Application Recognition
The Ipanema System recognizes application flows using the opening negotiations of the client/server session conversation (SYN, SYN-ACK, ACK, i.e. layers 3 and 4 information), then it checks the syntax of the application (layer 7 information) thanks to a syntax engine to uniquely identify it without any possible error, regardless the ports being used; this also allows to classify particular applications (such as Codecs, published application names, peer-to-peer applications, URLs or URIs, etc.)
The Ipanema Appliance's syntax engine uses DPI (deep packet inspection) to detect application signatures data patterns that uniquely identify a particular application. (Mechanisms such as this are also commonly used for virus recognition.) We are inspecting the start of the conversation (and only the start) to detect these patterns to classify the applications.
It is also possible to declare applications on the ports being used (you have defined an application as traffic on a specific port/server); in this case, it is the port number that prevails to regnosize the application.
When an Ipanema Appliance has not observed this start of the conversation, or if the application cannot be recognized thanks to its syntax or declared port number, it falls back to RFC1700 ("well known ports" definition).
The order of recognition of applications is as follows:
| 1 | Declared Port (you have defined an application as traffic on a specific port/server) |
| 2 | Syntax engine (the Ipanema System uses its inbuilt application detection capabilities) |
| 3 | Well known port (RFC 1700) |
Applications that are not recognized or enabled in the dictionary are implicitly grouped on their lower layer protocol (e.g. TCP or UDP).
Recognized applications, by type
|
Anti-Virus |
AVG, Avira, Bitdefender, F-Secure, Kaspersky, McAfee, NOD32, Norton, Panda, TrendMicro |
|
Application Services |
End Point Mapper, Microsoft Office Groove, NSPI, Port Mapper, SrvLoc, SSDP |
|
Authentication Authorization Accounting |
Diameter, Identification Protocol, ISAKMP, Kerberos, LDAP, LDAPS, OCSP, RADIUS, YPPasswd, YPServ |
|
Cloud Protocols |
HTTP, HTTPS, RSS, XML-RPC |
|
Database |
DRDA, IBM-DB2, IBM Informix, MobiLink, MySQL, Oracle, Postgres, Sybase, TDS (= MS SQL) |
|
Deprecated |
Audiogalaxy, DICT, ICQ, Load Balancing, MCS, Napster, OpenFT, Quake |
|
Enterprise Apps |
SAP, Siebel |
|
Mail Services |
DIMP, IMAP, IMAPS, Lotus Notes, MAPI (MS Exchange), POP3, POP3S, SMTP, SMTPS |
|
Middleware |
GIOP, GIOPS, RPC, SOAP, TIBCO-RV |
|
Network Services |
COTP, DHCP, DNS, EIGRP, HSRP, ICMP, IGMP, NARP, Netbios, Netflow, NTP, RLP, RSVP, SNMP, Syslog, SVN, T38, VRRP |
|
Peer to Peer |
Applejuice, Ares, BitTorrent, DirectConnect, Edonkey, Filetopia, Foxy, GNUnet, Gnutella, GoBoogy, iMesh, Kazaa, KuGou, Manolito (MP2P), Mute, Pando, SopCast, Soulseek, WINMX, uTP (Torrent) |
|
Routing Protocols |
BGP, OSPF, PIM, RIP v1, RIP v2, RIPng |
|
SaaS Applications |
At the same location as the SaaS Dictionary, the complete list of recognized SaaS applications is available on Ipanema Support Website. |
|
Streaming |
BBC iPlayer, Flash, Icecast, Silverlight, Voddler |
|
Thin Client |
Citrix (possibility to recognize Citrix published applications), PC Anywhere, Radmin, RDP, Remote Shell, RFB (VNC), Rlogin, SSH, Telnet, TelnetS, TNVIP, VMWare, X.11 |
|
Transferring and Sharing |
AIM Transfer, Altiris, CUPS, DCERPC, FTP, FTPS, IPP, JetDirect, LPR, Mainframe CFT, Microsoft ActiveSync, Mount, NFS, NLockMgr, RQuota, RStat, RSync, RUsers, SharePoint, SMB, Sync, TFTP, WINS, YPUpdate |
|
Transport Layer Protocols |
DTLS, IPComp, SCTP, SSL, TCP, UDP, WTP |
|
Tunneling |
EtherIP, GRE, GTP, GTPv2, HTTP tunnel, IPsec, L2TP, openVPN, PPP, PPTP, Socks, STUN, XoT |
|
Unified Communications |
Adobe Connect, AIM Express, AOL Instant Messenger, Cisco Unified MeetingPlace, Gizmo, H.225, H.245, IAX, IBM Lotus Sametime, iCall, IRC, IRCS, Jabber, MGCP, MMS, MPEG-TS, MS Communicator, MSN Messenger, NNTP, NNTPS, ooVoo, PalTalk, Q.931, RDT, RTMP, RTSP, RTP/RTCP (G.711a, G.711u, G.723, G.729), Secure AIM, SHOUTcast, SIP, Skinny Client Control Protocol, Skype, UCP, Webex, Yahoo Messenger. Dynamic Codecs (Audio and Video, such as H.264, Speex, etc., by inspection of SIP signalling), Voddler, BBC Player, Inter Asterisk eXchange |