Closed mattgagliardi closed 3 years ago
I'm also interested in that as I used ndpi and its does application identification. (different to a port). Would love to have a parameter to add ndpi. Here is a sample
ID ShortDesp Category
0 Unknown Other
1 FTP FileService
2 POP Mail
3 SMTP Mail
4 IMAP Mail
5 DNS NetMan
6 IPP Netman
7 HTTP HTTP
8 MDNS NetMan
9 NTP NetMan
10 NETBIOS NetMan
11 NFS FileService
12 SSDP NetMan
13 BGP NetMan
14 SNMP NetMan
15 XDMCP RemoteLogin
16 SMB FileService
17 SYSLOG NetMan
18 DHCP NetMan
19 PostgreSQL Database
20 MySQL Database
21 TDS FileService
22 DirectDownloadLink FileService
23 I23V5 Other
24 AppleJuice P2P
25 DirectConnect P2P
26 Socrates P2P
27 WinMX P2P
28 VMware Other
29 PANDO P2P
30 Filetopia FileService
31 iMESH P2P
32 Kontiki P2P
33 OpenFT P2P
34 KazaaFasttrack P2P
35 Gnutella P2P
36 eDonkey P2P
37 Bittorrent P2P
38 OFF Other
39 AVI Streaming
40 Flash Streaming
41 OGG Streaming
42 MPEG Streaming
43 QuickTime Streaming
44 RealMedia Streaming
45 Windowsmedia Streaming
46 MMS Streaming
47 XBOX Gaming
48 QQ IM
49 MOVE Streaming
50 RTSP Streaming
51 Feidian Streaming
52 Icecast Streaming
53 PPLive Streaming
54 PPStream Streaming
55 Zattoo Streaming
56 SHOUTCast Streaming
57 SopCast Streaming
58 TVAnts Streaming
59 TVUplayer Streaming
60 VeohTV Streaming
61 QQLive Streaming
62 Thunder P2P
63 Soulseek P2P
64 GaduGadu IM
65 IRC IM
66 Popo IM
67 Jabber IM
68 MSN IM
69 Oscar IM
70 Yahoo IM
71 Battlefield Gaming
72 Quake Gaming
73 VRRP NetMan
74 Steam Gaming
75 Halflife2 Gaming
76 WorldofWarcraft Gaming
77 Telnet RemoteLogin
78 STUN NetMan
79 IPSEC NetMan
80 GRE NetMan
81 ICMP NetMan
82 IGMP NetMan
83 EGP NetMan
84 SCTP NetMan
85 OSPF NetMan
86 IPinIP NetMan
87 RTP NetMan
88 RDP RemoteLogin
89 VNC RemoteLogin
90 PCAnywhere RemoteLogin
91 SSL NetMan
92 SSH RemoteLogin
93 USENET News
94 MGCP NetMan
95 IAX VoIP
96 TFTP FileService
97 AFP FileService
98 StealthNet P2P
99 Aimini Streaming
100 SIP IM
101 Truphone IM
102 ICMPv6 NetMan
103 DHCPv6 NetMan
104 Armagetron Gaming
105 CrossFire Gaming
106 Dofus Gaming
107 Fiesta Gaming
108 Florensia Gaming
109 Guildwars Gaming
110 HTTPApplicationActiveSync NetMan
111 Kerberos Authentication
112 LDAP Authentication
113 MapleStory Gaming
114 msSQL Database
115 PPTP Privacy
116 WARCRAFT3 Gaming
117 WorldofKungFu Gaming
118 MEEBO Social
119 FaceBook Social
120 Twitter Social
121 DropBox FileService
122 Gmail Mail
123 GoogleMaps Maps
124 YouTube Streaming
125 Skype IM
126 Google Google
127 DCERPC NetMan
128 NetFlowIPFIX NetMan
129 sFlow NetMan
130 HTTPConnect HTTP
131 HTTPProxy HTTP
132 Citrix IM
133 Netflix Streaming
134 LastFM Streaming
135 GrooveShark Streaming
136 SkyfilePrepaid Streaming
137 SkyfileRudics Streaming
138 SkyfilePostpaid Streaming
139 CitrixOnline IM
140 Apple IM
141 Webex IM
142 WhatsApp IM
143 AppleiCloud FileService
144 Viber IM
145 AppleiTunes Streaming
146 Radius Authentication
147 WindowsUpdate Update
148 TeamViewer IM
149 Tuenti Social
150 LotusNotes IM
151 SAP NetMan
152 GTP NetMan
153 UPnP NetMan
154 LLMNR NetMan
155 RemoteScan NetMan
156 Spotify Streaming
157 WebM Streaming
158 H323 Streaming
159 OpenVPN Privacy
160 NOE Streaming
161 CiscoVPN Privacy
162 TeamSpeak IM
163 Tor Privacy
164 CiscoSkinny IM
165 RTCP NetMan
166 RSYNC FileService
167 Oracle Database
168 Corba NetMan
169 UbuntuONE FileService
In v4.0.0 there will be a new file applications.yml
where you can specify an application by IP address and port number. For example...
"192.0.2.1:5601": "kibana"
"192.0.2.2:9092": "kafka"
Apologies if this isn’t the place to ask but I’m new to Github and don’t know all the community standards yet.
Is defining a custom service/application as simple as adding it to the appropriate dictionary file? For example if I have a service listening on TCP3003 can I just add that to iana_service_names_tcp.yml? It looks like that’d do it but I figured I’d ask first.
TIA!