09-13-2013 08:51 AM - edited 03-11-2019 07:38 PM
Can anyone point me to a list of ZBF protocol names that includes information on which port numbers are included within a given protocol? For example, if I am creating a class-map and I want to specify a given type of traffic like web browsing, I can type "match protocol http" to permit the traffic because I know that "http" corresponds to standard port 80 browsing. But I am running into situations where I know the port number I want to open but do not know if any of the predefined protocol names correspond to it. For example, I know from some Wireshark output that I need to open port 3269/tcp, which wireshark identifies as "msft-gc-ssl." If I do a "match protocol ?" on the ZBF I get output like this:
..... microsoft-ds Microsoft-DS
ms-cluster-net MS Cluster Net
ms-dotnetster Microsoft .NETster Port
ms-sna Microsoft SNA Server/Base
ms-sql Microsoft SQL
ms-sql-m Microsoft SQL Monitor
msexch-routing Microsoft Exchange Routing
msnmsgr MSN Instant Messenger
msrpc MSRPC inspection
msrpc-smb-netbios MSRPC over TCP port 445
mysql MySQL
n2h2server N2H2 Filter Service Port
ncp NCP (Novell)
net8-cman Oracle Net8 Cman/Admin
netbios-dgm NETBIOS Datagram Service
netbios-ns NETBIOS Name Service .....
None of the protocol names are the same as the one Wireshark used, but one of them may well include port 3269/tcp. I'd like to find a list that maps port numbers onto predefined protocols so I know which one(s) to use.
Thanks,
-Mathew Rouch
Solved! Go to Solution.
09-16-2013 02:21 AM
Hi,
show ip port-map will display the protocols used in the ZBF match protocol command with the port number and L4 protocol used.
Regards.
Alain
Don't forget to rate helpful posts
09-13-2013 10:21 AM
09-13-2013 12:24 PM
Felipe,
That's kind of the reverse of what I am looking for. I know that the port in question, 3269, is commonly referred to as "msft-gc-ssl" (and also as "global catalog ldaps" and somtimes incorrectly as just "ldaps".) And I know that there is no ZBF protocol with that name. What I would like to see is whether any of the predefined ZBF protocols include that port.
As a better example, port 137 is for standard WINS, and port 42 is for WINS database replication. There is only one protocol defined in the ZBF for "wins" and I'd like to be able to tell if that protocol is just port 137, just port 42, or both.
-Mat
09-15-2013 06:21 PM
Hello Mat,
Well not specific to ZBFW but you could use NBAR to make it happen!!
Example:
R1#show ip nbar protocol-discovery
R1#sh ip pb
R1#sh ip n
R1#sh ip nb
R1#sh ip nbar por
R1#sh ip nbar port-map
port-map bgp udp 179
port-map bgp tcp 179
port-map citrix udp 1604
port-map citrix tcp 1494
port-map cuseeme udp 7648 7649 24032
port-map cuseeme tcp 7648 7649
port-map dhcp udp 67 68
port-map dns udp 53
port-map dns tcp 53
port-map edonkey tcp 4662
port-map exchange tcp 135
port-map fasttrack tcp 1214
port-map finger tcp 79
port-map ftp tcp 21
port-map gnutella tcp 6346 6347 6348 6349 6355 5634
port-map gopher udp 70
....
And the list keeps going. Remember to rate the helpful answers
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
09-16-2013 02:21 AM
Hi,
show ip port-map will display the protocols used in the ZBF match protocol command with the port number and L4 protocol used.
Regards.
Alain
Don't forget to rate helpful posts
09-16-2013 06:28 AM
Thanks Alain, that's what I was looking for.
jcarvaja, the command you suggested does work, but it only seems to show a subset of the protocols.
-Mat
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide