Netstat protocols

Supported Netstat protocols lists the supported protocols for Netstat protocol connection activity events. The table also specifies which protocols are in the default
Protocols to record
list in the
SEPM
Controller configuration settings.
Supported Netstat protocols
Protocol
ID
Supported
Default
Description
ADB
478
No
CIM for Android debugging bridge
AH
51
Yes
IPSec uses two distinct protocols: Authentication Header (AH) and Encapsulating Security Payload (ESP)
APPLICATION_MSCRYSTALREPORTS
318
Yes
MIME type : Microsoft Crystal Report
APPLICATION_MSEXCEL
310
Yes
Content identification : Microsoft Excel
APPLICATION_MSI
398
Yes
Content identification : Microsoft installer file
APPLICATION_MSOFFICE
265
Yes
File type : Microsoft Office, compound type
APPLICATION_MSP
417
Yes
Content identification : Microsoft Installer Patch file
APPLICATION_MSPOWERPOINT
311
Yes
Yes
Content identification : Microsoft PowerPoint
APPLICATION_MSPUBLISHER
312
Yes
Yes
application/x-mspublisher : Microsoft Publisher
APPLICATION_MSVISIO
313
Yes
Yes
application/"vnd.visio\x-visio" : Microsoft Visio
APPLICATION_MSWORD
309
Yes
application/msword : Microsoft WORD
APPLICATION_MSWORKS
323
Yes
Yes
application/vnd.ms-works : Microsoft WORKS
APPLICATION_OGG_VORBIS
336
Yes
Content identification : OGG Vorbis
APPLICATION_PDF
277
Yes
Yes
Content identification : PDF
APPLICATION_POSTSCRIPT
276
Yes
Yes
Content identification : Post script
APPLICATION_PROJECT
361
Yes
Application protocol - Microsoft Project
APPLICATION_RTF
275
Yes
Yes
Rich text format
APPLICATION_X86_DOS
396
Yes
Content identification : 32-bit DOS binary
APPLICATION_X86_WIN_16
392
Yes
Content identification : 16-bit Windows binary
APPLICATION_X86_WIN_32
267
Yes
Content identification : 32-bit Windows binary
ATL_STREAM
405
Yes
Active Template Library and Vulnerable Variant Types VT_EMPTY VT_DISPATCH VT_CLSID VT_RECORD Array of the VT_UI1 unsigned char
AUDIO_AVI
410
Yes
Content identification : Audio AVI
AUDIO_IT
413
Yes
Content identification : Impulse tracker for audio
AUDIO_MIDI
419
Yes
Content identification : MIDI
AUDIO_RIFF_QCP
708
Yes
Content identification : RIFF QCP (QCP to provide ring tones based on RIFF)
AUDIO_RIFF_WAV
325
Yes
Content identification : RIFF WAV
BGP
259
Yes
Border gateway protocol : Routing protocol
BINARY_NULL
333
Yes
Special case of NOMATCH, NDC ignores this as enough of the beginning of the flow was NULL
BOX_FILE_UPLOAD
462
No
Not supported
BT_HTTP_TRACKER
465
Yes
Yes
Bittorrent HTTP tracker protocol
BT_UDP_TRACKER
467
Yes
Yes
Bittorrent UDP tracker protocol
DCOM
382
Yes
Distributed Component Object Model used for communication between software components on networked computers. Proprietary Microsoft.
