Juniper SecureAnalyticsApplicationConfigurationGuide
Release
7.3.0
Modified: 2017-09-13
Copyright © 2017, Juniper Networks, Inc.
Juniper Networks, Inc.1133 InnovationWaySunnyvale, California 94089USA408-745-2000www.juniper.net
Copyright © 2017 Juniper Networks, Inc. All rights reserved.
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. and/or its affiliates inthe United States and other countries. All other trademarks may be property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.
Juniper Secure Analytics Application Configuration Guide7.3.0Copyright © 2017 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through theyear 2038. However, the NTP application is known to have some difficulty in the year 2036.
ENDUSER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networkssoftware. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted athttp://www.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of thatEULA.
Copyright © 2017, Juniper Networks, Inc.ii
Table of Contents
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Chapter 1 Application Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Application Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
What is an Application ID? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
What Tasks Are Required to Map Applications? . . . . . . . . . . . . . . . . . . . . . . . . 13
Defining New Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Defining Application Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Defining Application Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Chapter 2 Default Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Default Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
ICMP Type and Code IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Identifying Default ICMP Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Identifying Default ICMP Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Port IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Protocol IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
iiiCopyright © 2017, Juniper Networks, Inc.
Copyright © 2017, Juniper Networks, Inc.iv
Juniper Secure Analytics Application Configuration Guide
List of Tables
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Chapter 1 Application Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Table 3: Application IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Table 4: Application Signatures Default Parameters . . . . . . . . . . . . . . . . . . . . . . . 18
Chapter 2 Default Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Table 5: ICMP Type 3: Destination Unreachable Codes . . . . . . . . . . . . . . . . . . . . . 72
Table 6: ICMP Type 5: Redirect Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Table 7: ICMP Type 11: Time Exceeded Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Table 8: ICMP Type 12: Parameter Problem Codes . . . . . . . . . . . . . . . . . . . . . . . . . 73
vCopyright © 2017, Juniper Networks, Inc.
Copyright © 2017, Juniper Networks, Inc.vi
Juniper Secure Analytics Application Configuration Guide
About the Documentation
• Documentation and Release Notes on page vii
• Documentation Conventions on page vii
• Documentation Feedback on page ix
• Requesting Technical Support on page x
Documentation and Release Notes
To obtain the most current version of all Juniper Networks®technical documentation,
see the product documentation page on the Juniper Networks website at
http://www.juniper.net/techpubs/.
If the information in the latest release notes differs from the information in the
documentation, follow the product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject
matter experts. These books go beyond the technical documentation to explore the
nuances of network architecture, deployment, and administration. The current list can
be viewed at http://www.juniper.net/books.
Documentation Conventions
Table 1 on page viii defines notice icons used in this guide.
viiCopyright © 2017, Juniper Networks, Inc.
Table 1: Notice Icons
DescriptionMeaningIcon
Indicates important features or instructions.Informational note
Indicates a situation that might result in loss of data or hardware damage.Caution
Alerts you to the risk of personal injury or death.Warning
Alerts you to the risk of personal injury from a laser.Laser warning
Indicates helpful information.Tip
Alerts you to a recommended use or implementation.Best practice
Table 2 on page viii defines the text and syntax conventions used in this guide.
Table 2: Text and Syntax Conventions
ExamplesDescriptionConvention
To enter configuration mode, type theconfigure command:
user@host> configure
Represents text that you type.Bold text like this
user@host> show chassis alarms
No alarms currently active
Represents output that appears on theterminal screen.
Fixed-width text like this
• A policy term is a named structurethat defines match conditions andactions.
• Junos OS CLI User Guide
• RFC 1997,BGPCommunities Attribute
• Introduces or emphasizes importantnew terms.
• Identifies guide names.
• Identifies RFC and Internet draft titles.
Italic text like this
Configure themachine’s domain name:
[edit]root@# set system domain-namedomain-name
Represents variables (options for whichyou substitute a value) in commands orconfiguration statements.
Italic text like this
Copyright © 2017, Juniper Networks, Inc.viii
Juniper Secure Analytics Application Configuration Guide
Table 2: Text and Syntax Conventions (continued)
ExamplesDescriptionConvention
• To configure a stub area, include thestub statement at the [edit protocolsospf area area-id] hierarchy level.
• Theconsoleport is labeledCONSOLE.
Represents names of configurationstatements, commands, files, anddirectories; configurationhierarchy levels;or labels on routing platformcomponents.
Text like this
stub <default-metricmetric>;Encloses optional keywords or variables.< > (angle brackets)
broadcast | multicast
(string1 | string2 | string3)
Indicates a choice between themutuallyexclusive keywords or variables on eitherside of the symbol. The set of choices isoften enclosed in parentheses for clarity.
| (pipe symbol)
rsvp { # Required for dynamicMPLS onlyIndicates a comment specified on thesame lineas theconfiguration statementto which it applies.
# (pound sign)
community namemembers [community-ids ]
Encloses a variable for which you cansubstitute one or more values.
[ ] (square brackets)
[edit]routing-options {static {route default {nexthop address;retain;
}}
}
Identifies a level in the configurationhierarchy.
Indention and braces ( { } )
Identifies a leaf statement at aconfiguration hierarchy level.
; (semicolon)
GUI Conventions
• In the Logical Interfaces box, selectAll Interfaces.
• To cancel the configuration, clickCancel.
Representsgraphicaluser interface(GUI)items you click or select.
Bold text like this
In the configuration editor hierarchy,select Protocols>Ospf.
Separates levels in a hierarchy of menuselections.
> (bold right angle bracket)
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can provide feedback by using either of the following
methods:
• Online feedback rating system—On any page of the Juniper Networks TechLibrary site
athttp://www.juniper.net/techpubs/index.html, simply click the stars to rate thecontent,
and use the pop-up form to provide us with information about your experience.
Alternately, you can use the online feedback form at
http://www.juniper.net/techpubs/feedback/.
ixCopyright © 2017, Juniper Networks, Inc.
About the Documentation
• E-mail—Sendyourcommentsto [email protected]. Includethedocument
or topic name, URL or page number, and software version (if applicable).
Requesting Technical Support
Technical product support is available through the JuniperNetworksTechnicalAssistance
Center (JTAC). If you are a customer with an active J-Care or Partner Support Service
support contract, or are covered under warranty, and need post-sales technical support,
you can access our tools and resources online or open a case with JTAC.
• JTAC policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
• Product warranties—For product warranty information, visit
http://www.juniper.net/support/warranty/.
• JTAC hours of operation—The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides youwith the
following features:
• Find CSC offerings: http://www.juniper.net/customers/support/
• Search for known bugs: https://prsearch.juniper.net/
• Find product documentation: http://www.juniper.net/documentation/
• Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
• Download the latest versions of software and review release notes:
http://www.juniper.net/customers/csc/software/
• Search technical bulletins for relevant hardware and software notifications:
http://kb.juniper.net/InfoCenter/
• Join and participate in the Juniper Networks Community Forum:
http://www.juniper.net/company/communities/
• Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
Toverify serviceentitlementbyproduct serial number, useourSerialNumberEntitlement
(SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/
Opening a Casewith JTAC
You can open a case with JTAC on theWeb or by telephone.
• Use the Case Management tool in the CSC at http://www.juniper.net/cm/.
• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
Copyright © 2017, Juniper Networks, Inc.x
Juniper Secure Analytics Application Configuration Guide
For international or direct-dial options in countries without toll-free numbers, see
http://www.juniper.net/support/requesting-support.html.
xiCopyright © 2017, Juniper Networks, Inc.
About the Documentation
Copyright © 2017, Juniper Networks, Inc.xii
Juniper Secure Analytics Application Configuration Guide
CHAPTER 1
Application Mappings
• Application Mappings on page 13
• Defining New Applications on page 14
ApplicationMappings
JSA includes default application IDs. However, you can edit the application mapping file
to ensure that traffic is appropriately classified in JSA.
• What is an Application ID? on page 13
• What Tasks Are Required to Map Applications? on page 13
What is an Application ID?
When JSA detects a flow, it assigns an application ID to the flow. The application ID is
assignedbasedon theprotocol andports that areused for the flow, and the flowcontent.
JSAdefault application IDsareallocatedbasedon theServiceNameandTransportProtocol
Port Number Registry
(http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt).
What Tasks Are Required toMap Applications?
Whenyoucreateor customizeanapplicationmapping, do the following tasks in sequence:
1. Defining New Applications on page 14
The application configuration file contains default applications. To define new
applications, youmust add new applications IDs to the application configuration file.
2. Map traffic to the new applications by using one of the following methods:
• Defining Application Mappings on page 15
Update the application mapping file, which maps applications to application IDs
based on IP address and port number.
• Defining Application Signatures on page 17
Defineapplicationsignatures toapply to flows that thedefault applicationmapping
does not automatically detect. To assign application IDs to flows, this method
requires you to create rules that are based on IP address, port, and content. To
13Copyright © 2017, Juniper Networks, Inc.
define port-only application signatures, configure port mappings in the application
mapping file, not the application signatures file.
RelatedDocumentation
Defining New Applications on page 14•
• Default Applications on page 21
• ICMP Type and Code IDs on page 71
Defining NewApplications
To define new applications, edit the application configuration file.
When you define new applications, the application ID number must not exist in the
apps.conf file. Assign numbers that are in the 15,000 - 20,000 range for custom
applications.
The format of the entry uses the following syntax:
<appname><appid>
The application name<appname> is used in theNetworkActivity andOffenses tabs. You
can specify an application namewith up to five application levels. However, JSA uses
only three levels of the application name. Use a number sign (#) to separate each level
of the application name.
The following example defines the Authentication.Radius-1646 application with an
application ID of 51343:
Authentication#Radius-1646####51343
Five application levels are represented in the application ID. Application levels are
separated by number sign (#). If an application ID contains fewer than five levels, include
the number signs for all five levels.
For example, to add Authentication#Radius-1646####51343as an application ID, insert
the application ID as follows:
Authentication#Radius-1645####51342Authentication#Radius-1646####51343 <- inserted applicationAuthentication#Radius-1812####51344Authentication#Radius-1813####51345
1. Using SSH, log in to JSA as the root user.
2. Open the following file:
/store/configservices/staging/globalconfig/apps.conf
3. Insert new applications and ensure that you insert the new application ID in
alphabetical order.
Copyright © 2017, Juniper Networks, Inc.14
Juniper Secure Analytics Application Configuration Guide
4. Save and exit the file.
5. Log in to JSA as an administrator.
6. Click the Admin tab.
7. On the toolbar, click Deploy Changes.
Choose one of the following options:
• To define application mappings, see “Defining Application Mappings” on page 15.
• To define application signatures, see “Defining Application Signatures” on page 17.
• Defining Application Mappings on page 15
• Defining Application Signatures on page 17
Defining ApplicationMappings
To identify application signatures, create user-defined application mappings that are
based on the IP address and port number.
Youmust add the new application IDs. For more information, see “Defining New
Applications” on page 14.
When you update the application mapping file, follow these guidelines:
• Each line in the file indicatesamappedapplication.Youcanspecifymultiplemappings,
each on a separate line, for the same application.
• Youcan specify awildcard character (*) for any field. Use thewildcard character alone,
and not as part of a comma-separated list. The wildcard character indicates that the
field applies to all flows.
• You can associate a flowwith multiple mappings. A flow is mapped to an application
ID based on themapping order in the file. The first mapping that applies in the file is
assigned to the flow.
• When you add new application ID numbers, youmust create a new and unique
application ID number. The application ID number must not exist in the apps.conf file.
Apply numbers that range 15,000 - 20,000 for custom applications.
• The format of the entry must resemble the following syntax:
<New_ID> <Old_ID> <Source_IP_Address>:<Source_Port> <Dest IP Address>:<Dest_Port> <Name>
<New_ID> specifies the application ID you want to assign to the flow. A value of 1
indicates an unknown application. If the ID youwant to assign does not exist, youmust
create the ID in theapps.conf file. Formore information, see “DefiningNewApplications”
on page 14.
15Copyright © 2017, Juniper Networks, Inc.
Chapter 1: Application Mappings
<Old_ID> specifies the default application ID of the flow, as assigned by JSA. A value
of * indicates a wildcard character. If multiple application IDs are assigned, the
application IDs are separated by commas.
Table 3: Application IDs
ValuesDescriptionOption
Can contain either a comma-separatedlist of addresses or CIDR values. A valueof * indicatesawildcardcharacter,whichmeans that this field applies to all flows.
Specifies the source IP address of theflow.
Source_IP_Address
Can contain a comma-separated list ofvalues or ranges that are specified in theformat:<lower_port_number>-<upper_port_number>.A value of * indicates a wildcardcharacter, which means that this fieldapplies to all flows.
Specifies the associated port.<Source_Port>
Can contain either a comma-separatedlist of addresses or CIDR values. A valueof * indicatesawildcardcharacter,whichmeans that this field applies to all flows.
Specifies the destination IP address ofthe flow.
<Dest_IP_Address>
Can contain a comma-separated list ofvalues or ranges that are specified in theformat:<lower_port_number>-<upper_port_number>.A value of * indicates a wildcardcharacter, which means that this fieldapplies to all flows.
Specifies theassociateddestinationport.<Dest_Port>
OptionalSpecifiesanamethat youwant toassignto this mapping.
<Name>
The following example of mapping file /user_application_mapping.confmaps all flows
that match the IP addresses and ports for which the JSA flow processor assigned to the
old IDof 1010. It assigns thenew IDof 15000when it originates fromeither of twosubnets
in 10.100.*, and when designated for a specific address and either of two destination
ports:
15000 1010 10.100.100/24,10.100.50.10:* 172.14.33.33:80,443
The following example overrides the assigned name for application ID 1010. It specifies
a new application, ID 15100, based on any traffic that is going to port 33333 or a range of
destination ports for specific addresses or application overrides.
15000 1010 10.100.100/24,10.100.50.10:* 172.14.33.33:80,443 AllowedWebTypeA15000 1010 10.100.30/24:* 172.14.33.20:80 AllowedWebTypeA15100 * *:3333364.35.20/24,64.33/16,64.77.34.12:33333,33350-33400 GameX15100 1,34803,34809 *:33333 *:33333,33350-33400 GameX
Copyright © 2017, Juniper Networks, Inc.16
Juniper Secure Analytics Application Configuration Guide
The following example shows the assignment of new application names and IDs, based
onmatching three application IDs, one of which is the application identifier (1). These
application IDs match on a basic hit of a specified destination port, for any traffic:
21200 1,34803,34809 *:* *:123 ntp34731 1,34803,34809 *:* *:1241 Nessus2001 1,34803,34809 *:* *:1214 Kazaa
1. Use SSH to log in to JSA as the root user.
2. Access the Network Activity tab.
3. Todetermine thedefault application IDs, hover yourmousepointerover theapplication
field for a flow that is associated with the application you want to update.
4. Choose one of the following options:
• Open the following file:
/store/configservices/staging/globalconfig/user_application_mapping.conf
• If the user_application_mapping.conf does not exist in your system, create the file
and place the empty file in the following directory:
/store/configservices/staging/globalconfig/
5. Update the file, as necessary.
6. Save and exit the file.
7. Log in to the JSA user interface.
8. Click the Admin tab.
9. Click Deploy Changes.
Defining Application Signatures
Use the application signatures file to create IP address and content-based rules that
assign application IDs to flows that JSA does not automatically detect.
The application signatures file is a definition file that is distributed to all JSA Flow
Processor by the primary JSA console. The file includes source and destination ports,
and ranges.
The application signatures file includes the following characteristics:
• Hex content is delimited with the pipe character (|):
<dstcontent offset="0" depth="4">|45 54|</dstcontent>
<dstcontent offset="0" depth="4">GET</dstcontent>
17Copyright © 2017, Juniper Networks, Inc.
Chapter 1: Application Mappings
• A flow can be associated withmultiple signatures. A flow is mapped to an application
ID based on the signature order in the file. The first signature that applies in the file is
assigned to the flow.
• When you edit the signatures.xml file, the data that is inserted between the XML tags
is case-sensitive. For example, when you specify TCP within the XML tags, enter the
value with all capital letters.
• Include the user-defined parameter in your new or updated signature. This parameter
ensures that all modifications are maintained after an automatic update.
The following code is an example of a Signatures.xml file:
<signatures> <signature> <appid>1009</appid> <appname>IMAP</appname> <groupname>Mail</groupname> <colour>#ff0000</colour> <description>IMAP traffic</description> <revision>1</revision> <protocol>TCP</protocol> <srcip>any</srcip> <srcport>any</srcport> <dstip>any</dstip> <dstport>any</dstport> <commondstport>143</commondstport> <srccontent offset="0" depth="128" ignorecase="true">LOGIN</srccontent> <dstcontent offset="0" depth="5">* OK</dstcontent> <weight>30</weight> </signature></signatures>
1. Use SSH to log in to JSA as the root user.
2. To change to the globalconfig directory, type the following command:
cd /store/configservices/staging/globalconfig
3. Open the following file:
signatures.xml
4. Make the necessary changes using the following parameters:
Table 4: Application Signatures Default Parameters
DescriptionParameter
A unique ID for each application that you want to define. Use numbers in the 15,000 -20,000 range for custom applications.
appid
The name of the application. The application name is used in the Network Activity andOffenses tabs.
appname
The group name for the application. Used only with the automatic generation script.groupname
Copyright © 2017, Juniper Networks, Inc.18
Juniper Secure Analytics Application Configuration Guide
Table 4: Application Signatures Default Parameters (continued)
DescriptionParameter
The long description of the application and any required notes for the particular signature.description
Use for version control.revisi on
If the same signature is required for more than one protocol, define the second signature.protocol
The specific source IP address. Use multiple application identifications whenmore thanone source IP address is required.
srcip
The specific source port for the signature. Use multiple application identifications whenmore than one source port is required.
srcport
The specific destination IP address. Use multiple application identifications whenmoredestination IP addresses are required.
dstip
The specific destination port for the signature to execute. Use multiple applicationidentifications whenmore than one destination port is required.
dstport
The destination port that is most commonly associated with the application.commondstport
The source port that is most commonly associated with the application.commonsrcport
<offset> is the offset in the payload where you want to begin searching for the sourcecontent. If no value is specified, the default is 0.
<depth> is the offset in the payload you want to stop the search.
For example, if you configure the following value, the payload is searched 5-15 bytes:
scrcontent 5 10
scrcontent <offset> <depth>
<offset> is the offset in the payloadwhere youwant to begin searching for the destinationcontent. If no value is specified, the default is 0.
<depth> is the offset in the payload you want to stop the search.
For example, if you configure the following the value, the payload is searched 5-15 bytes:
scrcontent 5 10
dstcontent <offset> <depth>
The weight that you want to assign this application. The weight influences any potentialrules and offenses created based on data using this application. Increasing the value ofthe weight increases the magnitude of the offense when it is created.
weight
Youmust specify to ensure that a new or updated signature is maintained after anautomatic update.
user_defined
5. Save and exit the file.
19Copyright © 2017, Juniper Networks, Inc.
Chapter 1: Application Mappings
6. Log in to JSA.
7. Click the Admin tab.
8. Click Deploy Changes.
RelatedDocumentation
• Application Mappings on page 13
• Default Applications on page 21
• ICMP Type and Code IDs on page 71
Copyright © 2017, Juniper Networks, Inc.20
Juniper Secure Analytics Application Configuration Guide
CHAPTER 2
Default Applications
• Default Applications on page 21
• ICMP Type and Code IDs on page 71
• Port IDs on page 73
• Protocol IDs on page 75
Default Applications
JSA includes default application IDs, which you can see in the applications configuration
file /store/configservices/staging/globalconfig/apps.conf. The default application values
apply to all source and destination flows. However, the destination port is specific to the
application.
The following table describes the default Application values for JSA:
DescriptionValueSub-componentsApplication group
LDAP traffic1019LDAPAuthentication
MSG authentication traffic20998MSGAuthenticationAuthentication
NT LANManager SupportProvider (NTLMSSP) traffic
5700NTLMSSPAuthentication
Radius traffic51342RadiusAuthentication
Radius traffic51344RadiusAuthentication
Radius traffic51345RadiusAuthentication
Tacacs traffic21028tacacsAuthentication
Tacacs Database Servicetraffic
21061TACACS-DatabaseServiceAuthentication
CUSeeMe traffic60016CUSeeMeChat
iChat traffic3008iChatChat
21Copyright © 2017, Juniper Networks, Inc.
