DPI/L7 Extracted Fields
Revised: April 8, 2013, OL-29170-02
Table C-1 describes deep packet inspection (DPI)/L7 extracted fields and the CLI used to retrieve the value of the fields.
Table C-1 AVC DPI/L7 Extracted Fields
|
|
|
Application ID EngID Sel ID
|
|
|
|
|
httpUrl |
3.7 |
String |
3 |
80 |
13313 |
URL extracted from the HTTP transaction. The URL is required per transaction. |
NBAR |
collect application http url |
httpHostName |
3.7 |
String |
3 |
80 |
13314 |
Host Name extracted from the HTTP transaction. The URL is required per transaction. |
NBAR |
collect application http host |
httpUserAgent |
3.7 |
String |
3 |
80 |
13315 |
User agent field extracted from the HTTP transaction. |
NBAR |
collect application http user-agent |
httpReferer |
3.7 |
String |
3 |
80 |
13316 |
REFERER extracted from the HTTP transaction. |
NBAR |
collect application http referer |
rtspHostName |
3.7 |
String |
3 |
554 |
13313 |
RTSP host name extracted from the RTSP transaction. |
NBAR |
collect application rtsp host-name |
smtpServer |
3.7 |
String |
3 |
25 |
13313 |
Server name extracted from an SMTP transaction. |
NBAR |
collect application smtp server |
smtpSender |
3.7 |
String |
3 |
25 |
13314 |
Sender name extracted from an SMTP transaction. |
NBAR |
collect application smtp sender |
pop3Server |
3.7 |
String |
3 |
110 |
13313 |
Server name extracted from a POP3 transaction. |
NBAR |
collect application pop3 server |
nntpGroupName |
3.7 |
String |
3 |
119 |
13313 |
Group name extracted from an NNTP transaction. |
NBAR |
collect application nntp group-name |
sipSrcDomain |
3.7 |
String |
3 |
5060 |
13314 |
Source domain extracted from a SIP transaction. |
NBAR |
collect application sip source |
sipDstDomain |
3.7 |
String |
3 |
5060 |
13313 |
Destination domain extracted from a SIP transaction. |
NBAR |
collect application sip destination |
Notes
•Beginning with IOS XE release 3.7, the fields are exported using the field subApplicationValue (ID=45003). The field is encoded as {applicationID (4B), subApplicationID (2B), Value (Variable Len)} merged together. If the field is not observed, the size of the field is 6 and includes only applicationTag and subApplicationTag.
•The sub-application-table option template maps the extracted field ID to name and description, as follows:
–Extracted field ID: subApplicationTag (ID=97)
–Name: subApplicationName (ID=109)
–Description: subApplicationDesc (ID=110)
•All HTTP-based applications, such as YouTube, SharePoint, and so on, use the same sub-application ID, defined by the subApplicationID, as defined by the HTTP application.