DLL_X86_WIN_16
393
Yes
DLL on Windows 16-bit
DLL_X86_WIN_32
394
Yes
DLL on Windows 32-bit
DNS
258
Yes
Yes
The Domain Network System (DNS) protocol that translates domains to the numerical IP addresses
DSI
403
Yes
Data Stream Interface - session layer protocol which implemented directly into AFP clients, such as in Mac OS
EDONKEY
370
Yes
p2p file sharing
EMULE
371
Yes
p2p file sharing
ENCAPSULATED_POSTSCRIPT
408
Yes
Self-contained postscript document that describes an image or drawing
ESP
50
Yes
Encapsulated Security Protocol within IPSec for providing authentication, integrity, and confidentiality of payloads in IPv4/IPv6 networks
FACEBOOK
700
No
Not supported
FACEBOOK_IM
701
No
Not supported
FACEBOOK_MAIL
702
No
Not supported
FASTTRACK_GROKSTER
374
Yes
p2p file sharing using Fasttrack protocol
FASTTRACK_IMESH
375
Yes
p2p file sharing using Fasttrack protocol
FASTTRACK_KAZAA
373
Yes
p2p file sharing using Fasttrack protocol
FILE_7Z
429
Yes
Yes
Content identification : 7Z
FILE_APK
469
Yes
Content identification : APK
FILE_ASF
317
Yes
Content identification : ASF - a popular video and audio container format
FILE_ASX
339
Yes
Content identification : ASX
FILE_AUDIO_RIFF_BEATBPRO
355
Yes
Content identification : RIFF BeatBPro
FILE_BASE64_PE
477
Yes
Content identification : base 64 PE file
FILE_BZIP2
431
Yes
Yes
Content identification : BZIP2
FILE_CAB
418
Yes
Yes
Content identification : CAB
FILE_CRX
421
Yes
Content identification - CRX file format
FILE_DEX
441
Yes
Content identification : DEX format
FILE_DLL_WIN_PE_X64
445
Yes
Content identification - DLL Windows PE 64-bit file
FILE_DNSLINT
487
Yes
Content identification : DNSLint utility
FILE_EICAR_AV_TEST
434
Yes
Content identification : EICAR AV Test file for testing AV
FILE_EOT
423
Yes
Content identification - Embedded OpenType fonts are compact fonts designed for use as embedded fonts on web pages by Microsoft
FILE_EXE_ELF
446
Yes
Content identification : EXE in ELF format
FILE_EXE_OS2_LX_X86
442
Yes
Content identification - OS/2 32-bit Linear Executable. These can only be run by OS/2 2.0 and higher.
FILE_EXE_OSX_MACH_O_X32
448
Yes
Content identification : OSX Mach-O executable format (x86)
FILE_EXE_OSX_MACH_O_X64
447
Yes
Content identification : OSX Mach-O executable format (x64)
FILE_EXE_OSX_UNIVERSAL
449
Yes
Content identification : OSX Mach-O executable format
FILE_EXE_WIN_PE_X64
444
Yes
Content identification - Windows PE x64
FILE_GZIP
430
Yes
Yes
Content identification : GZIP
FILE_HHP
364
Yes
Content identification : Microsoft Workshop help hhp file
FILE_HTA
718
Yes
Content identification : HTML application
FILE_IPA
470
Yes
Content identification : (iOS App Store Package) file is an iOS application archive file which stores an iOS app
FILE_IPA_PLIST
481
Yes
Content identification : "properties file," used by Mac OS applications
FILE_JAVA_CLASS
343
Yes
Content identification : Sun JAVA class file
FILE_JNLP
351
Yes
Content identification : Java Network Launch Protocol file
FILE_JS
714
Yes
Yes
HTTP payloads with content type Javascript
FILE_JSE
717
Yes
Content identification : JS encoded
FILE_M3U
338
Yes
Content identification : An M3U file is a media playlist file
FILE_MP3
346
Yes
Content identification : An MP3 file is an audio file saved in a compressed audio format
FILE_MSLINK
704
Yes
Content identification : MSLink
FILE_MXF
485
Yes
Content identification : Material Exchange Format File
FILE_OTF
706
Yes
Content identification : An OTF file is a font file saved in the OpenType format
FILE_PE_OBJECT
443
Yes
Content identification - PE object file
FILE_PLS
341
Yes
Yes
Content identification : (Apple iTunes) playlist
FILE_POWERSHELL_SCRIPT
473
Yes
Content identification - PowerShell script
FILE_PY
719
Yes
Yes