DescriptionValueSub-componentsApplication group
ICQ traffic268435456ICQChat
ICQ traffic3001ICQChat
ICQ traffic3002ICQChat
ICQ traffic285212672ICQControlChat
ICQ traffic301989888ICQTalkChat
IRC traffic5669IRCChat
IRC traffic5782IRCChat
IRC traffic5668IRCChat
IRC traffic3003IRCChat
Jabber protocol traffic3004JabberChat
Jabber protocol traffic3006JabberChat
Jabber protocol traffic3005JabberChat
Lotus IM traffic60162Lotus-IMChat
MSN traffic3000MSNChat
MSN traffic5672MSNChat
MSN traffic5685MSNChat
MSN traffic5695MSNChat
MSN traffic5832MSNChat
MSN traffic5847MSNChat
MSN traffic318767104MSNChat
MSN traffic5831MSNChat
MSN folder sharing traffic321650688MSN >MSNFolderShareChat
MSN video traffic321781760MSN >MSNVideoChat
MSN file transfer traffic321650688MSN>MSNFileTransferChat
Copyright © 2017, Juniper Networks, Inc.22
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
Windows Messenger Service
Pop-up
60170Windows-POPUPChat
Yahoo traffic1033YahooChat
Citrix IMA traffic60115CitrixIMAClientServer
CVS traffic60150CVSpserverClientServer
CVS traffic60129CVSupClientServer
FIX traffic60057FIXClientServer
FoldingAtHome traffic60121FoldingAtHomeClientServer
RTMS information traffic60102INFOC-RTMSClientServer
INT-1 server traffic60111INT-1ClientServer
MATIP traffic60101MATIPClientServer
Meeting maker traffic60108MeetingMakerClientServer
NetIQ traffic60127NetIQClientServer
PEPGate traffic60104PEPGateClientServer
Unisys TCPA traffic60105Unisys-TCPAClientServer
Ariel content delivery60166Ariel-419ContentDelivery
Ariel content delivery60167Ariel-422ContentDelivery
BackWeb traffic60024BackWebContentDelivery
Chaincast traffic60156ChaincastContentDelivery
EntryPoint traffic60000EntryPointContentDelivery
Kontiki traffic60148KontikiContentDelivery
New stand traffic60146NewsStandContentDelivery
Webshots Desktop traffic60147WebshotsContentDelivery
AFS file system traffic60126AFSDataTransfer
23Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
iTunes traffic60163Apple-iTunesDataTransfer
Background intelligenttransfer service (WindowsUpdates)
60178BITSDataTransfer
CU-dev traffic60070CU-DevDataTransfer
DLS traffic60002DLSDataTransfer
FNA traffic60069FNAonTCPDataTransfer
File Transfer Protocol (FTP)traffic
27720FTPDataTransfer
File Transfer Protocol (FTP)traffic
27719FTPDataTransfer
File Transfer Protocol (FTP)traffic
1002FTPDataTransfer
File Transfer Protocol (FTP)traffic
5787FTPDataTransfer
File Transfer Protocol (FTP)traffic
5788FTPDataTransfer
File Transfer Protocol (FTP)traffic
5789FTPDataTransfer
File Transfer Protocol (FTP)traffic
5820FTPDataTransfer
File Transfer Protocol (FTP)traffic
5833FTPDataTransfer
File Transfer Protocol (FTP)traffic
5821FTPDataTransfer
File Transfer Protocol (FTP)traffic
5845FTPDataTransfer
File Transfer Protocol (FTP)traffic
5844FTPDataTransfer
File Transfer Protocol (FTP)traffic
150994944FTPControlDataTransfer
File Transfer Protocol (FTP)traffic
167772160FTPDataDataTransfer
Copyright © 2017, Juniper Networks, Inc.24
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
lockd traffic60068lockdDataTransfer
Microsoft directory servertraffic
60142Microsoft-dsDataTransfer
Misc common data trafficports
21919Misc-Transfer-PortsDataTransfer
Misc common data trafficports
22012Misc-Transfer-PortsDataTransfer
MSMQ traffic34806MSMQDataTransfer
Windows/Netbiosnetworking60013NetBIOS-IPDataTransfer
Network File System (NFS)traffic
51349NFSDataTransfer
Network File System (NFS)traffic
1007NFSDataTransfer
NNTP traffic51335NNTPNewsDataTransfer
NNTP traffic1013NNTPNewsDataTransfer
Norton Ghost traffic60194NortonGhostDataTransfer
Netware traffic60078NW5-CMDDataTransfer
Netware traffic60076NW5-NCPDataTransfer
UDP sharing traffic60106SHARESUDPDataTransfer
Sun ND traffic60173SunNDDataTransfer
TFTP traffic251658240TFTPDataTransfer
TFTP traffic21930TFTPDataTransfer
TFTP traffic1003TFTPDataTransfer
UUCP traffic60012UUCPDataTransfer
Windows file sharing1014WindowsFileSharingDataTransfer
Windows file sharing1021WindowsFileSharingDataTransfer
NETBIOS. Windowsnetworking
51340WindowsNetworkPortsDataTransfer
25Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
NETBIOS. Windowsnetworking
51339WindowsNetworkPortsDataTransfer
NETBIOS. Windowsnetworking
51338WindowsNetworkPortsDataTransfer
ARC server backup34730ARCserverBackupDataWarehousing
BAAN traffic60082BAANDataWarehousing
dbase traffic35298dbaseDataWarehousing
FileMaker traffic60112FileMakerDataWarehousing
Filenet traffic34800FilenetDataWarehousing
GuptaSQLBase traffic34841GuptaSQLBaseDataWarehousing
JDENet traffic60099JDENetDataWarehousing
Oracle list service51249Misc-DBDataWarehousing
Oracle list service39045Misc-DBDataWarehousing
Database MS SQL Server10002MSSQLServerDataWarehousing
MySQL traffic37291MySQLDataWarehousing
ORA traffic37302ORADataWarehousing
Oracle traffic37751OracleDataWarehousing
Oracle traffic37762OracleDataWarehousing
Oracle traffic37289oracleDataWarehousing
Oracle traffic38292OracleDataWarehousing
Oracle traffic37290OracleDataWarehousing
Oracle traffic42069OracleDataWarehousing
Oracle traffic37914OracleDataWarehousing
Oracle traffic37871OracleDataWarehousing
Oracle traffic37870OracleDataWarehousing
Copyright © 2017, Juniper Networks, Inc.26
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
Oracle traffic37512OracleDataWarehousing
Oracle traffic37401OracleDataWarehousing
OracleClient traffic60086OracleClientDataWarehousing
Oracle DB traffic37394OracleDBDataWarehousing
Oracle TNS traffic134217728OracleTNSDataWarehousing
Oracle TNS traffic136511488OracleTNS >MsFormsDataWarehousing
Oracle TNS traffic136314880OracleTNS >MsODBCDataWarehousing
Oracle TNS traffic136380416OracleTNS >MsOLEDataWarehousing
Oracle TNS traffic136445952OracleTNS >MsSQLPlusDataWarehousing
Oracle TNS traffic136577024OracleTNS > PeopleSoftDataWarehousing
Orasrv traffic37299orasrvDataWarehousing
PostgreSQL traffic37292PostgreSQLDataWarehousing
Progress traffic60110ProgressDataWarehousing
SAP R/3 application server40695SAPDataWarehousing
SAPGateway Server traffic40456SAPGatewayServerDataWarehousing
SQL-NET traffic34923SQL-NETDataWarehousing
CRS traffic60060CRSDirectoryServices
Ident traffic60059IdentDirectoryServices
LDAP traffic34801LDAPDirectoryServices
LDAP traffic51341LDAPDirectoryServices
mDNS traffic60183mDNSDirectoryServices
RRP traffic60133RRPDirectoryServices
SSDP traffic60158SSDPDirectoryServices
WINS traffic60088WINSDirectoryServices
27Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
IPP traffic60097IPPFilePrint
MQDS traffic60195MDQSFilePrint
Printer traffic60051PrinterFilePrint
tn3287 traffic60062tn3287FilePrint
tn5250p traffic60064tn5250pFilePrint
DCOM traffic51336DCOMFileTransfer
Windows/Netbiosnetworking51337NETBIOSFileTransfer
NetCp traffic35159netcpFileTransfer
National Instruments FileTransfer Protocol traffic
21879NIFTPFileTransfer
Private File Service traffic21910PrivateFileServiceFileTransfer
XFER traffic21984xferFileTransfer
AsheronsCall traffic60122AsheronsCallGames
Battle.net traffic60116BattleNetGames
Doom traffic60039DoomGames
Half-life traffic60119Half-LifeGames
Kali traffic60042KaliGames
LucasArts traffic60157LucasArtsGames
MSN-Zone traffic60123MSN-ZoneGames
Mythic traffic60149MythicGames
Quake traffic60040QuakeGames
SonyOnline traffic60138SonyOnlineGames
Tribes traffic60124TribesGames
Unreal traffic60117UnrealGames
YahooGames traffic60120YahooGamesGames
Copyright © 2017, Juniper Networks, Inc.28
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
DICOM traffic60143DICOMHealthcare
HL7 traffic60154HL7Healthcare
Flow traffic o51334Common-PortsInnerSystem
Flow Collector and flowtraffic
1023FlowgenInnerSystem
Update Daemon traffic1024UpdateDaemonInnerSystem
ActiveX traffic60056ActiveXInternetProtocol
IPHeaderCompression traffic34843IPHeaderCompressionInternetProtocol
SOAP-HTTP traffic60179SOAP-HTTPInternetProtocol
AFP traffic60058AFPLegacy
FNA traffic60008FNALegacy
IPX traffic34837IPXLegacy
LAT traffic60030LATLegacy
MOP-DL traffic60130MOP-DLLegacy
MOP-RC traffic60131MOP-RCLegacy
NETBEUI traffic60006NETBEUILegacy
PPP traffic34846PPPLegacy
PPPoE traffic60137PPPoELegacy
SLP traffic60077SLPLegacy
SNA traffic60007SNALegacy
biff traffic60083biffMail
ccmail traffic27668ccmailMail
ESMTP traffic5673ESMTPMail
Groupwise traffic60084GroupwiseMail
IMAP traffic5794IMAPMail
29Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
IMAP traffic5690IMAPMail
IMAP traffic1009IMAPMail
IMAP traffic5808IMAPMail
IMAP traffic5689IMAPMail
Misc-Mail-Port traffic22079Misc-Mail-PortMail
Misc-Mail-Port traffic22178Misc-Mail-PortMail
Misc-Mail-Port traffic22184Misc-Mail-PortMail
Misc-Mail-Port traffic22551Misc-Mail-PortMail
MSExchange traffic34817MSExchangeMail
MSSQ traffic60048MSSQMail
OSI traffic60071OSIMail
Mail POP3 traffic1008POPMail
Mail POP3 traffic5687POPMail
POP-port traffic22315POP-portMail
POP2 traffic22314pop2Mail
Mail SMTP request5812SMTPMail
Mail SMTP request5850SMTPMail
Mail SMTP request1004SMTPMail
Mail SMTP request5691SMTPMail
Mail SMTP request5851SMTPMail
Mail SMTP request5686SMTPMail
Mail SMTP request5688SMTPMail
SMTP-port traffic22080SMTP-portMail
AltaVista Firewall 97 traffic34054AltaVistaFirewall97Misc
Copyright © 2017, Juniper Networks, Inc.30
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
AltaVista Firewall 97 traffic34057AltaVistaFirewall97Misc
Anet traffic34812AnetMisc
AppleOUI traffic34819AppleOUIMisc
Appletalk-IP traffic51326Appletalk-IPMisc
Appletalk-IP traffic51327Appletalk-IPMisc
Appletalk-IP traffic51330Appletalk-IPMisc
Appletalk-IP traffic51329Appletalk-IPMisc
Appletalk-IP traffic51325Appletalk-IPMisc
Appletalk-IP traffic51331Appletalk-IPMisc
Appletalk-IP traffic51328Appletalk-IPMisc
at-nbp traffic34813at-nbpMisc
Authentication traffic21140AuthenticationMisc
Authentication traffic51348AuthenticationMisc
Authentication traffic51346AuthenticationMisc
