List of valid protocols for services?

Bob_Zimmerman · ‎2021-01-10

If I try to set an object to an invalid color, I get a list of all of the valid options. Where can I find a list of all of the protocols defined for protocol inspection purposes?

[Expert@LabSC1]# mgmt_cli -r true set service-tcp uid "97AEB3AB-9AEA-11D5-BD16-0090272CCB30" protocol "some value which does not exist" --format json
{
  "code" : "generic_err_invalid_parameter",
  "message" : "Invalid parameter for [protocol]. No such protocol : [ some value which does not exist ]"
}
Executed command failed. Changes are discarded.

While it would be amusing to see the FTP inspection module try to make sense of UDP traffic, I assume the list of acceptable protocols will differ between TCP and UDP. Are there any other constraints?

PhoneBoy · ‎2021-01-10

I believe they are listed in the UI when you edit a service of the relevant type.
It refers to a specific low-level INSPECT handler, I believe.
However, I wouldn’t edit this on a service unless you’ve received specific advice/documentation to suggest you should.

Bob_Zimmerman · ‎2021-01-10

Sure, but is there a way for me to get that list short of opening a service object in SmartConsole and writing down each option?

I agree this isn't a commonly-used option, but I've had to set some service's protocol inspection to nothing enough times that I want to provide the ability to set the protocol on service objects. You know what I'm working on, and the level of functionality I want to provide. 😉

PhoneBoy · ‎2021-01-11

Yes, I'm aware of what you're building and I look forward to seeing it 😉
Unfortunately, I'm not aware of a way to get it short of opening SmartConsole.

PhoneBoy · ‎2021-01-11

That said, maybe @Omer_Kleinstern has a list of valid options for that parameter.

Bob_Zimmerman · ‎2021-01-17

Well, I just bit the bullet and manually typed out all the protocol inspection options as of SmartCenter R80.40 jumbo 91, SmartConsole R80.40 994000394. I found three categories of protocol inspections: TCP, UDP, and "other" (for IP protocols). The styling is wildly inconsistent. All-caps, camelCase, dashes, underscores, "Proto" versus "Protocol".

Also, there's a protocol inspection item which shows as "HTTPS" in SmartConsole, but which is "ENC-HTTP" in the object. That was an enormous pain to figure out.

I tested the TCP and UDP lists using a script like this:

#!/usr/bin/env bash
protoList=( "ADP_DNS_TCP_PROTO"
"ADP_IRC_PROTO"
"adp_open_ssl"
...)

mgmt_cli -r true login --format json > session.txt
for cpmProto in "${protoList[@]}"; do
echo "${cpmProto}"
mgmt_cli -s session.txt --format json set service-tcp uid 72B65D82-C1D7-4C9F-ADD2-906DEE45D8A6 protocol "${cpmProto}" | wc -l
echo ""
done
mgmt_cli -s session.txt discard
mgmt_cli -s session.txt --format json logout

Successful changes return 45 lines for TCP services, 46 lines for UDP services. Unsuccessful ones return four lines. I couldn't test the service-other list, as set service-other does not have a 'protocol' parameter. The lists are quite long, so I'm putting them in spoiler tags so they can be collapsed.

TCP:

