

TCP/UDP

519

Unixtime

utime

Cisco IOS XE Release 3.1S

UTMPCD

TCP/UDP

431

utmpcd

utmpcd

Cisco IOS XE Release 3.1S

UTMPSD

TCP/UDP

430

utmpsd

utmpsd

Cisco IOS XE Release 3.1S

UUCP

TCP/UDP

540

uucpd

uucp

Cisco IOS XE Release 3.1S

UUCP-Path

TCP/UDP

117

UUCP Path Service

uucp-path

Cisco IOS XE Release 3.1S

UUCP-rLogin

TCP/UDP

541

uucp-rlogin

uucp-rlogin

Cisco IOS XE Release 3.1S

UUIDGEN

TCP/UDP

697

UUIDGEN

uuidgen

Cisco IOS XE Release 3.1S

VACDSM-App

TCP/UDP

671

VACDSM-APP

vacdsm-app

Cisco IOS XE Release 3.1S

VACDSM-SWS

TCP/UDP

670

VACDSM-SWS

vacdsm-sws

Cisco IOS XE Release 3.1S

VATP

TCP/UDP

690

Velazquez Application Transfer Protocol

vatp

Cisco IOS XE Release 3.1S

VEMMI

TCP/UDP

575

vemmi

vemmi

Cisco IOS XE Release 3.1S

VID

TCP/UDP

769

vid

vid

Cisco IOS XE Release 3.1S

Videotex

TCP/UDP

516

videotex

videotex

Cisco IOS XE Release 3.1S

VISA

TCP/UDP

70

VISA Protocol

visa

Cisco IOS XE Release 3.1S

VNC

TCP/UDP

5800, 5900, 5901

Virtual Network Computing

vnc

Cisco IOS XE Release 2.3S

VMNet

TCP/UDP

175

vmnet

vmnet

Cisco IOS XE Release 3.1S

VMPWSCS

TCP/UDP

214

vmpwscs

vmpwscs

Cisco IOS XE Release 3.1S

VMTP

TCP/UDP

81

VMTP

vmtp

Cisco IOS XE Release 3.1S

VNAS

TCP/UDP

577

vnas

vnas

Cisco IOS XE Release 3.1S

VPP

TCP/UDP

677

Virtual Presence Protocol

vpp

Cisco IOS XE Release 3.1S

VPPS-QUA

TCP/UDP

672

vpps-qua

vpps-qua

Cisco IOS XE Release 3.1S

VPPS-VIA

TCP/UDP

676

vpps-via

vpps-via

Cisco IOS XE Release 3.1S

VRRP

TCP/UDP

112

Virtual Router Redundancy Protocol

vrrp

Cisco IOS XE Release 3.1S

VSINet

TCP/UDP

996

vsinet

vsinet

Cisco IOS XE Release 3.1S

VSLMP

TCP/UDP

312

vslmp

vslmp

Cisco IOS XE Release 3.1S

WAP-Push

TCP/UDP

2948

WAP PUSH

wap-push

Cisco IOS XE Release 3.1S

WAP-Push-HTTP

TCP/UDP

4035

WAP Push OTA-HTTP port

wap-push-http

Cisco IOS XE Release 3.1S

WAP-Push-HTTPS

TCP/UDP

4036

WAP Push OTA-HTTP secure

wap-push-https

Cisco IOS XE Release 3.1S

WAP-Pushsecure

TCP/UDP

2949

WAP PUSH SECURE

wap-pushsecure

Cisco IOS XE Release 3.1S

WAP-VACL-S

TCP/UDP

9207

WAP vCal Secure

wap-vcal-s

Cisco IOS XE Release 3.1S

WAP-VCAL

TCP/UDP

9205

WAP vCal

wap-vcal

Cisco IOS XE Release 3.1S

WAP-VCARD

TCP/UDP

9204

WAP vCard

wap-vcard

Cisco IOS XE Release 3.1S

WAP-VCARD-S

TCP/UDP

9206

WAP vCard Secure

wap-vcard-s

Cisco IOS XE Release 3.1S

WAP-WSP

TCP/UDP

9200

WAP connectionless session service

wap-wsp

Cisco IOS XE Release 3.1S

WAP-WSP-S

TCP/UDP

9202

WAP secure connectionless session service

wap-wsp-s

Cisco IOS XE Release 3.1S

WAP-WSP-WTP

TCP/UDP

9201

WAP session service

wap-wsp-wtp

Cisco IOS XE Release 3.1S

WAP-WSP-WTP-S

TCP/UDP

9203

WAP secure session service

wap-wsp-wtp-s

Cisco IOS XE Release 3.1S

WB-Expak

TCP/UDP

79

WIDEBAND EXPAK

wb-expak

Cisco IOS XE Release 3.1S

WB-Mon

TCP/UDP

78

WIDEBAND Monitoring

wb-mon

Cisco IOS XE Release 3.1S

Webster

TCP/UDP

765

Webster

webster

Cisco IOS XE Release 3.1S

Webex Meeting

TCP

Heuristic

Webex Meeting

webex-meeting

Cisco IOS XE Release 3.4S

WhoAmI

TCP/UDP

565

whoami

whoami

Cisco IOS XE Release 3.1S

Whois++

TCP/UDP

63

whois++ Service

whois++

Cisco IOS XE Release 2.3 Cisco IOS XE Release 3.1S

Winny

-

-

winny2 and winnyP traffic

winny

Cisco IOS XE Release 3.5S

Windows Update

TCP

80, 443, Heuristic

Windows Update

windows-update

Cisco IOS XE Release 3.4S

WorldFusion

TCP/UDP

2595

World Fusion

worldfusion

Cisco IOS XE Release 3.1S

WPGS

TCP/UDP

780

wpgs

wpgs

Cisco IOS XE Release 3.1S

WSN

TCP/UDP

74

Wang Span Network

wsn

Cisco IOS XE Release 3.1S

XAct-Backup

TCP/UDP

911

Xact-backup

xact-backup

Cisco IOS XE Release 3.1S

X-Bone-CTL

TCP/UDP

265

Xbone CTL

x-bone-ctl

Cisco IOS XE Release 3.1S

XDMCP

TCP/UDP

177

X Display Manager Control Protocol

xdmcp

Cisco IOS XE Release 2.3 Cisco IOS XE Release 3.1S

XDTP

TCP/UDP

3088

eXtensible Data Transfer Protocol

xdtp

Cisco IOS XE Release 3.1S

XFER

TCP/UDP

82

XFER Utility

xfer

Cisco IOS XE Release 3.1S

XMPP Client

-

-

XMPP Client Connection

xmpp-client

Cisco IOS XE Release 3.5S

XNET

TCP/UDP

15

Cross Net Debugger

xnet

Cisco IOS XE Release 3.1S

XNS-Auth

TCP/UDP

56

XNS Authentication

xns-auth

Cisco IOS XE Release 3.1S

XNS-CH

TCP/UDP

54

XNS Clearinghouse

xns-ch

Cisco IOS XE Release 3.1S

XNS-Courier

TCP/UDP

165

Xerox

xns-courier

Cisco IOS XE Release 3.1S

XEROX NS IDP

XNS-IDP

22

XEROX NS IDP

xns-idp

Cisco IOS XE Release 3.1S

XNS-Mail

TCP/UDP

58

XNS mail

xns-mail

Cisco IOS XE Release 3.1S

XNS-Time

TCP/UDP

52

XNS Time Protocol

xns-time

Cisco IOS XE Release 3.1S