Authentication traffic51343AuthenticationMisc
Authentication traffic51347AuthenticationMisc
Authentication traffic21122AuthenticationMisc
BGMP traffic21470bgmpMisc
BootPctraffic21065bootpcMisc
BootPs traffic21064bootpsMisc
CHAOSnet traffic34822CHAOSnetMisc
ctf traffic21116ctfMisc
Daynachip traffic34815DaynachipMisc
daytime traffic20912daytimeMisc
31Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
dcp traffic21130dcpMisc
discard traffic20909discardMisc
DNS traffic1017DNSMisc
dnsix traffic21125dnsixMisc
domain traffic21036domainMisc
dsp traffic21003dspMisc
dsp3270 traffic34816dsp3270Misc
echo traffic20908echoMisc
Finger traffic21081fingerMisc
giop traffic39042giopMisc
giop traffic39043giopMisc
Gopher traffic21069gopherMisc
GSM traffic34830GSMMisc
GSS-SPNEGO traffic5861GSS-SPNEGOMisc
hostname traffic21147hostnameMisc
Hosts2-Ns traffic34804Hosts2-NsMisc
Ingres traffic34805IngresMisc
IPIX traffic34826IPIXMisc
IPv4 traffic34844IPv4Misc
IPv6 traffic34845IPv6Misc
JPEG traffic34840JPEGMisc
Kerberos traffic34810KerberosMisc
Kerberos traffic21624KerberosMisc
linuxconf traffic21139linuxconfMisc
Copyright © 2017, Juniper Networks, Inc.32
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
LotusNotesTM traffic34732LotusNotesMisc
ManagementServices traffic34564ManagementServicesMisc
ManagementServices traffic34556ManagementServicesMisc
ManagementServices traffic34636ManagementServicesMisc
ManagementServices traffic34213ManagementServicesMisc
ManagementServices traffic34221ManagementServicesMisc
ManagementServices traffic34560ManagementServicesMisc
ManagementServices traffic34735ManagementServicesMisc
ManagementServices traffic34563ManagementServicesMisc
ManagementServices traffic34216ManagementServicesMisc
Marimba traffic60015MarimbaMisc
metagram traffic21141metagramMisc
mfcobol traffic34209mfcobolMisc
Misc-Ports traffic21070Misc-PortsMisc
Misc-Ports traffic21071Misc-PortsMisc
Misc-Ports traffic21074Misc-PortsMisc
Misc-Ports traffic21043Misc-PortsMisc
Misc-Ports traffic21035Misc-PortsMisc
Misc-Ports traffic21021Misc-PortsMisc
Misc-Ports traffic21302Misc-PortsMisc
Misc-Ports traffic21301Misc-PortsMisc
Misc-Ports traffic21073Misc-PortsMisc
Misc-Ports traffic21072Misc-PortsMisc
Misc-Ports traffic50643Misc-PortsMisc
33Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
Misc-Ports traffic37305Misc-PortsMisc
Misc-Ports traffic50795Misc-PortsMisc
Misc-Ports traffic21008Misc-PortsMisc
Misc-Ports traffic21148Misc-PortsMisc
Misc-Ports traffic21121Misc-PortsMisc
Misc-Ports traffic21303Misc-PortsMisc
MiscApplication traffic34847MiscApplicationMisc
MiscProtocol traffic34848MiscProtocolMisc
MITML Device traffic34208MITMLDeviceMisc
MITML Device traffic34205MITMLDeviceMisc
mpm traffic21020mpmMisc
MSGICP traffic20996MSGICPMisc
msp traffic20916mspMisc
mtp traffic22177mtpMisc
name traffic21015nameMisc
Nessus traffic34731NessusMisc
netstat traffic20913netstatMisc
npp traffic51324nppMisc
NSP traffic34842NSPMisc
nsrmp traffic34728nsrmpMisc
nsrmp traffic34727nsrmpMisc
nsrmp traffic34661nsrmpMisc
NTP traffic1016NTPMisc
NTP traffic34811NTPMisc
Copyright © 2017, Juniper Networks, Inc.34
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
ntp traffic21200ntpMisc
objcall traffic34557objcallMisc
qmtp traffic22550qmtpMisc
qotd traffic20915qotdMisc
rap traffic21007rapMisc
RMC traffic22158RMCMisc
RPC traffic21167RPCMisc
snagas traffic21160snagasMisc
snmp traffic21299snmpMisc
snmptrap traffic21300snmptrapMisc
Symantec Ghost traffic34729SymantecGhostMisc
Syslog traffic1015SyslogMisc
time traffic21006timeMisc
tlisrv traffic37309tlisrvMisc
ttc traffic39044ttcMisc
ttc traffic40380ttcMisc
ttc traffic42060ttcMisc
Unknown TCP traffic34803Unknown_TCPMisc
Unknown UDP traffic34809Unknown_UDPMisc
UPnP traffic1018UPnPMisc
VMTP traffic34839VMTPMisc
whois traffic21016whoisMisc
whoisplus traffic21056whoisplusMisc
XNS traffic21042XNSMisc
35Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
XNS traffic21039XNSMisc
Intellex traffic6000IntellexMultimedia
VideoFrame traffic60091VideoFrameMultimedia
WebEx traffic60139WebExMultimedia
CiscoDiscovery traffic60055CiscoDiscoveryNetworkManagement
Flow records traffic60176FlowRecordsNetworkManagement
ICMP traffic60009ICMPNetworkManagement
IPComp traffic60161IPCompNetworkManagement
NetFlow v5 traffic60175NetFlowV5NetworkManagement
Flow Collectorr traffic51333Flow CollectorNetworkManagement
RSVP traffic60096RSVPNetworkManagement
SMS traffic60087SMSNetworkManagement
TimeServer traffic60125TimeServerNetworkManagement
VIPC traffic34802VIPCNetworkManagement
Aimster traffic60132AimsterP2P
Audiogalaxy traffic60118AudiogalaxyP2P
BitTorrent traffic2006BitTorrentP2P
Blubster traffic2003BlubsterP2P
Common P2P port traffic33955Common-P2P-PortP2P
DirectConnect traffic5864DirectConnectP2P
DirectConnect traffic5865DirectConnectP2P
DirectConnect traffic5866DirectConnectP2P
DirectConnect traffic5867DirectConnectP2P
DirectConnect traffic5863DirectConnectP2P
Copyright © 2017, Juniper Networks, Inc.36
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
EarthStationV traffic60182EarthStationVP2P
FileRogue traffic60145FileRogueP2PS
Filetopia traffic60168FiletopiaP2P
Furthernet traffic60160FurthurnetP2P
Gnutella traffic2000GnutellaP2P
Groove traffic60134GrooveP2P
Hotline traffic60136HotlineP2P
Kazaa traffic2001KazaaP2P
LimeWire traffic2008LimeWireP2P
Morpheus traffic2010MorpheusP2P
Napster traffic2011NapsterP2P
Napster2 traffic60181Napster2P2P
OpenNap traffic2007OpenNapP2P
P2P PeerEnabler traffic2204PeerEnablerP2P
P2P PeerEnabler traffic2004PeerEnablerP2P
Piolet traffic2005PioletP2P
ScourExchange traffic60113ScourExchangeP2P
Soulseek traffic60184SoulseekP2P
Tripnosis traffic60135TripnosisP2P
eDonkey2000 traffic33954eDonkey2000P2P
eDonkey traffic2002eDonkeyP2P
eDonkey2000 traffic33956eDonkey2000P2P
iMesh traffic60114iMeshP2P
GnuCleusLan traffic2009GnucleuslanP2P
37Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
ATSTCP traffic60107ATSTCPRemoteAccess
Attachmate-GW traffic60100Attachmate-GWRemoteAccess
Citrix traffic34814CitrixRemoteAccess
Remote Access Citrix ICATraffic
5671CitrixICARemoteAccess
Remote Access Citrix ICATraffic
5670CitrixICARemoteAccess
CORBA traffic60043CORBARemoteAccess
DceRPC traffic100663296DceRPCRemoteAccess
DceRPCMapper traffic101908480DceRPC > DceRPCMapperRemoteAccess
MsExchange traffic101974016DceRPC >MsExchangeRemoteAccess
MsExchange traffic102011648DceRPC >MsExchange >Directory
RemoteAccess
MsExchange traffic102011904DceRPC >MsExchange >InformationStore
RemoteAccess
MsExchange traffic102012160DceRPC>MsExchange>MTARemoteAccess
GoToMyPC traffic60164GoToMyPCRemoteAccess
JavaTM RMI traffic60109JavaRMIRemoteAccess
login traffic60089loginRemoteAccess
MS terminal services6001MSTerminalServicesRemoteAccess
OpenConnect-JCP traffic60085OpenConnect-JCPRemoteAccess
OpenWindows traffic34807OpenWindowsRemoteAccess
PCanywhere application50528pcanywhereRemoteAccess
PCanywhere application20948PCAnywhereRemoteAccess
Persona traffic60093PersonaRemoteAccess
radmin traffic60177radminRemoteAccess
RDP traffic60052RDPRemoteAccess
Copyright © 2017, Juniper Networks, Inc.38
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
RemotelyAnywhere traffic60188RemotelyAnywhereRemoteAccess
rexec traffic60081rexecRemoteAccess
rsh traffic60128rshRemoteAccess
rsync traffic60159rsyncRemoteAccess
rtelnet traffic42372rtelnetRemoteAccess
rwho traffic60090rwhoRemoteAccess
SmartSockets traffic60169SmartSocketsRemoteAccess
SMTBF traffic60103SMTBFRemoteAccess
SSH traffic1005SSHRemoteAccess
SSH-Ports traffic20949SSH-PortsRemoteAccess
SSH-Ports traffic20947SSH-PortsRemoteAccess
SSL traffic60001SSLRemoteAccess
SSL-Shell traffic60092SSL-ShellRemoteAccess
SunRPC traffic117440512SunRPCRemoteAccess
SunRPC traffic60027SunRPCRemoteAccess
SunRPC traffic119275520SunRPC > IBM3270MapperRemoteAccess
SunRPC traffic119209984SunRPC >MountRemoteAccess
SunRPC traffic118882304SunRPC > NFSRemoteAccess
SunRPC traffic119406592SunRPC > NISRemoteAccess
SunRPC traffic119472128SunRPC > PcNfsdRemoteAccess
SunRPC traffic5383SunRPC > PortMapperRemoteAccess
SunRPC traffic119341056SunRPC > RjeMapperRemoteAccess
SunRPC traffic120848384SunRPC > RstatRemoteAccess
SunRPC traffic119013376SunRPC > YpBindRemoteAccess
39Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
SunRPC traffic118947840SunRPC > YpServRemoteAccess
SunRPC traffic119078912SunRPC > YpUpdatedRemoteAccess
SunRPC traffic119144448SunRPC > YpXferdRemoteAccess
Tacacs traffic34808TacacsRemoteAccess
Telnet traffic1000TelnetRemoteAccess
Telnet-Port traffic20950Telnet-PortRemoteAccess
Timbuktu traffic60017TimbuktuRemoteAccess
tn3270 traffic60010tn3270RemoteAccess
tn5250 traffic60063tn5250RemoteAccess
VNC traffic1006VNCRemoteAccess
XWindows traffic60050XWindowsRemoteAccess
ARP traffic34820ARPRoutingProtocols
AURP traffic60011AURPRoutingProtocols
Banyan-VINES traffic34838Banyan-VINESRoutingProtocols
BGP traffic60029BGPRoutingProtocols
BPDU traffic34821BPDURoutingProtocols
CBT traffic60045CBTRoutingProtocols
CiscoOUI traffic34823CiscoOUIRoutingProtocols
DRP traffic60038DRPRoutingProtocols
DTP traffic60192DTPRoutingProtocols
EGP traffic60032EGPRoutingProtocols
EIGRP traffic60065EIGRPRoutingProtocols
Gateway Routing traffic34836GatewayRoutingRoutingProtocols
IanaProtocol-IP traffic34835IanaProtocol-IPRoutingProtocols
Copyright © 2017, Juniper Networks, Inc.40
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
IDP traffic34825IDPRoutingProtocols
IGMP traffic60041IGMPRoutingProtocols
IGP traffic60098IGPRoutingProtocols
OSPF traffic60031OSPFRoutingProtocols
PAgP traffic60190PAgPRoutingProtocols
PIM traffic60044PIMRoutingProtocols
PVSTP traffic60189PVSTPRoutingProtocols
RARP traffic60047RARPRoutingProtocols
RIP traffic60028RIPRoutingProtocols
Spanning tree traffic60046SpanningTreeRoutingProtocols
VLAN-Bridge traffic60191VLAN-BridgeRoutingProtocols
VTP traffic60193VTPRoutingProtocols