Content identification : program file or script written in Python
FILE_RAR
354
Yes
Yes
Content identification : RAR file is an archive that contains one or more files compressed with RAR compression
FILE_RATING
345
Yes
Content identification : Rating File - aka Rat file. http://www.w3.org/TR/REC-PICS-services
FILE_RMF
705
Yes
Content identification : Audio file created in the Rich Music Format
FILE_SAMI
337
Yes
Content identification : Microsoft Synchronized Accessible Media Interchange. http://msdn2.microsoft.com/en-us/library/ms971327.aspx
FILE_SERIALIZED_OBJECT
416
Yes
Content identification : Serialized object java class file
FILE_SHELL_SCRIPT
712
Yes
Yes
Content identification : Shell Script
FILE_SMIL
334
Yes
Content identification : Multimedia presentation written in the Synchronized Multimedia Integration Language
FILE_SONICWALL_RCF
329
Yes
Content identification : configuration file used by SoniCWALL Global VPN Client
FILE_TAR
342
Yes
Yes
Content identification : Tar archive created by tar, a Unix-based utility used to package files together
FILE_TORRENT
356
Yes
Yes
Content identification : a TORRENT file is a file used by BitTorrent, a peer-to-peer (P2P) file sharing program
FILE_TTF
435
Yes
Content identification : a TTF file is a font file format
FILE_VBS
721
Yes
Yes
Content identification : Virtual basic script written in the VBScript scripting language
FILE_VCALENDAR
327
Yes
Content identification : vCalendar format file
FILE_VMWARE_VMDK
436
Yes
Content identification : virtual disk that stores the contents of a VMware virtual machine hard disk
FILE_VMWARE_VMDK_DATA
437
Yes
Content identification : VMDK data
FILE_VMWARE_VMDK_ESX_DATA
438
Yes
Content identification : VMDK ESX data
FILE_VMWARE_VMSN_SNAPSHOT
439
Yes
Content identification : snapshot state file which stores the running state of a virtual machine
FILE_WASM
475
Yes
Content identification : web assembly file
FILE_WIM
433
Yes
Content identification : WIM is a file-based disk image format
FILE_WPD
397
Yes
Content identification : WordPerfect screen driver or document
FILE_WSH
720
Yes
Content identification : Windows Script Host (WSH) is an automation technology for Microsoft Windows operating systems that provides scripting abilities
FILE_XML_SOAP_ENV
476
Yes
Content identification : SOAP Envelope
FILE_XML_WSDL_SOAP
474
Yes
Content identification : Web Service Description Language is an XML based definition language used for describing the functionality of a SOAP-based web service
FILE_XML_XDP
451
Yes
Content identification : XML file created in the XML Data Package format, which is a file format developed by Adobe Systems for packaging PDF data into XML files
FILE_XML_XSL
480
Yes
Content identification : XSL defines the style of text, tables, and other objects within a XML document
FILE_XZ
432
Yes
Yes
Content identification : XZ file format - archive compressed using XZ compression
FILE_ZIP
353
Yes
Yes
Content identification : ZIP file format
FINGER
260
Yes
Yes
Finger protocol to gather user information
FTP
261
Yes
Yes
File transfer protocol
FTP_DATA
262
Yes
Yes
FTP data
GHOST_RAT_DATA
385
Yes
Yes
Remote access Trojan data
GHOST_RAT_HEADER
384
Yes
Yes
Remote access Trojan header
GMAIL_ATTACHMENT_DOWNLOAD
457
No
Not supported
GMAIL_ATTACHMENT_UPLOAD
456
No
Not supported
GMAIL_LOGIN
454
No
Not supported
GMAIL_LOGOUT
455
No
Not supported
GOOGLE_FIBER_SPEEDTEST
482
Yes
HTTP GOOGLE_FIBER_SPEEDTEST payload protocol
GOPHER
263
Yes
Application layer protocol designed for distributing, searching, and retrieving documents
GRE
47
Yes
Generic Routing Encapsulation is a tunneling protocol developed by Cisco Systems
HOTMAIL
703
No
Not supported
HSRP
278
Yes
Hot Standby Router Protocol is a Cisco proprietary redundancy protocol for establishing a fault-tolerant default gateway