XTP

TCP/UDP

36

XTP

xtp

Cisco IOS XE Release 3.1S

XVTTP

TCP/UDP

508

xvttp

xvttp

Cisco IOS XE Release 3.1S

XYPlex-Mux

TCP/UDP

173

Xyplex

xyplex-mux

Cisco IOS XE Release 3.1S

X Windows

TCP

6000-6003

X Window System

xwindows

Cisco IOS XE Release 2.3 Cisco IOS XE Release 3.1S

z39.50

TCP/UDP

210

ANSI Z39.50

z39.50

Cisco IOS XE Release 3.1S

Zannet

TCP/UDP

317

Zannet

zannet

Cisco IOS XE Release 3.1S

ZServ

TCP/UDP

346

Zebra server

zserv

Cisco IOS XE Release 3.1S

AN

IP

107

Active Networks

an

Cisco IOS XE Release 3.1S

AOL-Protocol5

Cisco IOS XE Release 3.3S

TCP

5190

America OnLine Protocol

aol-protocol

ARGUS

IP

13

ARGUS

argus

Cisco IOS XE Release 3.1S

ARIS

IP

104

ARIS

aris

Cisco IOS XE Release 3.1S

AX25

IP

93

AX.25 Frames

ax25

Cisco IOS XE Release 3.1S

BBNR RCC Mon

IP

10

BBN RCC Monitoring

bbnrccmon

Cisco IOS XE Release 3.1S

BLIZWOW

TCp, UDP

3724

World of Warcraft Gaming Protocol

blizwow

Cisco IOS XE Release 3.1S

BNA

IP

49

BNA

bna

Cisco IOS XE Release 3.1S

BR-SAT-Mon

IP

76

Backroom SATNET Monitoring

br-sat-mon

Cisco IOS XE Release 3.1S

CBT

IP

7

CBT

cbt

Cisco IOS XE Release 3.1S

CFTP

IP

62

CFTP

cftp

Cisco IOS XE Release 3.1S

Choas

IP

16

Chaos

chaos

Cisco IOS XE Release 3.1S

Compaq-Peer

IP

110

Compaq Peer Protocol

compaq-peer

Cisco IOS XE Release 3.1S

CPHB

IP

73

Computer Protocol Heart Beat

cphb

Cisco IOS XE Release 3.1S

CPNX

IP

72

Computer Protocol Network Executive

cpnx

Cisco IOS XE Release 3.1S

CRTP

IP

126

Combat Radio Transport Protocol

crtp

Cisco IOS XE Release 3.1S

CRUDP

IP

127

Combat Radio User Datagram

crudp

Cisco IOS XE Release 3.1S

DCCP

IP

33

Datagram Congestion Control Protocol

dccp

Cisco IOS XE Release 3.1S

DCN-Meas

IP

19

DCN Measurement Subsystems

dcn-meas

Cisco IOS XE Release 3.1S

DDP

IP

37

Datagram Delivery Protocol

ddp

Cisco IOS XE Release 3.1S

DDX

IP

116

D-II Data Exchange

ddx

Cisco IOS XE Release 3.1S

DGP

IP

86

Dissimilar Gateway Protocol

dgp

Cisco IOS XE Release 3.1S

DSR

IP

48

Dynamic Source Routing Protocol

dsr

Cisco IOS XE Release 3.1S

EGP

IP

8

Exterior Gateway Protocol

egp

Cisco IOS XE Release 3.1S

EIGRP

IP

88

Enhanced Interior Gateway Routing Protocol

eigrp

Cisco IOS XE Release 3.1S

EMCON

IP

14

EMCON

emcon

Cisco IOS XE Release 3.1S

Encap

IP

98

Encapsulation Header

encap

15.1(3)T

EtherIP

IP

97

Ethernet-within-IP Encapsulation

etherip

Cisco IOS XE Release 3.1S

FC

IP

133

Fibre Channel

fc

Cisco IOS XE Release 3.1S

FIRE

IP

125

FIRE

fire

Cisco IOS XE Release 3.1S

GGP

IP

3

Gateway-to-Gateway

ggp

Cisco IOS XE Release 3.1S

GMTP

IP

100

GMTP

gmtp

Cisco IOS XE Release 3.1S

GRE

IP

47

General Routing Encapsulation

gre

Cisco IOS XE Release 3.1S

HIP

IP

139

Host Identity Protocol

hip

Cisco IOS XE Release 3.1S

HMP

IP

20

Host Monitoring

hmp

Cisco IOS XE Release 3.1S

HopOpt

IP

0

IPv6 Hop-by-Hop Option

hopopt

Cisco IOS XE Release 3.1S

ICQ

TCP

80, Heuristic

I seek you Instant Messaging Protocol

icq

Cisco IOS XE Release 3.3S

IATP

IP

117

Interactive Agent Transfer Protocol

iatp

Cisco IOS XE Release 3.1S

ICMP

IP

1

Internet Control Message

icmp

Cisco IOS XE Release 3.1S

IDPR

IP

35

Inter-Domain Policy Routing Protocol

idpr

Cisco IOS XE Release 3.1S

IDPR-CMTP

IP

38

IDPR Control Message Transport Protocol

idpr-cmtp

Cisco IOS XE Release 3.1S

IDRP

IP

45

Inter-Domain Routing Protocol

idrp

Cisco IOS XE Release 3.1S

IFMP

IP

101

Ipsilon Flow Management Protocol

ifmp

Cisco IOS XE Release 3.1S

IGRP

IP

9

Cisco interior gateway

igrp

Cisco IOS XE Release 3.1S

IL

IP

40

IL Transport Protocol

il

Cisco IOS XE Release 3.1S

I-NLSP

IP

52

Integrated Net Layer Security TUBA

i-nlsp

Cisco IOS XE Release 3.1S

IMPCOMP

IP

108

IP Payload Compression Protocol

ipcomp

Cisco IOS XE Release 3.1S

IPCU

IP

71

Internet Packet Core Utility

ipcu

Cisco IOS XE Release 3.1S

IPinIP

IP

4

IP in IP

ipinip

Cisco IOS XE Release 3.1S

IPIP

IP

94

IP-within-IP Encapsulation Protocol

ipip

Cisco IOS XE Release 3.1S

IPLT

IP

129

IPLT

iplt

Cisco IOS XE Release 3.1S

IPPC

IP

67

Internet Pluribus Packet Core

ippc

Cisco IOS XE Release 3.1S

IPv6-Frag

IP

44

Fragment Header for IPv6

ipv6-frag

Cisco IOS XE Release 3.1S

IPv6-ICMP

IP

58

ICMP for IPv6

ipv6-icmp

Cisco IOS XE Release 3.1S

IPv6INIP

IP

41

Ipv6 encapsulated

ipv6inip

Cisco IOS XE Release 3.1S

IPv6-NONXT

IP

59

No Next Header for IPv6

ipv6-nonxt

Cisco IOS XE Release 3.1S

IPv6-Opts

IP

60

Destination Options for IPv6

ipv6-opts

Cisco IOS XE Release 3.1S

IPv6-Route

IP

