Solved: ZBF - List of what port numbers the "protocols" correspond to

mat_rouch · ‎09-13-2013

Can anyone point me to a list of ZBF protocol names that includes information on which port numbers are included within a given protocol? For example, if I am creating a class-map and I want to specify a given type of traffic like web browsing, I can type "match protocol http" to permit the traffic because I know that "http" corresponds to standard port 80 browsing. But I am running into situations where I know the port number I want to open but do not know if any of the predefined protocol names correspond to it. For example, I know from some Wireshark output that I need to open port 3269/tcp, which wireshark identifies as "msft-gc-ssl." If I do a "match protocol ?" on the ZBF I get output like this:

..... microsoft-ds Microsoft-DS

ms-cluster-net MS Cluster Net

ms-dotnetster Microsoft .NETster Port

ms-sna Microsoft SNA Server/Base

ms-sql Microsoft SQL

ms-sql-m Microsoft SQL Monitor

msexch-routing Microsoft Exchange Routing

msnmsgr MSN Instant Messenger

msrpc MSRPC inspection

msrpc-smb-netbios MSRPC over TCP port 445

mysql MySQL

n2h2server N2H2 Filter Service Port

ncp NCP (Novell)

net8-cman Oracle Net8 Cman/Admin

netbios-dgm NETBIOS Datagram Service

netbios-ns NETBIOS Name Service .....

None of the protocol names are the same as the one Wireshark used, but one of them may well include port 3269/tcp. I'd like to find a list that maps port numbers onto predefined protocols so I know which one(s) to use.

Thanks,

-Mathew Rouch

cadet alain · ‎09-16-2013

Hi,

show ip port-map will display the protocols used in the ZBF match protocol command with the port number and L4 protocol used.

Regards.

Alain

Don't forget to rate helpful posts

Don't forget to rate helpful posts.

View solution in original post

lcambron · ‎09-13-2013

Hello,

This might help:

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Regards,

Felipe.

mat_rouch · ‎09-13-2013

Felipe,

That's kind of the reverse of what I am looking for. I know that the port in question, 3269, is commonly referred to as "msft-gc-ssl" (and also as "global catalog ldaps" and somtimes incorrectly as just "ldaps".) And I know that there is no ZBF protocol with that name. What I would like to see is whether any of the predefined ZBF protocols include that port.

As a better example, port 137 is for standard WINS, and port 42 is for WINS database replication. There is only one protocol defined in the ZBF for "wins" and I'd like to be able to tell if that protocol is just port 137, just port 42, or both.

-Mat

Julio Carvajal · ‎09-15-2013

Hello Mat,

Well not specific to ZBFW but you could use NBAR to make it happen!!

Example:

R1#show ip nbar protocol-discovery

R1#sh ip pb

R1#sh ip n

R1#sh ip nb

R1#sh ip nbar por

R1#sh ip nbar port-map

port-map bgp udp 179

port-map bgp tcp 179

port-map citrix udp 1604

port-map citrix tcp 1494

port-map cuseeme udp 7648 7649 24032

port-map cuseeme tcp 7648 7649

port-map dhcp udp 67 68

port-map dns udp 53

port-map dns tcp 53

port-map edonkey tcp 4662

port-map exchange tcp 135

port-map fasttrack tcp 1214

port-map finger tcp 79

port-map ftp tcp 21

port-map gnutella tcp 6346 6347 6348 6349 6355 5634

port-map gopher udp 70

....

And the list keeps going. Remember to rate the helpful answers

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

cadet alain · ‎09-16-2013

Hi,