DPA traffic60061DPASecurityProtocol
GRE traffic60033GRESecurityProtocol
IPMobility traffic60172IPMobilitySecurityProtocol
IPSec traffic60037IPSecSecurityProtocol
ISAKMP traffic60080ISAKMPSecurityProtocol
L2TP traffic60026L2TPSecurityProtocol
PPTP traffic60036PPTPSecurityProtocol
RC5DES traffic60067RC5DESSecurityProtocol
SOCKS traffic60079SOCKSSecurityProtocol
SoftEther traffic60186SoftEtherSecurityProtocol
SWIPE traffic60171SWIPESecurityProtocol
Abacast traffic60174AbacastStreaming
41Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
H.261 traffic34829H.261Streaming
H.262 traffic34828H.262Streaming
H.263 traffic34827H.263Streaming
Streaming Microsoft MediaServerProtocol (MMS) traffic
4002MicrosoftMediaServerStreaming
Streaming Microsoft MediaServerProtocol (MMS) traffic
218103808MicrosoftMediaServerStreamingStreaming
Streaming Microsoft MediaServerProtocol (MMS) traffic
234881024MicrosoftMediaServerStreamingPayloadStreaming
Motion traffic60185MotionStreaming
MPEG-Audio traffic60053MPEG-AudioStreaming
MPEG-Video traffic60054MPEG-VideoStreaming
RadioNetscape traffic60180RadioNetscapeStreaming
Real traffic60003RealStreaming
RTP-Skinny traffic34834RTP-SkinnyStreaming
RTSP traffic5071RTSPStreaming
RTSP traffic187367424RTSP>RTSPEmbeddedMediaStreaming
RTSP traffic187405824RTSP>RTSPEmbeddedMedia> RealRDT
Streaming
RTSP traffic187405832RTSP>RTSPEmbeddedMedia> RealRDT > RTSPavpaudio
Streaming
RTSP traffic187405831RTSP>RTSPEmbeddedMedia> RealRDT >RTSPavpdynamicunknown
Streaming
RTSP traffic187405830RTSP>RTSPEmbeddedMedia> RealRDT >RTSPavpreserved
Streaming
RTSP traffic187405829RTSP>RTSPEmbeddedMedia> RealRDT >RTSPavpunassigned
Streaming
Copyright © 2017, Juniper Networks, Inc.42
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
RTSP traffic187405833RTSP>RTSPEmbeddedMedia> RealRDT > RTSPavpvideo
Streaming
RTSP traffic187406336RTSP>RTSPEmbeddedMedia> RTCP
Streaming
RTSP traffic187406080RTSP>RTSPEmbeddedMedia> RTP
Streaming
RTSP traffic187406087RTSP>RTSPEmbeddedMedia> RTP >RTSPavpdynamicunknown
Streaming
RTSP traffic187406085RTSP>RTSPEmbeddedMedia> RTP > RTSPavpunassigned
Streaming
RTSP traffic187406089RTSP>RTSPEmbeddedMedia> RTP > RTSPavpvideo
Streaming
RTSP traffic187406086RTSP>RTSPEmbeddedMedia> RTP > RTSPavpreserved
Streaming
RTSP traffic187301888RTSP > RTSPSessionControlStreaming
RTSP traffic187406088RTSP>RTSPEmbeddedMedia> RTP > RTSPavpaudio
Streaming
ST2 traffic60034ST2Streaming
Shoutcast MP3 stream4001StreamingAudioStreaming
Shoutcast MP3 stream4000StreamingAudioStreaming
StreamWorks traffic60014StreamWorksStreaming
WinampStream traffic60165WinampStreamStreaming
WindowsMediaPlayer traffic5005WindowsMediaPlayerStreaming
WindowsMediaPlayer traffic5006WindowsMediaPlayerStreaming
WinMedia traffic60025WinMediaStreaming
DEC traffic34824DECUncommonProtocol
UncommonProtocol traffic34850UncommonProtocolUncommonProtocol
CiscoCTI traffic60144CiscoCTIVoIP
43Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
Clarent-CC traffic60075Clarent-CCVoIP
Clarent-Complex traffic60074Clarent-ComplexVoIP
Clarent-Mgmt traffic60072Clarent-MgmtVoIP
Clarent-Voice-S traffic60073Clarent-Voice-SVoIP
Dialpad traffic60140DialpadVoIP
G711 traffic34833G711VoIP
G722 traffic34832G722VoIP
G729 traffic34831G729VoIP
H.323 traffic60018H.323VoIP
H.323 traffic33554432H323VoIP
H.323 traffic34144256H323 > CallControlVoIP
H.323 traffic34176768H323 > CallControl > H245VoIP
H.323 traffic34078720H323 > CallSignalingVoIP
H.323 traffic34110976H323 > CallSignaling >Q931VoIP
I-Phone traffic60066I-PhoneVoIP
MCK-Signaling traffic60094MCK-SignalingVoIP
MCK-Voice traffic60095MCK-VoiceVoIP
Megaco traffic60155MegacoVoIP
MGCP traffic60152MGCPVoIP
Micom-VIP traffic60035Micom-VIPVoIP
Net2Phone traffic60153Net2PhoneVoIP
RTCP traffic50331648RTCPVoIP
RTCP-B traffic60022RTCP-BVoIP
RTCP-I traffic60020RTCP-IVoIP
Copyright © 2017, Juniper Networks, Inc.44
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
RTP traffic67108864RTPVoIP
RTP traffic67764224RTP > H323AudioVoIP
RTP traffic67799040RTP > H323Audio > CNVoIP
RTP traffic67797760RTP > H323Audio > DVI4VoIP
RTP traffic67796992RTP > H323Audio > G711VoIP
RTP traffic67798272RTP > H323Audio > G722VoIP
RTP traffic67797504RTP > H323Audio > G723VoIP
RTP traffic67799552RTP > H323Audio > G728VoIP
RTP traffic67803904RTP > H323Audio > G729VoIP
RTP traffic67797248RTP > H323Audio > GSMVoIP
RTP traffic67798528RTP > H323Audio > L16VoIP
RTP traffic67798016RTP > H323Audio > LPCVoIP
RTP traffic67799296RTP > H323Audio >MPAVoIP
RTP traffic67798784RTP > H323Audio >QCELPVoIP
RTP traffic67829760RTP > H323VideoVoIP
RTP traffic67865600RTP > H323Video > CELBVoIP
RTP traffic67867136RTP > H323Video > H263VoIP
RTP traffic67865856RTP > H323Video > JPEGVoIP
RTP traffic67866880RTP > H323Video >MP2TVoIP
RTP traffic67866624RTP > H323Video >MPVVoIP
RTP traffic67866112RTP > H323Video > NVVoIP
RTP traffic67866368RTP > H323Video >H261VoIP
RTP traffic68157440RTP > SIPavpaudioVoIP
RTP traffic68288512RTP > SIPavpdataVoIP
45Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
RTP traffic68091904RTP >SIPavpdynamicunknown
VoIP
RTP traffic68026368RTP > SIPavpreservedVoIP
RTP traffic26796083RTP > SIPavpunassignedVoIP
RTP traffic68222976RTP > SIPavpvideoVoIP
RTP traffic70385664RTP > SKINNYAudioVoIP
RTP traffic70426624RTP > SKINNYAudio >ActiveVoice
VoIP
RTP traffic70418432RTP > SKINNYAudio > G711VoIP
RTP traffic70418443RTP > SKINNYAudio > G711 >aLaw56k
VoIP
RTP traffic70418442RTP > SKINNYAudio > G711 >aLaw64k
VoIP
RTP traffic70418445RTP > SKINNYAudio > G711 >uLaw56k
VoIP
RTP traffic70418444RTP > SKINNYAudio > G711 >uLaw64k
VoIP
RTP traffic70419712RTP > SKINNYAudio > G722VoIP
RTP traffic70419728RTP > SKINNYAudio > G722 >48k
VoIP
RTP traffic70419727RTP > SKINNYAudio > G722 >56k
VoIP
RTP traffic70419726RTP > SKINNYAudio > G722 >64k
VoIP
RTP traffic70425088RTP > SKINNYAudio > G7231VoIP
RTP traffic70425856RTP > SKINNYAudio >G72616k
VoIP
RTP traffic70426112RTP > SKINNYAudio >G72624k
VoIP
RTP traffic70426368RTP > SKINNYAudio >G72632k
VoIP
Copyright © 2017, Juniper Networks, Inc.46
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
RTP traffic70420992RTP > SKINNYAudio > G728VoIP
RTP traffic70425344RTP > SKINNYAudio > G729VoIP
RTP traffic70425361RTP > SKINNYAudio >G729 >AnnexA
VoIP
RTP traffic70425363RTP >SKINNYAudio >G729 >AnnexAB
VoIP
RTP traffic70425362RTP > SKINNYAudio >G729 >AnnexB
VoIP
RTP traffic70418688RTP > SKINNYAudio > GSMVoIP
RTP traffic70418712RTP > SKINNYAudio > GSM >ENHRate
VoIP
RTP traffic70418710RTP > SKINNYAudio > GSM >FullRate
VoIP
RTP traffic70418711RTP > SKINNYAudio > GSM >HalfRate
VoIP
RTP traffic70418713RTP > SKINNYAudio > GSM >STDRate
VoIP
RTP traffic70425600RTP > SKINNYAudio >WideBand
VoIP
RTP traffic70425626RTP > SKINNYAudio >WideBand > 256k
VoIP
RTP traffic70425364RTP > SKINNYAudio> G729 >G729B
VoIP
RTP traffic70451200RTP > SKINNYDataVoIP
RTP traffic70492672RTP > SKINNYData > 56kVoIP
RTP traffic70492416RTP > SKINNYDate > 64kVoIP
RTP traffic70320128RTP > SKINNYNonStdVoIP
RTP traffic60021RTP-BVoIP
RTP traffic60019RTP-IVoIP
SCCP traffic352321536SCCPVoIP
47Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
SIP traffic60151SIPVoIP
SIP traffic84672512SIP > SipSessionControlVoIP
Skype traffic452984832SkypeVoIP
Skype traffic3007SkypeVoIP
T.120 traffic60023T.120VoIP
VDOPhone traffic60004VDOPhoneVoIP
Vonage traffic60187VonageVoIP
Web traffic16777216Web
Web Application traffic16908288ApplicationWeb
ATTA2BMusic traffic16926208Application > ATTA2BMusicWeb
Backweb traffic16909568Application > BackwebWeb
Datawindow traffic16909824Application > DatawindowWeb
Edact traffic16910592Application > EdactWeb
EdiContent traffic16910080Application > EdiContentWeb
EdiX12 traffic16910336Application > EdiX12Web
Entrypoint traffic16909312Application > EntrypointWeb
Excel traffic16910848Application > ExcelWeb
FutureSplash traffic16927232Application > FutureSplashWeb
MACBINHEX40 traffic16911104Application >MACBINHEX40Web
MARIMBA traffic16924672Application >MARIMBAWeb
MP3 traffic16911360Application >MP3Web
MsPowerPoint traffic16911616Application >MsPowerPointWeb
MsWord traffic16911872Application >MsWordWeb
NewsMessageID traffic16912128Application>NewsMessageIDWeb
Copyright © 2017, Juniper Networks, Inc.48
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
NewsTransmission traffic16912384Application >NewsTransmission
Web
OctetStream traffic16912640Application >OctetStreamWeb
ODA traffic16912896Application >ODAWeb
PDF traffic16913152Application > PDFWeb
PostScript traffic16913408Application > PostScriptWeb
PowerBuilder traffic16913664Application > PowerBuilderWeb
QuattroPro traffic16913920Application >QuattroProWeb
RTF traffic16914176Application > RTFWeb
SDP traffic16926720Application > SDPWeb
SGML traffic16914432Application > SGMLWeb
ShockWaveFlash traffic16926976Application >ShockWaveFlash
Web
VNDFrameMaker traffic16914688Application>VNDFrameMakerWeb
VNDLotusFreeLance traffic16915200Application >VNDLotusFreeLance
Web
VNDLotusOTUS123 traffic16914944Application >VNDLotusOTUS123
Web
VNDLOTUSWordPro traffic16915456Application >VNDLOTUSWordPro
Web
VNDM traffic16915712Application > VNDMWeb
VNDMsExcel traffic16915968Application > VNDMsExcelWeb
VNDMsPowerPoint traffic16916224Application >VNDMsPowerPoint
Web
VNDMsProject traffic16916480Application > VNDMsProjectWeb
VNDMsWord traffic16916736Application > VNDMsWordWeb
VNDPowerBuilder traffic16916992Application >VNDPowerBuilder
Web
49Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
VNDRNMusicPackage traffic16926464Application >VNDRNMusicPackage
Web
VNDRNRealPlayer traffic16917248Application >VNDRNRealPlayer
Web
VNDVisio traffic16917504Application > VNDVisioWeb
WordPerfect traffic16917760Application >WordPerfectWeb
X_NETCDF traffic16924416Application > X_NETCDFWeb
XBCPIO traffic16918016Application > XBCPIOWeb