43

Routing Header for IPv6

ipv6-route

Cisco IOS XE Release 3.1S

IRTP

IP

28

Internet Reliable Transaction

irtp

Cisco IOS XE Release 3.1S

ISIS

IP

124

ISIS over IPv4

isis

Cisco IOS XE Release 3.1S

ISO-TP4

IP

29

ISO Transport Protocol Class 4

iso-tp4

Cisco IOS XE Release 3.1S

IXP-in-IP

IP

111

IPX in IP

ixp-in-ip

Cisco IOS XE Release 3.1S

LARP

IP

91

Locus Address Resolution Protocol

larp

Cisco IOS XE Release 3.1S

Leaf-1

IP

25

Leaf-1

leaf-1

Cisco IOS XE Release 3.1S

6to4 IPv6 Tunneled

L3 Protocol

--

6to4 IPv6 Tunneled

6to4 IPv6 Tunneled

Cisco IOS XE Release 3.2S

AYIYA IPv6 Tunneled

UDP

5072

IPv6 Tunneled based on AYIYA traffic

AYIYA IPv6 Tunneled

Cisco IOS XE Release 3.2S

BabelGum

TCP, UDP

80 + Heuristic

BabelGum

BabelGum

Cisco IOS XE Release 3.2S

Baidu Movie

TCP, UDP

80 + Heuristic

Baidu Movie

Baidu Movie

Cisco IOS XE Release 3.2S

DHCP

UDP

67,68

Dynamic Host Configuration Protocol

dhcp

Cisco IOS XE Release 3.2S

DHT

UDP

Heuristic

Distributed sloppy Hash Table Protocol

DHT

Cisco IOS XE Release 3.2S

Filetopia

TCP

Heuristic

Filetopia P2P file sharing

filetopia

Cisco IOS XE Release 3.2S

Fring-VoIP

UDP

Heuristic

Fring VoIP

fring-voip

Cisco IOS XE Release 3.3S

GoogleEarth

TCP

80 + Heuristic

GoogleEarth

GoogleEarth

Cisco IOS XE Release 3.2S

Guruguru

TCP

Heuristic

Guruguru

guruguru

Cisco IOS XE Release 3.2S

IMAP

TCP

143,220

Internet Mail Access Protocol

imap

Cisco IOS XE Release 3.2S

IRC

TCP

80 + Heuristic

IRC

IRC

Cisco IOS XE Release 3.2S

ISATAP IPv6 Tunneled

L3 Protocol

Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) IPv6 Tunneled

ISATAP IPv6 Tunneled

Cisco IOS XE Release 3.2S

iTunes

TCP

80 + Heuristic

iTunes

iTunes

Cisco IOS XE Release 3.2S

Kuro

TCP

Heuristic

Kuro

kuro

Cisco IOS XE Release 3.3S

Manolito

TCP, UDP

TCP - Heuristic port, UDP - 41170

Manolito P2P music sharing protocol

manolito

Cisco IOS XE Release 3.2S

MapleStory

TCP

Heuristic

Maple Story Gaming Protocol

MapleStory

Cisco IOS XE Release 3.2S

Cisco IOS XE Release 3.2S

MGCP

TCP, UDP

UDP 2427/2727 - TCP 2427/2428/2727 + Heuristic

Media Gateway Control Protocol

mgcp

Microsoftds

TCP, UDP

445

Microsoft-ds

microsoftds

Cisco IOS XE Release 3.3S

MSN Messenger

TCP

1080,1863, 80, Hueristic

MSN Messenger

msn-messenger

Cisco IOS XE Release 3.3S

MyJabber File Transfer

TCP

Heuristic

MyJabber File Transfer

MyJabber File Transfer

Cisco IOS XE Release 3.2S

Napster

TCP

80 + Heuristic

Napster

napster

Cisco IOS XE Release 3.2S

Netshow

TCP

1755 + Heuristic

Netshow

netshow

Cisco IOS XE Release 3.2S

NNTP

TCP

TCP - 119 + Heuristic, UDP -119

Network News Transfer Protocol

NNTP

Cisco IOS XE Release 3.2S

NTP

UDP

123

Network Time Protocol

NTP

Cisco IOS XE Release 3.2S

Pando

TCP,UDP

TCP - 80 + Heuristic, UDP - Heuristic

Pando

Pando

Cisco IOS XE Release 3.2S

POCO

TCP, UDP

Heuristic

POCO File-Sharing Application

POCO

Cisco IOS XE Release 3.2S

POP3

TCP

110, Heuristic

POP3

POP3

Cisco IOS XE Release 3.2S

PPTP

TCP

1723

Point-to-Point Tunneling Protocol

pptp

Cisco IOS XE Release 3.2S

RADIUS

UDP

1812, 1813

Remote Authentication Dial In User Service protocol

radius

Cisco IOS XE Release 3.3S

Cisco IOS XE Release 3.1S

SIP

TCP, UDP

TCP/UDP - 5060 + Heuristic

Session Initiation Protocol

sip

Skinny

TCP

2000-2002

Skinny Call Control Protocol

skinny

Cisco IOS XE Release 3.3S

Soribada

TCP

TCP - 80 + Heuristic, UDP - Heuristic

Soribada, Korean P2P music sharing Protocol

soribada

Cisco IOS XE Release 3.2S

Soulseek

TCP

Heuristic

SoulSeek internet download manager Protocol

soulseek

Cisco IOS XE Release 3.3S

TeamSpeak

UDP

Heuristic

TeamSpeak internet based voice-conferencing Protocol

TeamSpeak

Cisco IOS XE Release 3.2S

Telepresence-control

TCP,UDP

TCP- 5060, UDP- Heuristic

Telepresence-control

telepresence-control

Cisco IOS XE Release 3.2S

Teredo IPv6 Tunneled

TCP,UDP

TCP- Heuristic, UDP - 3544 + Heuristic

Teredo IPv6 Tunneled

teredo-ipv6-tunneled

Cisco IOS XE Release 3.2S

TFTP

UDP

69

Trivial File Transfer Protocol

tftp

Cisco IOS XE Release 3.2S

TomatoPang

TCP

Heuristic

TomatoPang P2P Sharing Protocol

TomatoPang

Cisco IOS XE Release 3.2S

Tunnel-HTTP

TCP

80 + Heuristic

HTTP Tunneling

tunnel-http

Cisco IOS XE Release 3.2S

Ventrilo

TCP, UDP

Heuristic

Ventrilo VoIP Protocol

Ventrilo

Cisco IOS XE Release 3.2S

Waste

TCP/UDP

Heuristic

Waste

waste

Cisco IOS XE Release 3.3S

WebThunder

TCP, UDP

TCP-80, UDP-Heuristic

WebThunder Peer-to-Peer File Sharing

WebThunder

Cisco IOS XE Release 3.2S

Yahoo-Messenger

TCP

TCP-5050/5101/1080/119/80 /Heuristic