HTML
266
Yes
Yes
Content identification : Hypertext Markup Language
HTML_APPLET_TAG
427
Yes
The <applet> element was used to add Java applets to an HTML document
HTML_CONTAINER
330
Yes
HTML container
HTML_CSS_BLOCK
335
Yes
Yes
HTML CSS block detected
HTML_EMBED_TAG
428
Yes
The <embed> tag defines a container for an external application or interactive content
HTML_OBJECT_TAG
332
Yes
HTML object tag detected
HTML_SCRIPT_BLOCK
331
Yes
Yes
HTML script block detected
HTTP
256
Yes
Yes
Hypertext Transfer Protocol (HTTP) is the underlying protocol used by the World Wide Web and defines how messages are formatted and transmitted and what actions need to be taken by Web servers and Web browsers
HTTP_FORM_URLENCODED
471
Yes
application/x-www-form-urlencoded : the default content type generally used for sending ASCII text
HTTP_UNKNOWN_PAYLOAD
709
Yes
Inbound flow known as a web server
HTTP2
279
Yes
Yes
HTTP/2 is a major revision of HTTP and is based on SPDY protocol developed by Google
ICAP
450
Yes
Internet Content Adaptation Protocol - ICAP rfc3507 : a protocol that provides simple object-based content vectoring for HTTP services
ICMP
1
Yes
Yes
Internet Control Message Protocol : used to provide error and operational information
ICMP_DATA
391
Yes
Yes
Data part of ICMP
ICMPV6
58
Yes
Yes
Internet control message protocol for IPv6 : used to provide error and operational information
ICMPV6_DATA
711
Yes
Yes
Data part of ICMPv6
IDENT
280
No
The Ident Protocol (Identification Protocol, Ident), specified in RFC 1413
IGMP
2
Yes
Yes
Internet Group Management Protocol (IGMP) is a communications protocol used by hosts and adjacent routers on IPv4 networks to establish multicast group memberships
IMAGE_ANI
324
Yes
Yes
Content identification : image - ANI
IMAGE_BMP
274
Yes
Yes
Content identification : image - BMP
IMAGE_EMF
344
Yes
Content identification : image - EMF
IMAGE_GIF
268
Yes
Yes
Content identification : image - GIF
IMAGE_ICO
272
Yes
Yes
Content identification : image - ICO
IMAGE_JBIG2
376
Yes
Content identification : image - JBIG2
IMAGE_JPEG
257
Yes
Yes
Content identification : image - JPEG
IMAGE_PNG
270
Yes
Yes
Content identification : image - PNG
IMAGE_PSP
710
Yes
Content identification : image - PSP
IMAGE_QUICKTIME
328
Yes
Content identification : image - QuickTime
IMAGE_RGB
273
Yes
Content identification : image - RGB
IMAGE_TIFF
269
Yes
Yes
Content identification : image - TIFF
IMAGE_WMF
316
Yes
Yes
Content identification : image - WMF
IMAGE_XPM
271
Yes
Content identification : image - XPM
IMAP
281
Yes
Yes
Internet Message Access Protocol (IMAP) is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection
(TCP port 143)
IMAP3
282
Yes
IMAP3 (port 220)
IPV4
4
Yes
Internet protocol version 4
IPV6
41
Yes
Internet protocol version 6
IRC
283
Yes
Yes
Internet Relay Chat (IRC) is an application layer protocol that facilitates communication in the form of text (RFC 1459)
ISAKMP
307
Yes
Yes
Internet Security Association and Key Management Protocol is a protocol defined by RFC 2408 for establishing Security Associations (SA) and cryptographic keys in an Internet environment
JRMI
479
Yes
Java Remote Method Invocation (Java RMI) is a Java API that performs remote method invocation
JSON
472
Yes
Content identification : based on content type application/JSON
KERBEROS
284
Yes
Yes
Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography
LDAP
285
Yes
Yes
Lightweight Directory Access Protocol is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services and runs over TCP/IP or other connection-oriented transfer services
LDMS
484
Yes
LanDesk Management Suite
MAPSERVER_MAP
320
Yes
MapServer is an open-source development environment for building spatially enabled Internet applications.
MDNS
350
Yes
Yes
Multicast DNS (mDNS) protocol resolves host names to IP addresses within small networks that do not include a local name server
MIME_RFC822
414
Yes
Multipurpose Internet Mail Extensions is an Internet standard that extends the format of email : RFC 822
MSMQ
386
Yes
Yes
Microsoft Message Queuing or MSMQ is a message queue implementation, which is essentially a messaging protocol that allows applications running on separate servers/processes to communicate in a failsafe manner (based on TCP port 1801)
MSMQ_DISCOVERY
387
Yes
MSMQ multicast server discovery broadcast (UDP port 1801)
MSMQ_PING
388
Yes
MSMQ internal ping mechanism (UDP port 3527)
MSN_MESSENGER
360
No
Not supported
MSRPC
378
Yes
Yes
Microsoft Remote Procedure Call, also known as a function call or a subroutine call, is a protocol that uses the client-server model in order to allow one program to request service from a program on another computer without having to understand the details of that computer's network
MSRPC_CL
379
Yes
MSRPC Connection Less
MSRPC_DATA
380
Yes
MSRPC Data
MSRPC_UNPARSED
383
Yes
Unparsed MSRPC traffic
MSSQL
286
Yes
Yes
MS SQL communication to port 1433 (login or query packets) TCP
MSSQL_RESOLVER
287
Yes
Yes
MS SQL resolver : UDP port 1434
MYSQL
404
Yes
Yes
Connection to MySQL server (from TCP port 3306)
NATS
713
Yes
Yes
NATS is an open-source, cloud-native messaging system written in GO that is detected in both client and server bound directions
NBT
377
No
Temporary -- to be replaced with NBT(TYPE) (like NBTSS) eventually
NBTSS
288
Yes
Yes
NetBIOS (network Basic Input Output system) over TCP/IP, which is the session service hosted on port 139 (connection-oriented)
NBTSS_DATA
407
Yes
NBTSS data transmission
NETBIOS_DCE_PM
289
Yes
Yes
NetBIOS RPC endpoint mapper (TCP/UDP port 135)
NETBIOS_DGM
291
Yes
Yes
NETBIOS datagram service (TCP/UDP port 138)
NETBIOS_NS
290
Yes
Yes
NETBIOS name service (TCP/UDP port 137)
NFC_DOMAIN_LIST_VERIFIER
8096
Yes
NDC for Canary
NNTP
293
Yes
The Network News Transfer Protocol (NNTP) is an application protocol used for transporting Usenet news articles TCP port 119
NO_SIGS
409
No
Used by the engine to change the actual Content Definition to THIS value to bypass signature detection of a particular content definition
NOMATCH
399
No
NDC internal
NOPSLED
402
No
NOP Sled : stream begins with 20 or more NOPs
NTP
294
Yes
Yes
Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks
ONC_PM
295
Yes
Port mapper (rpc.portmap or just portmap, or rpcbind) is an Open Network Computing Remote Procedure Call (ONC RPC) service that runs on network nodes that provide other ONC RPC services
OOKLA_SPEEDTEST
715
Yes
Identifies speed test traffic from OOKLA
OSCAR
369
Yes
Open System for Communication in Realtime an AOL's proprietary instant messaging and presence information protocol and used by AIM and ICQ
OUTLOOK_COM_LOGIN
458
No
Not supported
OUTLOOK_COM_LOGOUT
459
No
Not supported
OVERNET
314
Yes
Overnet was a decentralized peer-to-peer computer network, usually used for sharing large files
OVERNET_ENCRYPTED
326
Yes
Overnet was a decentralized peer-to-peer computer network, usually used for sharing large files (encrypted)
P2P_BITTORRENT
452
Yes
Yes
