-
Notifications
You must be signed in to change notification settings - Fork 60
SupportedCategories
Shane Alcock edited this page Nov 12, 2020
·
5 revisions
Each application protocol recognised by libprotoident is also assigned to a category. Categories are used to broadly describe the purpose or use of an application protocol, so that multiple protocols that serve a similar purpose can be grouped together during analysis.
For instance, if you were interested in the amount of P2P traffic on your network, you could simply track traffic that matched the P2P category rather than having to track each P2P protocol explicitly. This also means that if we were to add new P2P protocols to libprotoident, your analysis code would not need to change at all to include those new protocols in your counters.
Category Name | Enumerated Type | Description | Example Protocol |
---|---|---|---|
Anti-spam | LPI_CATEGORY_ANTISPAM | Anti-spam software updates | Razor |
Broadcast | LPI_CATEGORY_BROADCAST | Protocols that are broadcast throughout the local network to discover services | Steam Local Broadcast |
CDN | LPI_CATEGORY_CDN | Protocols used to manage and maintain Content Delivery Networks | Akamai Bulk Transfer |
Chat | LPI_CATEGORY_CHAT | Instant messaging and chatrooms | MSN |
Cloud | LPI_CATEGORY_CLOUD | Cloud service protocols | Wuala |
Databases | LPI_CATEGORY_DATABASES | Database remote access protocols | MySQL |
E-commerce | LPI_CATEGORY_ECOMMERCE | Financial transaction protocols | TIP |
Educational | LPI_CATEGORY_EDUCATIONAL | Protocols for applications used as educational tools | ClassIn |
Encrypted | LPI_CATEGORY_ENCRYPT | Encrypted traffic which does not fall into another category | SSL / TLS |
Files | LPI_CATEGORY_FILES | Non-P2P file transfer protocols | FTP Data |
Gaming | LPI_CATEGORY_GAMING | Game protocols | HalfLife |
ICMP | LPI_CATEGORY_ICMP | All ICMP traffic | ICMP |
Industrial Control Systems | LPI_CATEGORY_ICS | Protocols used by Industrial Control Systems | CIP I/O |
IP Cameras | LPI_CATEGORY_IPCAMERAS | Remote surveillance over IP | Foscam |
Key Exchange | LPI_CATEGORY_KEY_EXCHANGE | Protocols for exchanging and managing cryptographic keys | ISAKMP |
Location | LPI_CATEGORY_LOCATION | Protocols for determining or sharing the location of a device | SUPL |
Logging | LPI_CATEGORY_LOGGING | Protocols for sending log messages to remote hosts | Syslog |
LPI_CATEGORY_MAIL | Email protocols | SMTP | |
Malware | LPI_CATEGORY_MALWARE | Viruses, trojans and other malware | Opaserv |
Message Queue | LPI_CATEGORY_MESSAGE_QUEUE | Protocols used by message queuing brokers | NSQ |
Mixed | LPI_CATEGORY_MIXED | Traffic that combines a request from one protocol with the response from another | Invalid BitTorrent |
Monitoring | LPI_CATEGORY_MONITORING | Network measurement and monitoring protocols | Traceroute |
NAT Traversal | LPI_CATEGORY_NAT | NAT traversal and hole punching protocols | STUN |
News | LPI_CATEGORY_NEWS | Newsgroups | NNTP |
Notification | LPI_CATEGORY_NOTIFICATION | Protocols used to push notifications to (especially mobile) users | Apple Push Notifications |
P2P | LPI_CATEGORY_P2P | Peer to peer file sharing and network maintenance protocols | BitTorrent |
P2P Television | LPI_CATEGORY_P2PTV | Peer-to-peer streaming | PPLive |
Printing | LPI_CATEGORY_PRINTING | Networked printing | BJNP |
Remote Access | LPI_CATEGORY_REMOTE | Remote access and log-in protocols | SSH |
Revision Control | LPI_CATEGORY_RCS | Custom protocols used by revision control systems | SVN |
Security | LPI_CATEGORY_SECURITY | Updates for anti-virus, firewalls and other protection software | Norton |
Serialisation | LPI_CATEGORY_SERIALISATION | Protocols for serialising programming data structures | Java Object Serialisation |
Services | LPI_CATEGORY_SERVICES | Standard Internet services | DNS |
Streaming | LPI_CATEGORY_STREAMING | Protocols used by non-P2P streaming applications | RTSP |
Telecommunications | LPI_CATEGORY_TELCO | Telecommunication services (aside from VOIP) | Message4U |
Translation | LPI_CATEGORY_TRANSLATION | Language translation software | Youdao Dictionary |
Tunnelling | LPI_CATEGORY_TUNNELLING | Protocols used to tunnel a protocol within another | Teredo |
VOIP | LPI_CATEGORY_VOIP | Voice chat and Internet telephony protocols | Skype |
Web | LPI_CATEGORY_WEB | Web browsing protocols | HTTP |