Yahoo Messenger

yahoo-messenger

Cisco IOS XE Release 3.3S

Yahoo-Messenger- VoIP

TCP/UDP

Heuristic

Yahoo Messenger VoIP

yahoo-voip-messenger

Cisco IOS XE Release 3.3S

Yahoo-Messenger- VoIP

Yahoo-VoIP-over- SIP

TCP/UDP

5060/Heuristic

Yahoo VoIP over SIP

yahoo-voip-over-sip

Cisco IOS XE Release 3.4S

1 For Cisco IOS XE Release 2.5, Cisco supports Exchange 03 and 07 only. MS client access is recognized, but web client access is not recognized.
2 Cisco software supports Skype 1.0, 2.5, 3.0, and 4.0. In Skype 4.0, the classification may not be complete.
3 BitTorrent classifies only unencrypted traffic.
4 eDonkey classifies only unencrypted traffic.
5 AOL-Protocol classifies traffic shared between ICQ and AOL clients.

NBAR Protocol Discovery

NBAR includes a feature called Protocol Discovery. Protocol discovery provides an easy way to discover protocol packets passing through an interface. For more information about Protocol Discovery, see the "Enabling Protocol Discovery" module.

NBAR Protocol Discovery MIB

The NBAR Protocol Discovery MIB expands the capabilities of NBAR Protocol Discovery by providing the following new functionality through Simple Network Management Protocol (SNMP):

  • Enable or disable Protocol Discovery per interface.
  • Display Protocol Discovery statistics.
  • Configure and display multiple top-n tables that list protocols by bandwidth usage.
  • Configure thresholds based on traffic of particular NBAR-supported protocols or applications that report breaches and send notifications when these thresholds are exceeded.

For more information about the NBAR Protocol Discovery MIB, see the "Network-Based Application Recognition Protocol Discovery Management Information Base" module.

NBAR Configuration Processes

You can configure NBAR in the following two ways:

  • Configuring NBAR using the MQC
  • Enabling Protocol Discovery

For more information about the NBAR configuration, see the Cisco IOS XE QoS Configuration Guide.

Restarting NBAR

NBAR is restarted under the following circumstances.

  • Custom protocol addition via CLI
  • PDLM load
  • RP switchover
  • FP switchover
  • Protocol pack installation
  • Link-age change

Restart involves deactivating and reactivating NBAR. During this time, all packets are classified as 'Unknown' by NBAR. Once NBAR is reactivated, classification is activated.


Note
Protocol Discovery statistics will be lost with RP Switchover.

NBAR Protocol Pack

The NBAR Protocol Pack provides an easy way to update protocols supported by NBAR without replacing the base IOS image that is already present in the router. A protocol pack is a set of protocols developed and packed together. For more information about the NBAR Protocol Pack, see the NBAR Protocol Pack feature document in Cisco IOS XE QoS Configuration Guide.

NBAR and Multipacket Classification

In Cisco IOS XE Release 3.3S, NBAR provides the ability to search large number of multipacket signatures simultaneously. This new technique is supported for many of the new protocols in Cisco IOS XE Release 3.3S and later releases. This technique also provides improved performance and accuracy for other protocols. Along with the support for new signatures, the multipacket classification capabilities change NBAR behavior in the following ways:

  1. NBAR classification requires any number of payload packets between 1 and 15 packets in a flow depending on the protocol. Retransmitted packets are not counted in this process of calculation.
  2. NBAR will not classify flows without any payload packets or any TCP payload packet with a wrong sequence number even if there are 15 payload packets for classification.
  3. TCP retransmitted packets are not counted as valid packets for classification in the Multipacket Engine module. These type of packets can delay the classification until a sufficient number of valid payload packets are accumulated.
  4. Payload packets with only static signatures in NBAR are classified after the single-packet and multipacket protocols are processed and failed. Therefore, a maximum of 15 payload packets can be classified as unknown until the final (static) classification decision is taken.
  5. Due to these restrictions, custom protocols can be used to force the classification of the first packet, ignoring the existence of payload or correct sequence numbers in the port-based classification.

NBAR on VRF Interfaces

In Cisco IOS XE Release 3.3S and later releases, the NBAR IPv4 and IPv6 classification on VRF interfaces is supported.


Note
Classification for Citrix protocol with "app" subclassification is not guaranteed on VRF interfaces when NBAR is enabled on VRF interfaces.