BitTorrent is a communication protocol for peer-to-peer file sharing which is used to distribute data and electronic files over the Internet
P2P_SHAREIT
464
No
SHAREit is an application protocol to transfer files, which is currently disabled
P2P_SUPERBEAM
466
No
SuperBeam is a file sharing app that lets you quickly and effortlessly transfer files between two devices and is currently disabled
PARSE_SOURCE_ANON_CODE_OR_FUNC
8101
Yes
For Javascript buffers for toolkit detection
PARSE_SOURCE_ANON_CODE_OR_FUNC2
8157
Yes
For Javascript buffers for toolkit detection
PARSE_SOURCE_EVAL
8102
Yes
For Javascript buffers for toolkit detection
PARSE_SOURCE_EVAL2
8159
Yes
For Javascript buffers for toolkit detection
PARSE_SOURCE_ONBLUR
8110
Yes
For Javascript buffers for toolkit detection
PARSE_SOURCE_ONCHANGE
8112
Yes
For Javascript buffers for toolkit detection
PARSE_SOURCE_ONCLICK
8105
Yes
these are for Javascript buffers for toolkit detection
PARSE_SOURCE_ONFOCUS
8111
Yes
For Javascript buffers for toolkit detection
PARSE_SOURCE_ONLOAD
8104
Yes
For Javascript buffers for toolkit detection
PARSE_SOURCE_ONMOUSEOUT
8106
Yes
For Javascript buffers for toolkit detection
PARSE_SOURCE_ONMOUSEOVER
8107
Yes
For Javascript buffers for toolkit detection
PARSE_SOURCE_ONREADYSTATECHANGE
8108
Yes
For Javascript buffers for toolkit detection
PARSE_SOURCE_ONSUBMIT
8109
Yes
For Javascript buffers for toolkit detection
PARSE_SOURCE_SCRIPT_BLOCK
8100
Yes
For Javascript buffers for toolkit detection
PAX_EXTENDED_HEADER_DATA
716
Yes
Pax is an archiving utility created by POSIX extended header
PDF
357
No
Deprecated
PDF_STREAM_UNKNOWN
358
Yes
PDF stream parsed without a detection
POP2
296
Yes
Post Office Protocol version 2 (POP2) is to allow a user's workstation to access mail from a mailbox server : RFC 937
POP3
297
Yes
Yes
Post Office Protocol version 3 (POP3) is to allow a user's workstation to access mail from a mailbox server : RFC 1081
PPTP
401
Yes
Yes
Point-to-Point Tunneling Protocol (PPTP) for implementing virtual private networks
QQ
368
Yes
Application protocol : instant messaging software service originally released under the name OICQ
RADIUS
362
Yes
Remote Authentication Dial-In User Service is a networking protocol that provides centralized authentication, authorization, and accounting service
REALPIX_IMFL
315
No
RealPlayer RealPix IMFL document, which is not used
REMOTEDOCS_RVIEWER
321
No
REMOTEDOCS RVIEWER file, which is not used
RFB
340
Yes
RFB ("remote framebuffer") is a simple protocol for remote access to graphical user interfaces that allows a client to view and control a window system on another compute (RFC 6143)
RLOGIN
298
Yes
Yes
Rlogin (remote login) is a UNIX command that allows an authorized user to login to other UNIX machines (hosts) on a network and to interact as if the user were physically at the host computer (TCP port 513)
RSH
299
Yes
Yes
Remote shell (rsh) is a command line computer program that can execute shell commands as another user, and on another computer across a computer network (TCP port 514)
RTSP
367
Yes
The Real Time Streaming Protocol, or RTSP, is an application-level protocol for control over the delivery of data with real-time properties.