XCOMPRESS traffic16918272Application > XCOMPRESSWeb
XCPIO traffic16918528Application > XCPIOWeb
XCSH traffic16918784Application > XCSHWeb
XDIRECTOR traffic16919040Application > XDIRECTORWeb
XDVI traffic16919296Application > XDVIWeb
XGTAR traffic16919552Application > XGTARWeb
XIPIX traffic16925952Application > XIPIXWeb
XIpScript traffic16925696Application > XIpScriptWeb
XJavaScript traffic16919808Application > XJAVASCRIPTWeb
XLATEX traffic16920064Application > XLATEXWeb
XLiquidPlayer traffic16925440Application > XLiquidPlayerWeb
XLotusNotes traffic16920320Application > XLotusNotesWeb
XM traffic16920832Application > XMWeb
XMACBinary traffic16920576Application > XMACBinaryWeb
XPNCMD traffic16921088Application > XPNCMDWeb
XPNRealAudio traffic16921344Application > XPNRealAudioWeb
XPowerPoint traffic16921600Application > XPowerPointWeb
Copyright © 2017, Juniper Networks, Inc.50
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
XPP5 traffic16923904Application > XPP5Web
XSH(53) traffic16921856Application > XSH(53)Web
XSTUFFIT traffic16922112Application > XSTUFFITWeb
XTAR traffic16922368Application > XTARWeb
XTCL traffic16922624Application > XTCLWeb
XTEX traffic16922880Application > XTEXWeb
XTROFF traffic16923136Application > XTROFFWeb
XUSTAR traffic16923392Application > XUSTARWeb
XXDMA traffic16924928Application > XXDMAWeb
XXSM traffic16925184Application > XXSMWeb
XZipCompressed traffic16923648Application>XZipCompressedWeb
ZIPARCHIVE traffic16924160Application > ZIPARCHIVEWeb
Web Audio traffic16973824AudioWeb
BC traffic16993024Audio > BCWeb
MIDI traffic16993280Audio >MIDIWeb
MPEG traffic16993536Audio >MPEGWeb
VNDRNRealAudio traffic16993792Audio > VNDRNRealAudioWeb
WAV traffic16994048Audio >WAVWeb
XAF traffic16994304Audio > XAFWeb
XLIQUID(86) traffic16995840Audio > XLIQUID(86)Web
XMIDI traffic16994560Audio > XMIDIWeb
XMPEG traffic16994816Audio > XMPEGWeb
XMPGURL traffic16995072Audio > XMPGURLWeb
XWAV(85) traffic16995584Audio > XWAV(85)Web
51Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
Blogs traffic16777269BlogsWeb
Blogs traffic16908341Blogs > ApplicationWeb
Blogs traffic16973877Blogs > AudioWeb
Blogs traffic16842805Blogs > DatabaseWeb
Blogs traffic17039413Blogs > ImageWeb
Blogs traffic17104949Blogs > TextWeb
Blogs traffic17170485Blogs > VideoWeb
Blogs traffic17236021Blogs > XWORLDWeb
Web database traffic16842752DatabaseWeb
JDBC traffic16843520Database > JDBCWeb
SybaseTunneledTDS traffic16843264Database >SybaseTunneledTDS
Web
SybaseWebSQL traffic16843008Database > SybaseWebSQLWeb
Facebook traffic16777246FacebookWeb
Facebook traffic16908318Facebook > ApplicationWeb
Facebook traffic16973854Facebook > AudioWeb
Facebook traffic16842782Facebook > DatabaseWeb
Facebook traffic17039390Facebook > ImageWeb
Facebook traffic17104926Facebook > TextWeb
Facebook traffic17170462Facebook > VideoWeb
Facebook traffic17235998Facebook > XWORLDWeb
File sharing site traffic16777440FileSharingSitesWeb
File sharing site traffic16908512FileSharingSites>ApplicationWeb
File sharing site traffic16974048FileSharingSites > AudioWeb
File sharing site traffic16842976FileSharingSites > DatabaseWeb
Copyright © 2017, Juniper Networks, Inc.52
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
File sharing site traffic17039584FileSharingSites > ImageWeb
File sharing site traffic17105120FileSharingSites > TextWeb
File sharing site traffic17170656FileSharingSites > VideoWeb
File sharing site traffic17236192FileSharingSites > XWORLDWeb
Free email site traffic16777441FreeEmailSitesWeb
Free email site traffic16908513FreeEmailSites > ApplicationWeb
Free email site traffic16974049FreeEmailSites > AudioWeb
Free email site traffic16842977FreeEmailSites > DatabaseWeb
Free email site traffic17039585FreeEmailSites > ImageWeb
Free email site traffic17105121FreeEmailSites > TextWeb
Free email site traffic17170657FreeEmailSites > VideoWeb
Free email site traffic17236193FreeEmailSites > XWORLDWeb
Google traffic16777245GoogleWeb
Google traffic16908317Google > ApplicationWeb
Google traffic16973853Google > AudioWeb
Google traffic16842781Google > DatabaseWeb
Google traffic17039389Google > ImageWeb
Google traffic17104925Google > TextWeb
Google traffic17170461Google > VideoWeb
Google traffic17235997Google > XWORLDWeb
http(8080) traffic21085http(8080)Web
http(81) traffic21109http(81)Web
HTTPImageTransfer traffic1034HTTPImageTransferWeb
Web image traffic17039360ImageWeb
53Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
CGM traffic17061632Image > CGMWeb
G3FAX traffic17061888Image > G3FAXWeb
GIF traffic17062144Image > GIFWeb
IEF traffic17062400Image > IEFWeb
JPEG traffic17062656Image > JPEGWeb
PICT traffic17062912Image > PICTWeb
PNG traffic17063168Image > PNGWeb
TF traffic17063424Image > TFWeb
VNDRNRealFlash traffic17063680Image > VNDRNRealFlashWeb
VNDRNRealPix traffic17063936Image > VNDRNRealPixWeb
XBitAppNames traffic17064192Image > XBitAppNamesWeb
XPixAppNames traffic17064448Image > XPixAppNamesWeb
XQuickTime traffic17064704Image > XQuickTimeWeb
XWindowDump traffic17064960Image > XWindowDumpWeb
XXBM traffic17065216Image > XXBMWeb
Info traffic16777268InfoWeb
Info traffic16908340Info > ApplicationWeb
Info traffic16973876Info > AudioWeb
Info traffic16842804Info > DatabaseWeb
Info traffic17039412Info > ImageWeb
Info traffic17104948Info > TextWeb
Info traffic17170484Info > VideoWeb
Info traffic17236020Info > XWORLDWeb
JavaM traffic5050JAVAWeb
Copyright © 2017, Juniper Networks, Inc.54
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
Malware (attack)traffic16777424Malware(attack)Web
Malware (attack)traffic16908496Malware(attack)>ApplicationWeb
Malware (attack)traffic16974032Malware(attack) > AudioWeb
Malware (attack)traffic16842960Malware(attack) > DatabaseWeb
Malware (attack)traffic17039568Malware(attack) > ImageWeb
Malware (attack)traffic17105104Malware(attack) > TextWeb
Malware (attack)traffic17170640Malware(attack) > VideoWeb
Malware (attack)traffic17236176Malware(attack) > XWORLDWeb
Malware (backdoor) traffic16777428Malware(backdoor)Web
Malware (backdoor) traffic16908500Malware(backdoor) >Application
Web
Malware (backdoor) traffic16974036Malware(backdoor) > AudioWeb
Malware (backdoor) traffic16842964Malware(backdoor) >Database
Web
Malware (backdoor) traffic17039572Malware(backdoor) > ImageWeb
Malware (backdoor) traffic17105108Malware(backdoor) > TextWeb
Malware (backdoor) traffic17170644Malware(backdoor) > VideoWeb
Malware (backdoor) traffic17236180Malware(backdoor) >XWORLD
Web
Malware (blacklist) traffic16777426Malware(blacklist)Web
Malware (blacklist) traffic16908498Malware(blacklist) >Application
Web
Malware (blacklist) traffic16974034Malware(blacklist) > AudioWeb
Malware (blacklist) traffic16842962Malware(blacklist)>DatabaseWeb
Malware (blacklist) traffic17039570Malware(blacklist) > ImageWeb
Malware (blacklist) traffic17105106Malware(blacklist) > TextWeb
Malware (blacklist) traffic17170642Malware(blacklist) > VideoWeb
55Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
Malware (blacklist) traffic17236178Malware(blacklist)>XWORLDWeb
Malware (bot) traffic16777417Malware(bot)Web
Malware (bot) traffic16908489Malware(bot) > ApplicationWeb
Malware (bot) traffic16974025Malware(bot) > AudioWeb
Malware (bot) traffic16842953Malware(bot) > DatabaseWeb
Malware (bot) traffic17039561Malware(bot) > ImageWeb
Malware (bot) traffic17105097Malware(bot) > TextWeb
Malware (bot) traffic17170633Malware(bot) > VideoWeb
Malware (bot) traffic17236169Malware(bot) > XWORLDWeb
Malware (exploit) traffic16777419Malware(exploit)Web
Malware (exploit) traffic16908491Malware(exploit) >Application
Web
Malware (exploit) traffic16974027Malware(exploit) > AudioWeb
Malware (exploit) traffic16842955Malware(exploit) > DatabaseWeb
Malware (exploit) traffic17039563Malware(exploit) > ImageWeb
Malware (exploit) traffic17105099Malware(exploit) > TextWeb
Malware (exploit) traffic17170635Malware(exploit) > VideoWeb
Malware (exploit) traffic17236171Malware(exploit) > XWORLDWeb
Malware (flux) traffic16974033Malware(flux) > AudioWeb
Malware (flux) traffic16777425Malware(flux)Web
Malware (flux) traffic16908497Malware(flux) > ApplicationWeb
Malware (flux) traffic16842961Malware(flux) > DatabaseWeb
Malware (flux) traffic17039569Malware(flux) > ImageWeb
Malware (flux) traffic17105105Malware(flux) > TextWeb
Malware (flux) traffic17170641Malware(flux) > VideoWeb
Copyright © 2017, Juniper Networks, Inc.56
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
Malware (flux) traffic17236177Malware(flux) > XWORLDWeb
Malware (fraud) traffic16777421Malware(fraud)Web
Malware (fraud) traffic16908493Malware(fraud) > ApplicationWeb
Malware (fraud) traffic16974029Malware(fraud) > AudioWeb
Malware (fraud) traffic16842957Malware(fraud) > DatabaseWeb
Malware (fraud) traffic17039565Malware(fraud) > ImageWeb
Malware (fraud) traffic17105101Malware(fraud) > TextWeb
Malware (fraud) traffic17170637Malware(fraud) > VideoWeb
Malware (fraud) traffic17236173Malware(fraud) > XWORLDWeb
Malware (hack) traffic16777420Malware(hack)Web
Malware (hack) traffic16908492Malware(hack) > ApplicationWeb
Malware (hack) traffic16974028Malware(hack) > AudioWeb
Malware (hack) traffic16842956Malware(hack) > DatabaseWeb
Malware (hack) traffic17039564Malware(hack) > ImageWeb
Malware (hack) traffic17105100Malware(hack) > TextWeb
Malware( hack) traffic17170636Malware(hack) > VideoWeb
Malware (hack) traffic17236172Malware(hack) > XWORLDWeb
Malware (misc) traffic16777416Malware(misc)Web
Malware (misc) traffic16908488Malware(misc) > ApplicationWeb
Malware (misc) traffic16974024Malware(misc) > AudioWeb
Malware (misc) traffic16842952Malware(misc) > DatabaseWeb
Malware (misc) traffic17039560Malware(misc) > ImageWeb
Malware (misc) traffic17105096Malware(misc) > TextWeb
Malware (misc) traffic17170632Malware(misc) > VideoWeb
57Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