NBAR and IPv6

In Cisco IOS XE Release 3.3S and later releases, the following types of classification are supported:

  • NBAR provides static port-based classification and IP protocol-based classification for IPv6 packets.
  • NBAR supports IPv6 classification in protocol discovery mode, but not in MQC mode.
  • NBAR always reads the next header field in the fixed IPv6 header to determine the transport layer protocol used by the packet's payload for IPv6 packets. If an IPv6 packet contains one or more extension headers, NBAR will not skip to the last IPv6 extension header to read the actual protocol type instead, NBAR classifies the packet as an IPv6 extension header packet.

NBAR Support for IPv6 from Cisco IOS XE Release 3.5S and Later Releases

In Cisco IOS XE Release 3.5S and later releases, NBAR supports the following types of classification:

  • Native IPv6 classification.
  • Classification of IPv6 traffic flows inside tunneled IPv6 over IPv4 and teredo.
  • IPv6 classification in protocol discovery mode and in MQC mode.
  • Static and stateful classification.
  • Flexible NetFlow with NBAR based fields on IPv6.

NBAR supports IPv6 in IPv4 (6to4, 6rd, and ISATAP), and teredo tunneled classification. The ip nbar classification tunneled-traffic command is used to enable the tunneled traffic classification. When the tunneled traffic classification is enabled, NBAR performs an application classification of the IPv6 packets carried inside IPv4 traffic. If the ip nbar classification tunneled-traffic command is disabled, the tunneled IPv6 packets are handled as IPv4 packets.

NBAR supports the capture of IPv6 fields and allows the creation of IPv6 traffic-based flow monitors. When you enable the ipv6 flow monitor command, the monitor is bound to the interface, NBAR classification is applied to the IPv6 traffic type, and Flexible NetFlow captures the application IDs in the IPv6 traffic flow.

NBAR Categorization and Attributes

The NBAR Categorization and Attributes feature provides the mechanism to match protocols or applications based on certain attributes. As there are many protocols and applications, categorizing them into different groups will help with reporting as well as performing group actions, such as applying QoS policies, on them. Attributes are statically assigned to each protocol or application, and they are not dependent on the traffic. The following attributes are available to configure the match criteria using the match protocol attribute command. They are:

  • application-group: The application-group attribute allows the configuration of applications grouped together based on the same networking application as the match criteria. For example, Yahoo-Messenger, Yahoo-VoIP-messenger, and Yahoo-VoIP-over-SIP are grouped together under the yahoo-messenger-group.
  • category: The category attribute allows you to configure applications that are grouped together based on the first level of categorization for each protocol as the match criteria. Similar applications are grouped together under one category. For example, the email category contains all email applications such as, Internet Mail Access Protocol (IMAP), Simple Mail Transfer Protocol (SMTP), Lotus Notes, and so forth.
  • sub-category: The sub-category attribute provides the option to configure applications grouped together based on the second level of categorization for each protocol as the match criteria. For example, clearcase, dbase, rda, mysql and other database applications are grouped under the database group.
  • encrypted: The encrypted attribute provides the option to configure applications grouped together based on whether the protocol is an encrypted protocol or not as the match criteria. Applications are grouped together based on whether they are encrypted and non-encrypted status of the applications. Protocols for which the NBAR does not provide any value are categorized under the unassigned encrypted group.
  • tunnel: The tunnel attribute provides the option to configure protocols based on whether or not a protocol tunnels the traffic of other protocols. Protocols for which the NBAR does not provide any value are categorized under the unassigned tunnel group. For example, Layer 2 Tunneling Protocols (L2TP).

Note
Attribute-based protocol match configuration does not impact the granularity of classification either in reporting or in the protocol discovery information.

How to Configure Attribute-Based Protocol Match

Configuring Attribute-Based Protocol Match

Perform this task to configure the attribute-based protocol match.

SUMMARY STEPS

1.   enable

2.    configure terminal

3.    class-map [type] [match-all | match-any] class-map-name

4.    match protocol attribute application-group application-group [application-name]

5.    match protocol attribute category application-category [application-name]

6.    match protocol attribute encrypted {encrypted-no | encrypted-unassigned | encrypted-yes} [application-name]

7.    match protocol attribute sub-category application-category [application-name]

8.    match protocol attribute tunnel {tunnel-no | tunnel-unassigned | tunnel-yes} [application-name]

9.    end


DETAILED STEPS
Step 1   enable


Example: 
Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.
Step 2   configure terminal


Example: 
Router# configure terminal

Enters global configuration mode.

Step 3   class-map [type] [match-all | match-any] class-map-name


Example: 
Router(config)# class-map cmap1

Creates a class map to be used for matching packets to a specified class and enters class-map configuration mode.

  • Enter the name of the class map.
Step 4   match protocol attribute application-group application-group [application-name]


Example: 
Router(config-cmap)# match protocol attribute application-group skype

Configures the specified application group as the match criterion.

  • (Optional) Use the application-name attribute to configure the application and not the application group as the match criterion. The configuration is saved as match protocol application-name instead of match protocol attribute application-group application-group.
Step 5   match protocol attribute category application-category [application-name]


Example: 
Router(config-cmap)# match protocol attribute category email

Configures the specified category as the match criteria attribute.

  • (Optional) Use the application-name attribute to configure a specific application, and not the application category, as the match criterion. The configuration is saved as match protocol application-name instead of match protocol attribute category application-category.
Step 6   match protocol attribute encrypted {encrypted-no | encrypted-unassigned | encrypted-yes} [application-name]


Example: 
Router(config-cmap)# match protocol attribute encrypted encrypted-yes

Configures the specified encryption status as the match criterion.

  • Enter the encrypted-yes keyword to match all encrypted applications.

or

Enter the encrypted-no keyword to match all nonencrypted applications.

or

Enter the encrypted-unassigned keyword to match all applications that are not assigned any encryption status.

  • (Optional) Use the application-name attribute to configure application within the specified encrypted status as the match criterion. The configuration is saved as match protocol application-name instead of match protocol attribute encrypted {encrypted-no | encrypted-unassigned | encrypted-yes}.
Step 7   match protocol attribute sub-category application-category [application-name]


Example: 
Router(config-cmap)# match protocol attribute sub-category client-server

Configures the specified sub-category as the match criteria attribute.

  • (Optional) Use the application-name attribute to configure a specific application, and not the sub-category, as the match criterion. The configuration is saved as match protocol application-name instead of match protocol attribute sub-category application-category.
Step 8   match protocol attribute tunnel {tunnel-no | tunnel-unassigned | tunnel-yes} [application-name]


Example: 
Router(config-cmap)# match protocol attribute tunnel tunnel-yes

Configures the specified encryption status as the match criterion.