SCCP
366
Yes
Not supported
SIP
365
Yes
Session Initiation Protocol is a signaling protocol for video, voice and messaging application
SLACK_FILE_SHARING
463
Yes
Not supported
SMB
300
Yes
Yes
Server Message Block
SMB_PIPEDATA_UNKNOWN
390
Yes
Yes
SMB pipedata
SMB_TREE
415
Yes
Yes
SMB tree
SMB2
381
Yes
Yes
Server Message Block 2
SMB3_ENCRYPTED
440
Yes
Yes
Server Message Block 3_ENCRYPTED
SMTP
301
Yes
Yes
Simple Mail Transfer Protocol : protocol for electronic mail transmission
SMTP_CIM_SIG
347
No
Not supported
SNMP
302
Yes
Yes
Simple Network Management Protocol (SNMP) is an Internet standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior
SOCKS
303
Yes
Yes
SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server, which accepts incoming client connection on TCP port 1080
SOCKS5
722
Yes
Yes
SOCKS5 on top of SOCKS provides authentication so only authorized users may access a server, which is detected in both server and client direction
SPEEDTEST_MOVISTAR_ES
486
No
Speed test traffic identification
SSH
304
Yes
Yes
Secure Shell Protocol
SSL2
424
Yes
Yes
Secure Shell Protocol 2
SSL3
425
Yes
Yes
Secure Shell Protocol 3
SSL3_IGNORE
426
No
Custom protocol from traffic from a specific customer
SWF_CHILD_FILE
349
Yes
NDC internal
SWF_FILE
348
Yes
Content identification : SWF is an Adobe file format used for multimedia, vector graphics and ActionScript
TCP
6
Yes
Transmission Control Protocol
TELNET
305
Yes
Yes
Telnet protocol is a bidirectional interactive text-oriented communication facility
TFTP
306
Yes
Yes
Trivial File Transfer Protocol
TLS
406
Yes
Yes
Transport Layer Security is a cryptographic protocol that provides end-to-end communications security over networks
TLS_ALPN_H2
483
Yes
Yes
Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS) extension for application layer protocol negotiation
TPKT
400
Yes
SCADA lower layer - ISO Transport Protocol Specification, RFC1006
TRAFFIC_TEST_TOOL
411
Yes
Traffic generated by network and performance test tools of all types
UDP
17
Yes
User Datagram Protocol
VIDEO_3GP
352
Yes
Content identification : video - 3GP file format
VIDEO_AMV
707
Yes
Content identification : video - AMV file format
VIDEO_AVI_MJPG
389
Yes
Content identification : video - AVI MJPG file format
VIDEO_FLV
319
Yes
Yes
Content identification : video - FLV file format
VIDEO_MP4
420
Yes
Content identification : video - MP4 file format
VIDEO_QUICKTIME
322
Yes
Yes
Content identification : video - QuickTime file format
VXD_X86_WIN
395
Yes
Virtual device driver
WEBSOCKET
453
Yes
Yes
WebSocket is a computer communications protocol, providing full-duplex communication channels over a single TCP connection
WECHAT
468
No
Not supported
XML
308
Yes
Yes
Content identification : XML
XMPP
372
Yes
Yes
Extensible Messaging and Presence Protocol : communication protocol based on XML
YAHOO_MAIL_LOGIN
460
No
Yahoo Runtime event : login
YAHOO_MAIL_LOGOUT
461
No
Yahoo Runtime event : logout
YAHOO_MESSENGER
359
No
Yahoo messenger
ZEUS_P2P
422
Yes
Yes
Zeus : a family of credential stealing Trojans that is a p2p variant