Malware (misc) traffic17236168Malware(misc) > XWORLDWeb
Malware (phish) traffic16777422Malware(phish)Web
Malware (phish) traffic16908494Malware(phish) > ApplicationWeb
Malware (phish) traffic16974030Malware(phish) > AudioWeb
Malware (phish) traffic16842958Malware(phish) > DatabaseWeb
Malware (phish) traffic17039566Malware(phish) > ImageWeb
Malware (phish) traffic17105102Malware(phish) > TextWeb
Malware (phish) traffic17170638Malware(phish) > VideoWeb
Malware (phish) traffic17236174Malware(phish) > XWORLDWeb
Malware (rbn) traffic16777430Malware(rbn)Web
Malware (rbn) traffic16908502Malware(rbn) > ApplicationWeb
Malware (rbn) traffic16974038Malware(rbn) > AudioWeb
Malware (rbn) traffic16842966Malware(rbn) > DatabaseWeb
Malware (rbn) traffic17039574Malware(rbn) > ImageWeb
Malware (rbn) traffic17105110Malware(rbn) > Text#Web
Malware (rbn) traffic17170646Malware(rbn) > VideoWeb
Malware (rbn) traffic17236182Malware(rbn) > XWORLDWeb
Malware (rogue) traffic31677742Malware(rogue)Web
Malware (rogue) traffic16908495Malware(rogue)>ApplicationWeb
Malware (rogue) traffic16974031Malware(rogue) > AudioWeb
Malware (rogue) traffic16842959Malware(rogue) > DatabaseWeb
Malware (rogue) traffic17039567Malware(rogue) > ImageWeb
Malware (rogue) traffic17105103Malware(rogue) > TextWeb
Malware (rogue) traffic17170639Malware(rogue) > VideoWeb
Copyright © 2017, Juniper Networks, Inc.58
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
Malware (rogue) traffic17236175Malware(rogue) > XWORLDWeb
Malware (sql) traffic16908499Malware(sql) > ApplicationWeb
Malware (sql) traffic16777427Malware(sql)Web
Malware (sql) traffic16974035Malware(sql) > AudioWeb
Malware (sql) traffic16842963Malware(sql) > DatabaseWeb
Malware (sql) traffic17039571Malware(sql) > ImageWeb
Malware (sql) traffic17105107Malware(sql) > TextWeb
Malware (sql) traffic17170643Malware(sql) > VideoWeb
Malware (sql) traffic17236179Malware(sql) > XWORLDWeb
Malware (suspicious) traffic16777429Malware(suspicious)Web
Malware (suspicious) traffic16908501Malware(suspicious) >Application
Web
Malware (suspicious) traffic16974037Malware(suspicious) > AudioWeb
Malware (suspicious) traffic16842965Malware(suspicious) >Database
Web
Malware (suspicious) traffic17039573Malware(suspicious) > ImageWeb
Malware (suspicious) traffic17105109Malware(suspicious) > TextWeb
Malware (suspicious) traffic17170645Malware(suspicious) > VideoWeb
Malware (suspicious) traffic17236181Malware(suspicious) >XWORLD
Web
Malware (trojan) traffic16777418Malware(trojan)Web
Malware (trojan) traffic16908490Malware(trojan)>ApplicationWeb
Malware (trojan) traffic16974026Malware(trojan) > AudioWeb
Malware (trojan) traffic16842954Malware(trojan) > DatabaseWeb
Malware (trojan) traffic17039562Malware(trojan) > ImageWeb
Malware (trojan) traffic17105098Malware(trojan) > TextWeb
59Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
Malware (trojan) traffic17170634Malware(trojan) > VideoWeb
Malware (trojan) traffic17236170Malware(trojan) > XWORLDWeb
MSNLive traffic16777248MSNLiveWeb
MSNLive traffic16908320MSNLive > ApplicationWeb
MSNLive traffic16973856MSNLive >AudioWeb
MSNLive traffic16842784MSNLive > DatabaseWeb
MSNLive traffic17039392MSNLive > ImageWeb
MSNLive traffic17104928MSNLive > TextWeb
MSNLive traffic17170464MSNLive > VideoWeb
MSNLive traffic17236000MSNLive > XWORLDWeb
NortonAntiVirus traffic1025NortonAntiVirusWeb
SecureWeb traffic1011SecureWebWeb
Shopping traffic16777267ShoppingWeb
Shopping traffic16908339Shopping > ApplicationWeb
Shopping traffic16973875Shopping > AudioWeb
Shopping traffic16842803Shopping > DatabaseWeb
Shopping traffic17039411Shopping > ImageWeb
Shopping traffic17104947Shopping > TextWeb
Shopping traffic17170483Shopping > VideoWeb
Shopping traffic17236019Shopping > XWORLDWeb
Adult FriendFinder traffic16777255SocialNetwork >ADULTFRIENDFINDER
Web
Adult FriendFinder traffic16908327SocialNetwork >ADULTFRIENDFINDER>Application
Web
Adult FriendFinder traffic16973863SocialNetwork >ADULTFRIENDFINDER>Audio
Web
Copyright © 2017, Juniper Networks, Inc.60
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
Adult FriendFinder traffic16842791SocialNetwork >ADULTFRIENDFINDER >Database
Web
Adult FriendFinder traffic17039399SocialNetwork >ADULTFRIENDFINDER> Image
Web
Adult FriendFinder traffic17104935SocialNetwork >ADULTFRIENDFINDER > Text
Web
Adult FriendFinder traffic17170471SocialNetwork >ADULTFRIENDFINDER>Video
Web
Adult FriendFinder traffic17236007SocialNetwork >ADULTFRIENDFINDER >XWORLD
Web
Blogster traffic16777256SocialNetwork > BLOGSTERWeb
Blogster traffic16908328SocialNetwork > BLOGSTER> Application
Web
Blogster traffic16973864SocialNetwork > BLOGSTER> Audio
Web
Blogster traffic16842792SocialNetwork > BLOGSTER> Database
Web
Blogster traffic17039400SocialNetwork > BLOGSTER> Image
Web
Blogster traffic17104936SocialNetwork > BLOGSTER> Text
Web
Blogster traffic17170472SocialNetwork > BLOGSTER> Video
Web
Blogster traffic17236008SocialNetwork > BLOGSTER> XWORLD
Web
Classmates traffic16777264SocialNetwork >CLASSMATES
Web
Classmates traffic16908336SocialNetwork >CLASSMATES > Application
Web
Classmates traffic16973872SocialNetwork >CLASSMATES > Audio
Web
Classmates traffic16842800SocialNetwork >CLASSMATES > Database
Web
61Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
Classmates traffic17039408SocialNetwork >CLASSMATES > Image
Web
Classmates traffic17104944SocialNetwork >CLASSMATES > Text
Web
Classmates traffic17170480SocialNetwork >CLASSMATES > Video
Web
Classmates traffic17236016SocialNetwork >CLASSMATES > XWORLD
Web
Flickr traffic16777250SocialNetwork > FLICKRWeb
Flickr traffic16908322SocialNetwork > FLICKR >Application
Web
Flickr traffic16973858SocialNetwork > FLICKR >Audio
Web
Flickr traffic16842786SocialNetwork > FLICKR >Database
Web
Flickr traffic17039394SocialNetwork > FLICKR >Image
Web
Flickr traffic17104930SocialNetwork > FLICKR >Text
Web
Flickr traffic17170466SocialNetwork > FLICKR >Video
Web
Flickr traffic17236002SocialNetwork > FLICKR >XWORLD
Web
Friendster traffic16777257SocialNetwork>FRIENDSTERWeb
Friendster traffic16908329SocialNetwork>FRIENDSTER> Application
Web
Friendster traffic16973865SocialNetwork>FRIENDSTER> Audio
Web
Friendster traffic16842793SocialNetwork>FRIENDSTER> Database
Web
Friendster traffic17039401SocialNetwork>FRIENDSTER> Image
Web
Friendster traffic17104937SocialNetwork>FRIENDSTER> Text
Web
Copyright © 2017, Juniper Networks, Inc.62
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
Friendster traffic17170473SocialNetwork>FRIENDSTER> Video
Web
Friendster traffic17236009SocialNetwork>FRIENDSTER> XWORLD
Web
Hi5 traffic16777258SocialNetwork > HI5Web
Hi5 traffic16908330SocialNetwork > HI5 >Application
Web
Hi5 traffic16973866SocialNetwork > HI5 > AudioWeb
Hi5 traffic16842794SocialNetwork > HI5 >Database
Web
Hi5 traffic17039402SocialNetwork > HI5 > ImageWeb
Hi5 traffic17104938SocialNetwork > HI5 > TextWeb
Hi5 traffic17170474SocialNetwork > HI5 > VideoWeb
Hi5 traffic17236010SocialNetwork > HI5 >XWORLD
Web
Jaiku traffic16777259SocialNetwork > JAIKUWeb
Jaiku traffic16908331SocialNetwork > JAIKU >Application
Web
Jaiku traffic16973867SocialNetwork > JAIKU >Audio
Web
Jaiku traffic16842795SocialNetwork > JAIKU >Database
Web
Jaiku traffic31703940SocialNetwork > JAIKU >Image
Web
Jaiku traffic17104939SocialNetwork > JAIKU > TextWeb
Jaiku traffic17170475SocialNetwork > JAIKU >Video
Web
Jaiku traffic17236011SocialNetwork > JAIKU >XWORLD
Web
Kaixin traffic16777260SocialNetwork > KAIXINWeb
63Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
Kaixin traffic16908332SocialNetwork > KAIXIN >Application
Web
Kaixin traffic16973868SocialNetwork > KAIXIN >Audio
Web
Kaixin traffic16842796SocialNetwork > KAIXIN >Database
Web
Kaixin traffic17039404SocialNetwork > KAIXIN >Image
Web
Kaixin traffic17104940SocialNetwork > KAIXIN >Text
Web
Kaixin traffic17170476SocialNetwork > KAIXIN >Video
Web
Kaixin traffic17236012SocialNetwork > KAIXIN >XWORLD
Web
LinkedIn traffic16777249SocialNetwork > LINKEDINWeb
LinkedIn traffic16908321SocialNetwork > LINKEDIN >Application
Web
LinkedIn traffic16973857SocialNetwork > LINKEDIN >Audio
Web
LinkedIn traffic16842785SocialNetwork > LINKEDIN >Database
Web
LinkedIn traffic17039393SocialNetwork > LINKEDIN >Image
Web
LinkedIn traffic17104929SocialNetwork > LINKEDIN >Text
Web
LinkedIn traffic17170465SocialNetwork > LINKEDIN >Video
Web
LinkedIn traffic17236001SocialNetwork > LINKEDIN >XWORLD
Web
mixi traffic16777254SocialNetwork >MIXIWeb
mixi traffic16908326SocialNetwork >MIXI >Application
Web
mixi traffic16973862SocialNetwork >MIXI > AudioWeb
Copyright © 2017, Juniper Networks, Inc.64
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
mixi traffic16842790SocialNetwork >MIXI >Database
Web
mixi traffic17039398SocialNetwork>MIXI> ImageWeb
mixi traffic17104934SocialNetwork >MIXI > TextWeb
mixi traffic17170470SocialNetwork >MIXI > VideoWeb
mixi traffic17236006SocialNetwork >MIXI >XWORLD
Web
MySpace traffic16777251SocialNetwork >MYSPACEWeb
MySpace traffic16908323SocialNetwork >MYSPACE >Application
Web
MySpace traffic16973859SocialNetwork >MYSPACE >Audio
Web
MySpace traffic16842787SocialNetwork >MYSPACE >Database
Web
MySpace traffic17039395SocialNetwork >MYSPACE >Image
Web
MySpace traffic17104931SocialNetwork >MYSPACE >Text
Web
MySpace traffic17170467SocialNetwork >MYSPACE >Video
Web
MySpace traffic17236003SocialNetwork >MYSPACE >XWORLD
Web
Netlog traffic16777252SocialNetwork > NETLOGWeb
Netlog traffic16908324SocialNetwork > NETLOG >Application
Web
Netlog traffic16973860SocialNetwork > NETLOG >Audio
Web
Netlog traffic16842788SocialNetwork > NETLOG >Database
Web
Netlog traffic17039396SocialNetwork > NETLOG >Image
Web
65Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
Netlog traffic17104932SocialNetwork > NETLOG >Text
Web
Netlog traffic17170468SocialNetwork > NETLOG >Video
Web