  • Enter the tunnel-no keyword to specify the applications that are not tunneled as the match criterion.

or

Enter the tunnel-unassigned keyword to specify the applications that are unassigned for tunneling as the match criterion.

or

Enter the tunnel-yes keyword to specify the tunneled applications as the match criterion.

  • (Optional) Use the application-name attribute to configure a specific application within the specified tunneling status as the match criterion. The configuration is saved as match protocol application-name instead of match protocol attribute tunnel {tunnel-no | tunnel-unassigned | tunnel-yes}.
Step 9   end


Example: 
Router(config-cmap)# end

Exits class-map configuration mode and returns to privileged EXEC mode.

Configuration Examples for Classifying Network Traffic Using NBAR in Cisco IOS XE Software

Example: Classification of HTTP Traffic Using the HTTP Header Fields

In the following example, any request message that contains "somebody@cisco.com" in the User-Agent, Referer, or From field will be classified by NBAR. Typically, a term with a format similar to "somebody@cisco.com" would be found in the From header field of the HTTP request message. 

class-map match-all class1
 match protocol http from "somebody@cisco.com"

In the following example, any request message that contains "http://www.cisco.com/routers" in the User-Agent, Referer, or From field will be classified by NBAR. Typically, a term with a format similar to "http://www.cisco.com/routers" would be found in the Referer header field of the HTTP request message. 

class-map match-all class2
 match protocol http referer "http://www.cisco.com/routers"

In the following example, any request message that contains "CERN-LineMode/2.15" in the User-Agent, Referer, or From header field will be classified by NBAR. Typically, a term with a format similar to "CERN-LineMode/2.15" would be found in the User-Agent header field of the HTTP request message. 

class-map match-all class3
 match protocol http user-agent "CERN-LineMode/2.15"

In the following example, any response message that contains "CERN/3.0" in the Content-Base (if available), Content-Encoding, Location, or Server header field will be classified by NBAR. Typically, a term with a format similar to "CERN/3.0" would be found in the Server header field of the response message. 

class-map match-all class4
 match protocol http server "CERN/3.0"

In the following example, any response message that contains "http://www.cisco.com/routers" in the Content-Base (if available), Content-Encoding, Location, or Server header field will be classified by NBAR. Typically, a term with a format similar to "http://www.cisco.com/routers" would be found in the Content-Base (if available) or Location header field of the response message. 

class-map match-all class5
 match protocol http location "http://www.cisco.com/routers"

In the following example, any response message that contains "gzip" in the Content-Base (if available), Content-Encoding, Location, or Server header field will be classified by NBAR. Typically, the term "gzip" would be found in the Content-Encoding header field of the response message. 

class-map match-all class6
 match protocol http content-encoding "gzip"

Example: Combinations of Classification of HTTP Headers and URL Host or MIME Type to Identify HTTP Traffic

In the following example, HTTP header fields are combined with a URL to classify traffic. In this example, traffic with a User-Agent field of "CERN-LineMode/3.0" and a Server field of "CERN/3.0," along with URL "www.cisco.com/routers," will be classified using NBAR: 

class-map match-all c-http
 match protocol http user-agent "CERN-LineMode/3.0"
 match protocol http server "CERN/3.0"
 match protocol http url "www.cisco.com/routers"

Example: NBAR and Classification of Custom Protocols and Applications

In the following example, the custom protocol app-sales1 will identify TCP packets that have a source port of 4567 and that contain the term "SALES" in the fifth byte of the payload: 

Router(config)# ip nbar custom app-sales1 5 ascii SALES source tcp 4567

In the following example, the custom protocol virus-home will identify UDP packets that have a destination port of 3000 and that contain "0x56" in the seventh byte of the payload: 

Router(config)# ip nbar custom virus-home 7 hex 0x56 destination udp 3000

In the following example, the custom protocol media_new will identify TCP packets that have a destination or source port of 4500 and that have a value of 90 at the sixth byte of the payload: 

Router(config)# ip nbar custom media_new 6 decimal 90 tcp 4500

In the following example, the custom protocol msn1 will look for TCP packets that have a destination or source port of 6700: 

Router(config)# ip nbar custom msn1 tcp 6700

In the following example, the custom protocol mail_x will look for UDP packets that have a destination port of 8202: 

Router(config)# ip nbar custom mail_x destination udp 8202

In the following example, the custom protocol mail_y will look for UDP packets that have destination ports between 3000 and 4000 inclusive: 

Router(config)# ip nbar custom mail_y destination udp range 3000 4000

Example: NBAR and Classification of Peer-to-Peer File-Sharing Applications

The match protocol gnutella file-transfer regular-expression and match protocol fasttrack file-transfer regular-expression commands are used to enable Gnutella and FastTrack classification in a traffic class. The file-transfer keyword indicates that a regular expression variable will be used to identify specific Gnutella or FastTrack traffic. The regular-expression variable can be expressed as "*" to indicate that all FastTrack or Gnutella traffic be classified by a traffic class.

In the following example, all FastTrack traffic is classified into class map nbar: 

class-map match-all nbar
 match protocol fasttrack file-transfer "*"

Similarly, all Gnutella traffic is classified into class map nbar in the following example: 

class-map match-all nbar
 match protocol gnutella file-transfer "*"

Wildcard characters in a regular expression can also be used to identify specified Gnutella and FastTrack traffic. These regular expression matches can be used to match on the basis of a filename extension or a particular string in a filename.

In the following example, all Gnutella files that have the .mpeg extension will be classified into class map nbar: 

class-map match-all nbar
 match protocol gnutella file-transfer "*.mpeg"

In the following example, only Gnutella traffic that contains the characters "cisco" is classified: 

class-map match-all nbar
 match protocol gnutella file-transfer "*cisco*"

The same examples can be used for FastTrack traffic: 

class-map match-all nbar
 match protocol fasttrack file-transfer "*.mpeg"

or 

class-map match-all nbar
 match protocol fasttrack file-transfer "*cisco*"

Example: Configuring Attribute-Based Protocol Match

The match protocol attributes command is used to configure different attributes as the match criteria for application recognition.

In the following example, the email-related applications category is configured as the match criterion: 

Router# configure terminal
Router(config)# class-map mygroup
Router(config-cmap)# match protocol attribute category email

In the following example, skype-group applications are configured as the match criterion: 

Router# configure terminal
Router(config)# class-map apps
Router(config-cmap)# match protocol attribute application-group skype-group

In the following example, encrypted applications are configured as the match criterion: 

Router# configure terminal
Router(config)# class-map my-class
Router(config-cmap)# match protocol encrypted encrypted-yes

In the following example, Client-server subcategory applications are configured as the match criterion: 

Router# configure terminal
Router(config)# class-map newmap
Router(config-cmap)# match protocol attribute sub-category client-server

In the following example, tunneled applications are configured as the match criterion: 

Router# configure terminal
Router(config)# class-map mygroup
Router(config-cmap)# match protocol attribute tunnel tunnel-yes

The following sample output from the show ip nbar attribute command displays the details of all the attributes: 

Router# show ip nbar attribute 
      Name :  category
      Help :  category attribute
      Type :  group
    Groups :  email, newsgroup, location-based-services, instant-messaging, netg
      Need :  Mandatory
   Default :  other

      Name :  sub-category
      Help :  sub-category attribute
      Type :  group
    Groups :  routing-protocol, terminal, epayement, remote-access-terminal, nen
      Need :  Mandatory
   Default :  other

      Name :  application-group
      Help :  application-group attribute
      Type :  group
    Groups :  skype-group, wap-group, pop3-group, kerberos-group, tftp-group, bp
      Need :  Mandatory
   Default :  other

      Name :  tunnel
      Help :  Tunnelled applications
      Type :  group
    Groups :  tunnel-no, tunnel-yes, tunnel-unassigned
      Need :  Mandatory
   Default :  tunnel-unassigned

      Name :  encrypted
      Help :  Encrypted applications
      Type :  group
    Groups :  encrypted-yes, encrypted-no, encrypted-unassigned
      Need :  Mandatory
   Default :  encrypted-unassigned

The following sample output from the show ip nbar protocol-attribute command displays the details of the protocols: 

Router# show ip nbar protocol-attribute 

           Protocol Name :  ftp
                category :  file-sharing
            sub-category :  client-server
       application-group :  ftp-group
                  tunnel :  tunnel-no
               encrypted :  encrypted-no

           Protocol Name :  http
                category :  browsing
            sub-category :  other
       application-group :  other
                  tunnel :  tunnel-no
               encrypted :  encrypted-no

           Protocol Name :  egp
                category :  net-admin
            sub-category :  routing-protocol
       application-group :  other
                  tunnel :  tunnel-no
               encrypted :  encrypted-no

           Protocol Name :  gre
                category :  net-admin
            sub-category :  tunneling-protocols
       application-group :  other
                  tunnel :  tunnel-yes
               encrypted :  encrypted-no

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

QoS commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples

Cisco IOS Quality of Service Solutions Command Reference

Classifying network traffic if not using NBAR

"Classifying Network Traffic" module

Marking network traffic

"Marking Network Traffic" module

MQC

"Applying QoS Features Using the MQC" module

Protocol Discovery

"Enabling Protocol Discovery" module

Standards

Standard

Title

ISO 0009

File Transfer Protocol (FTP)

ISO 0013

Domain Names - Concepts and Facilities

ISO 0033

The TFTP Protocol (Revision 2)

ISO 0034

Routing Information Protocol

ISO 0053

Post Office Protocol - Version 3

ISO 0056

RIP Version 2

MIBs

MIB

MIBs Link

No new or modified MIBs are supported, and support for existing MIBs has not been modified.

To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFC

Title

RFC 742

NAME/FINGER Protocol

RFC 759

Internet Message Protocol

RFC 768

User Datagram Protocol

RFC 792

Internet Control Message Protocol

RFC 793

Transmission Control Protocol

RFC 821

Simple Mail Transfer Protocol

RFC 827

Exterior Gateway Protocol

RFC 854

Telnet Protocol Specification

RFC 888

"STUB" Exterior Gateway Protocol

RFC 904

Exterior Gateway Protocol Formal Specification

RFC 951

Bootstrap Protocol

RFC 959

File Transfer Protocol

RFC 977

Network News Transfer Protocol

RFC 1001

Protocol Standard for a NetBIOS Service on a TCP/UDP Transport: Concepts and Methods

RFC 1002

Protocol Standard for a NetBIOS Service on a TCP/UDP Transport: Detailed Specifications

RFC 1057

RPC: Remote Procedure Call

RFC 1094

NFS: Network File System Protocol Specification

RFC 1112

Host Extensions for IP Multicasting

RFC 1157

Simple Network Management Protocol

RFC 1282

BSD Rlogin

RFC 1288

The Finger User Information Protocol

RFC 1305

Network Time Protocol

RFC 1350

The TFTP Protocol (Revision 2)

RFC 1436

The Internet Gopher Protocol

RFC 1459

Internet Relay Chat Protocol

RFC 1510

The Kerberos Network Authentication Service

RFC 1542

Clarifications and Extensions for the Bootstrap Protocol

RFC 1579

Firewall-Friendly FTP

RFC 1583

OSPF Version 2

RFC 1657

Definitions of Managed Objects for the Fourth Version of the Border Gateway Protocol

RFC 1701

Generic Routing Encapsulation

RFC 1730

Internet Message Access Protocol--Version 4

RFC 1771

A Border Gateway Protocol 4 (BGP-4)

RFC 1777

Lightweight Directory Access Protocol

RFC 1831

RPC: Remote Procedure Call Protocol Specification Version 2

RFC 1889

A Transport Protocol for Real-Time Applications

RFC 1890

RTP Profile for Audio and Video Conferences with Minimal Control

RFC 1928

SOCKS Protocol Version 5

RFC 1939

Post Office Protocol--Version 3

RFC 1945

Hypertext Transfer Protocol--HTTP/1.0

RFC 1964

The Kerberos Version 5 GSS-API Mechanism

RFC 2045

Multipurpose Internet Mail Extension (MIME) Part One: Format of Internet Message Bodies

RFC 2060

Internet Message Access Protocol--Version 4 rev1

RFC 2068

Hypertext Transfer Protocol--HTTP/1.1

RFC 2131

Dynamic Host Configuration Protocol

RFC 2205

Resource ReSerVation Protocol (RSVP)--Version 1 Functional Specification

RFC 2236

Internet Group Management Protocol, Version 2

RFC 2251

Lightweight Directory Access Protocol (v3)

RFC 2252

Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions

RFC 2253

Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names

RFC 2401

Security Architecture for the Internet Protocol

RFC 2406

IP Encapsulating Security Payload

RFC 2453

RIP Version 2

RFC 2616

Hypertext Transfer Protocol--HTTP/1.1

Note    This RFC updates RFC 2068.