Netlog traffic17236004SocialNetwork > NETLOG >XWORLD
Web
Ning traffic16777261SocialNetwork > NINGWeb
Ning traffic16908333SocialNetwork > NING >Application
Web
Ning traffic16973869SocialNetwork>NING>AudioWeb
Ning traffic16842797SocialNetwork > NING >Database
Web
Ning traffic17039405SocialNetwork>NING> ImageWeb
Ning traffic17104941SocialNetwork > NING > TextWeb
Ning traffic17170477SocialNetwork>NING>VideoWeb
Ning traffic17236013SocialNetwork > NING >XWORLD
Web
Plaxo traffic16777253SocialNetwork > PLAXOWeb
Plaxo traffic16908325SocialNetwork > PLAXO >Application
Web
Plaxo traffic16973861SocialNetwork > PLAXO >Audio
Web
Plaxo traffic16842789SocialNetwork > PLAXO >Database
Web
Plaxo traffic17039397SocialNetwork > PLAXO >Image
Web
Plaxo traffic17104933SocialNetwork > PLAXO >Text
Web
Plaxo traffic17170469SocialNetwork > PLAXO >Video
Web
Plaxo traffic17236005SocialNetwork > PLAXO >XWORLD
Web
Copyright © 2017, Juniper Networks, Inc.66
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
QQ traffic16777262SocialNetwork >QQWeb
QQ traffic16908334SocialNetwork >QQ >Application
Web
QQ traffic16973870SocialNetwork >QQ > AudioWeb
QQ traffic16842798SocialNetwork >QQ >Database
Web
QQ traffic17039406SocialNetwork >QQ > ImageWeb
QQ traffic17104942SocialNetwork >QQ > TextWeb
QQ traffic17170478SocialNetwork >QQ > VideoWeb
QQ traffic17236014SocialNetwork >QQ >XWORLD
Web
Renren traffic16777263SocialNetwork > RENRENWeb
Renren traffic16908335SocialNetwork > RENREN >Application
Web
Renren traffic16973871SocialNetwork > RENREN >Audio
Web
Renren traffic16842799SocialNetwork > RENREN >Database
Web
Renren traffic17039407SocialNetwork > RENREN >Image
Web
Renren traffic17104943SocialNetwork > RENREN >Text
Web
Renren traffic17170479SocialNetwork > RENREN >Video
Web
Renren traffic17236015SocialNetwork > RENREN >XWORLD
Web
Squid traffic5070SquidWeb
ENRICHED traffic17131008Text > ENRICHEDWeb
Web text traffic17104896TextWeb
CSS traffic17132800Text > CSSWeb
67Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
HTML traffic17131264Text > HTMLWeb
PLAIN traffic17131520Text > PLAINWeb
RICHTEXT traffic17131776Text > RICHTEXTWeb
TabSeparatedValue traffic17132288Text > TabSeparatedValueWeb
VNDRNRealText traffic17132544Text > VNDRNRealTextWeb
XML traffic17133056Text > XMLWeb
Twitter traffic16777247TwitterWeb
Twitter traffic16908319Twitter > ApplicationWeb
Twitter traffic16973855Twitter > AudioWeb
Twitter traffic16842783Twitter > DatabaseWeb
Twitter traffic17039391Twitter > ImageWeb
Twitter traffic17104927Twitter > TextWeb
Twitter traffic17170463Twitter > VideoWeb
Twitter traffic17235999Twitter > XWORLDWeb
Uncommonsocialwebtraffic16777270UncommonSocialWebWeb
Uncommonsocialwebtraffic16908342UncommonSocialWeb >Application
Web
Uncommonsocialwebtraffic16973878UncommonSocialWeb>AudioWeb
Uncommonsocialwebtraffic16842806UncommonSocialWeb >Database
Web
Uncommonsocialwebtraffic17039414UncommonSocialWeb >Image
Web
Uncommonsocialwebtraffic17104950UncommonSocialWeb > TextWeb
Uncommonsocialwebtraffic17170486UncommonSocialWeb>VideoWeb
Uncommonsocialwebtraffic17236022UncommonSocialWeb >XWORLD
Web
Web video traffic traffic17170432VideoWeb
Copyright © 2017, Juniper Networks, Inc.68
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
AVI traffic17198848Video > AVIWeb
MsVideo1 traffic17199360Video >MsVideo1Web
MsVideo2 traffic17199616Video >MsVideo2Web
QUICKTIME traffic17199872Video >QUICKTIMEWeb
VNDRNRealVideo traffic17200128Video > VNDRNRealVideoWeb
VNDVivo traffic17200384Video > VNDVivoWeb
XLsASF traffic17200640Video > XLsASFWeb
XLsASX traffic17200896Video > XLsASXWeb
XMsASF traffic17201408Video > XMsASFWeb
XMsASX traffic17201664Video > XMsASXWeb
XMsVideo traffic17201920Video > XMsVideoWeb
XSgiMovie traffic17202176Video > XSgiMovieWeb
Web traffic1010WebWeb
Web traffic1012WebWeb
Web traffic9999WebWeb
Web traffic1020WebWeb
Web-Port traffic21739Web-PortWeb
WebFileTransfer traffic5061WebFileTransferWeb
WebFileTransfer traffic5000WebFileTransferWeb
WebFileTransfer traffic5060WebFileTransferWeb
WebFileTransfer traffic5062WebFileTransferWeb
WebMediaAudio traffic5004WebMediaAudioWeb
WebMediaAudio traffic5021WebMediaAudioWeb
WebMediaAudio traffic5003WebMediaAudioWeb
69Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
DescriptionValueSub-componentsApplication group
WebMediaAudio traffic5001WebMediaAudioWeb
WebMediaAudio traffic5031WebMediaAudioWeb
WebMediaDocuments traffic5010WebMediaDocumentsWeb
WebMediaDocuments traffic5012WebMediaDocumentsWeb
WebMediaDocuments traffic5014WebMediaDocumentsWeb
WebMediaDocuments traffic5040WebMediaDocumentsWeb
WebMediaDocuments traffic5011WebMediaDocumentsWeb
WebMediaDocuments traffic5030WebMediaDocumentsWeb
WebMediaDocuments traffic5013WebMediaDocumentsWeb
WebMediaAudio traffic5020WebMediaVideoWeb
WebMediaDocuments traffic5007WebMediaVideoWeb
WebMediaVideo traffic5002WebMediaVideoWeb
WebMediaVideo traffic5008WebMediaVideoWeb
Webmin traffic51350WebminWeb
XWORLD traffic17235968XWORLDWeb
XWORLD > XVrml traffic72679681XWORLD > XVrmlWeb
Yahoo traffic16777265YahooWeb
Yahoo traffic16908337Yahoo > ApplicationWeb
Yahoo traffic16973873Yahoo > AudioWeb
Yahoo traffic16842801Yahoo > DatabaseWeb
Yahoo traffic17039409Yahoo > ImageWeb
Yahoo traffic17104945Yahoo > TextWeb
Yahoo traffic17170481Yahoo > VideoWeb
Yahoo traffic17236017Yahoo > XWORLDWeb
Copyright © 2017, Juniper Networks, Inc.70
Juniper Secure Analytics Application Configuration Guide
DescriptionValueSub-componentsApplication group
YouTube traffic16777266YoutubeWeb
YouTube traffic16908338Youtube > ApplicationWeb
YouTube traffic16973874Youtube > AudioWeb
YouTube traffic16842802Youtube > DatabaseWeb
YouTube traffic17039410Youtube > ImageWeb
YouTube traffic17104946Youtube > TextWeb
YouTube traffic17170482Youtube > VideoWeb
YouTube traffic17236018Youtube > XWORLDWeb
RelatedDocumentation
ICMP Type and Code IDs on page 71•
• Port IDs on page 73
• Protocol IDs on page 75
ICMP Type and Code IDs
This reference provides information about default ICMP type and Code IDs.
Identifying Default ICMP Types
The following table lists the default ICMP types:
MessageICMP Type
Echo reply0
Destination unreachable3
Source quench4
Redirect5
Echo8
Router advertisement9
Router selection10
Time exceeded11
71Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
MessageICMP Type
Parameter problem12
Timestamp13
Timestamp reply14
Information request15
Information reply16
Address mask request17
Address mask reply18
Traceroute30
Identifying Default ICMP Codes
The following tables list the default ICMP codes:
Table 5: ICMP Type 3: Destination Unreachable Codes
DescriptionDestination Unreachable Code
Net is unreachable0
Host is unreachable1
Protocol is unreachable2
Port is unreachable3
Fragmentation is needed and Don't Fragmentwas set4
Source route failed5
Destination network is unknown6
Destination host is unknown7
Source host is isolated8
Communication with destination network is administrativelyprohibited
9
Communication with destination host is administrativelyprohibited
10
Destination network is unreachable for type of service11
Copyright © 2017, Juniper Networks, Inc.72
Juniper Secure Analytics Application Configuration Guide
Table 5: ICMP Type 3: Destination Unreachable Codes (continued)
DescriptionDestination Unreachable Code
Destination host is unreachable for type of service12
Communication is administratively prohibited13
Host precedence violation14
Precedence cutoff is in effect15
Table 6: ICMP Type 5: Redirect Codes
DescriptionRedirect Code
Redirect datagram for the network (or subnet)0
Redirect datagram for the host1
Redirect datagram for the type of service and network2
Redirect datagram for the type of service and host3
Table 7: ICMP Type 11: Time Exceeded Codes
DescriptionTime Exceeded Code
Time to Live exceeded in transit0
Fragment reassembly time exceeded1
Table 8: ICMP Type 12: Parameter ProblemCodes
DescriptionParameter Problem Code
Pointer indicates the error0
Missing a required option1
Bad length2
RelatedDocumentation
Port IDs on page 73•
• Protocol IDs on page 75
Port IDs
This reference provides information about default port IDs used by JSA.
73Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
The following table lists the default common ports:
Protocol descriptionProtocolPort
File Transfer ProtocolFTP20
File Transfer ProtocolFTP21
Secure ShellSSH22
Telnet23
Send Mail Transfer ProtocolSMTP25
Domain Name ServiceDNS53
HyperText Transfer ProtocolHTTP80
HyperText Transfer ProtocolHTTP81
Post Office Protocol - version 3POP3110
Network New Transfer ProtocolNNTP News119
Network Time ProtocolNTP123
Network Basic Input/Output SystemNetBIOS137
Internet Message Access ProtocolIMAP143
Simple Network Management ProtocolSNMP161
Simple Network Management Protocol trapSNMP trap162 - 164
Lightweight Directory Access ProtocolLDAP389
Network Security Risk Management ProtocolNSRMP391
Network Security Risk Management ProtocolNSRMP392
SecureWeb443
Internet Protocol SecurityIPSec500
Lightweight Directory Access ProtocolLDAP636
Oracle2005
Network File SystemNFS2049
Internet Protocol SecurityIPSec4500
Copyright © 2017, Juniper Networks, Inc.74
Juniper Secure Analytics Application Configuration Guide
Protocol descriptionProtocolPort
PostgreSQL5432
HTTP8080
RelatedDocumentation
Protocol IDs on page 75•
• ICMP Type and Code IDs on page 71
Protocol IDs
This reference provides information about default protocols IDs used in JSA.
The following table lists the default common protocols:
Protocol port descriptionProtocol ID
TCP6
UDP17
ICMP1
IGMP2
IDPR-CMTP38
IPv640
RSVP46
GRE47
ESP50
AH51
NARP54
OSPFIGP89
IPIP94
ANY99
SCTP132
75Copyright © 2017, Juniper Networks, Inc.
Chapter 2: Default Applications
RelatedDocumentation
• ICMP Type and Code IDs on page 71
• Port IDs on page 73
Copyright © 2017, Juniper Networks, Inc.76
Juniper Secure Analytics Application Configuration Guide