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for Classifying Network Traffic Using NBAR

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 5 Feature Information for Classifying Network Traffic Using NBAR in Cisco IOS XE software

Feature Name

Releases

Feature Information

Additional PDL Support for NBAR

Cisco IOS XE Release 3.1S

The additional PDL Support for NBAR feature provides support for additional PDLs.

The following section provides information about this feature: NBAR and Classification of HTTP Traffic

Enhanced NBAR

Cisco IOS XE Release 3.2S

The Enhanced NBAR feature provides additional PDLs for Cisco IOS XE Release 3.2S.

The following section provides information about this feature: NBAR-Supported Protocols

NBAR Categorization and Attributes

Cisco IOS XE Release 3.4S

The NBAR Categorization and Attributes feature provides the mechanism of matching the protocols grouped under specific categories based on the attributes. These categories are available for Class-Based Policy Language (CPL) as a match criteria for application recognition.

The following section provides information about this feature: NBAR Categorization and Attributes

NBAR Classification Enhancements for IOS-XE3.5

Cisco IOS XE Release 3.5S

The NBAR Classification Enhancements feature provides additional classification support for native IPv6 classification and classification of flows inside tunneled IPv6 over IPv4.

The following section provides information about this feature: NBAR Support for IPv6 from Cisco IOS XE Release 3.5 and Later Releases

The following commands were introduced or modified: ip nbar classification tunneled-traffic, option (FNF).

NBAR PDLM Supported in ASR 1000 Release 2.5

Cisco IOS XE Release 2.5

Cisco IOS XE Release 3.1S

Cisco IOS XE Release 3.3S

This feature was integrated into Cisco IOS XE Release 2.5. NBAR-supported protocols were added for this release.

The following section provides information about this feature: NBAR-Supported Protocols

The following command was modified: match protocol (NBAR).

NBAR Protocols

Cisco IOS XE Release 2.3

This feature was integrated into Cisco IOS XE Release 2.3. NBAR-supported protocols were added for this release.

The following section provides information about this feature: NBAR-Supported Protocols

The following command was modified: match protocol(NBAR).

NBAR Real-time Transport Protocol Payload Classification

Cisco IOS XE Release 2.1

This feature was introduced on Cisco ASR 1000 Series Aggregation Services Routers.

The following section provides information about this feature: NBAR-Supported Protocols

NBAR Static IPv4 IANA Protocols Pack1

Cisco IOS XE Release 3.1S

This feature was introduced on Cisco ASR 1000 Series Aggregation Services Routers.

The following section provides information about this feature: NBAR-Supported Protocols

NBAR VRF aware

Cisco IOS XE Release 3.3S

This feature was introduced on Cisco ASR 1000 Series Aggregation Services Routers.

The following section provides information about this feature: NBAR Scalability

Glossary

Encryption--Encryption is the application of a specific algorithm to data so as to alter the appearance of the data, making it incomprehensible to those who are not authorized to see the information.

HTTP --Hypertext Transfer Protocol. The protocol used by web browsers and web servers to transfer files, such as text and graphic files.

IANA --Internet Assigned Numbers Authority. An organization operated under the auspices of the Internet Society (ISOC) as a part of the Internet Architecture Board (IAB). IANA delegates authority for IP address-space allocation and domain-name assignment to the InterNIC and other organizations. IANA also maintains a database of assigned protocol identifiers used in the TCP/IP stack, including autonomous system numbers.

LAN --Local-area network. A high-speed, low-error data network that covers a relatively small geographic area (up to a few thousand meters). LANs connect workstations, peripherals, terminals, and other devices in a single building or other geographically limited area. LAN standards specify cabling and signaling at the physical and data link layers of the Open System Interconnection (OSI) model. Ethernet, FDDI, and Token Ring are widely used LAN technologies.

MIME --Multipurpose Internet Mail Extension. The standard for transmitting nontext data (or data that cannot be represented in plain ASCII code) in Internet mail, such as binary, foreign language text (such as Russian or Chinese), audio, and video data. MIME is defined in RFC 2045, Multipurpose Internet Mail Extension (MIME) Part One: Format of Internet Message Bodies .

MPLS --Multiprotocol Label Switching. A switching method that forwards IP traffic using a label. This label instructs the routers and the switches in the network where to forward the packets based on preestablished IP routing information.

MQC --Modular quality of service command-line interface. A CLI that allows you to define traffic classes, create and configure traffic policies (policy maps), and then attach the policy maps to interfaces. Policy maps are used to apply the appropriate quality of service (QoS) to network traffic.

Protocol Discovery --A feature included with NBAR. Protocol Discovery provides a way to discover the application protocols that are operating on an interface.

QoS --Quality of service. A measure of performance for a transmission system that reflects its transmission quality and service availability.

RTCP --RTP Control Protocol. A protocol that monitors the QoS of an IPv6 Real-Time Transport Protocol (RTP) connection and conveys information about the ongoing session.

Stateful protocol --A protocol that uses TCP and UDP port numbers that are determined at connection time.

Static protocol --A protocol that uses well-defined (predetermined) TCP and UDP ports for communication.

Subport classification --The classification of network traffic by information that is contained in the packet payload, that is, information found beyond the TCP or UDP port number.

TCP --Transmission Control Protocol. A connection-oriented transport layer protocol that provides reliable full-duplex data transmission. TCP is part of the TCP/IP protocol stack.

Tunneling --Tunneling is an architecture that is designed to provide the services necessary to implement any standard point-to-point encapsulation scheme.

UDP --User Datagram Protocol. A connectionless transport layer protocol in the TCP /IP protocol stack. UDP is a simple protocol that exchanges datagrams without acknowledgments or guaranteed delivery, requiring that error processing and retransmission be handled by other protocols. UDP is defined in RFC 768, User Datagram Protocol .

WAN --Wide-area network. A data communications network that serves users across a broad geographic area and often uses transmission devices provided by common carriers.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

1 For Cisco IOS XE Release 2.5, Cisco supports Exchange 03 and 07 only. MS client access is recognized, but web client access is not recognized.
2 Cisco software supports Skype 1.0, 2.5, 3.0, and 4.0. In Skype 4.0, the classification may not be complete.
3 BitTorrent classifies only unencrypted traffic.
4 eDonkey classifies only unencrypted traffic.
5 AOL-Protocol classifies traffic shared between ICQ and AOL clients.
© 2011 Cisco Systems, Inc. All rights reserved.