Click to Expand

ADP_DNS_TCP_PROTO

ADP_IRC_PROTO

adp_open_ssl

adp_proto_msasn1_smtp

adp_proto_msasn1_tcp

adp_proto_mssql_tcp

altn

ANI_PROTO

animatemotion

art

ASPII_PROTO

AVI_PROTO

BGP_MD5

block_office

blockPnPVul

CIFS_BF_PROTO

CIFS_PROTOCOL

CitrixICA

cmdtree_ms

CONTENT_PROTECTION_MAIN

CONTNT_PROT_MSN_MSNGR

CPAS_NOTIFY

cve_2009_0566

cve_2009_1546

cve_2009_3127

cve_2009_3132

cve_2009_3135

cve_2010_0029

cve_2010_0030

cve_2010_0031

cve_2010_0033

cve_2010_0034

dns_bruth

dns_buff

DNS_TCP

draw_excel_mso

dxlbuilder

ecxel_cf

EOT_PROTO

excel_bof

excel_bound

excel_cal

excel_data_valid

excel_feathdr

excel_ffp

excel_legacy

excel_pars

excel_scview

excel_startobj

excel_str

FASTTRACK

FTP

FTP-BIDIR

FTP-PASV

FTP-PORT

FTP_BASIC

FTP_DATA_ASPII

FW1_CVP

GIF_PROTO

GOTOMYPC_PROTO

GTALK_HTTP_PROTO

GTALK_JABBER_PROTO

GTALK_SSL_PROTO

GTALK_SSL_PROTO2

H.323

H.323_ANY

HTTP

HTTP_DISPATCHER

http_handlers

HTTP_IE_PROTO

HTTP_NON_STANDARD

HTTP_WEBSEC

ENC-HTTP

husdawg

ICAP

ICQ_HTTP

IIOP

IKE-NAT-TRAVERSAL-TCP

IKE-TCP

IMAP

imap_prot

INSPECT_STREAMING

ipv6_t

isindex_ms

KERBEROS-TCP

LDAP-TCP

ldap_ad_dos

ldap_lsass

LDAP_PROTO

ldap_search

legacy_226

legacy_227

mailslot

masterstyle

ms_ad

ms_aurig

MS_DCERPC_OVER_CIFS_PROTO

MS_DCERPC_OVER_TCP_PROTO

MS_DCERPC_RES_PROTO

ms_entex

ms_gdi_heap

ms_iframe

ms_mswmm

ms_pct_flt

ms_pct_pars

ms_ppt

ms_proj

ms_schanel

MS_SPOOL_RCE_PROTO

ms_sqlx

MSMQ_PROT

MSNMS_PROTOCOL

mswod08072

NBSESSION

NetShow

NFS_PROTO

NTP-TCP

oracle_ndmp

oracle_plsql

photostock

PNA

png_ani

PNG_PROTO

POP3

ppt_bound

ppt_casting

ppt_link

ppt_mem

ppt_notes

ppt_sndent

ppt_textbox

PPTP_TCP

RADMIN_AUTH_PROTO

RADMIN_DETECT_NON_STD_PORT_PROTO

RDP-TCP

RDP_BUF_OVERFLOW

RSHELL

RTSP

SCCP_TCP

SD_HTTP_ENC_PROTO

Secure_SCCP_Proto

shared_point

SIC

SIP_ANY_TCP_PROTO

SIP_TCP_PROTO

SIP_TLS_TCP

SKYPE_PROXY

SMB

SMTP

SMTP_MAIL

SNMP-TCP

SOCKS_PROTO

SQLNET2

SSH2

SSH_DPI

ssh_kex

SSH_OLD_VERSION

SSH_WRONG_PORTS

SSL_TUNNELING

SSL_V3

SSLv2

SYN_ASPAM

syslog_protocol

TELNET

TELNET_PROTO

TIFF_PROTO

TLS10

TLS11

TLS12

TLS_PARSER

TNS

unknown_tcp_protocol

vb_j_script

VERITAS_DOS_PROTO

VERITAS_R_REG_PROTO

vnc_auth

VNC_PROTO

WIN_SMB_PROT

WinFrame

WINS_REP_TCP_PROTO

WMF_EMF_PROTO

WMP_PROTO

word_bad_pro

word_plflfo

word_prl

works_font

xml_core

xml_core1

XMPP

ADP_DNS_TCP_PROTO ADP_IRC_PROTO adp_open_ssl adp_proto_msasn1_smtp adp_proto_msasn1_tcp adp_proto_mssql_tcp altn ANI_PROTO animatemotion art ASPII_PROTO AVI_PROTO BGP_MD5 block_office blockPnPVul CIFS_BF_PROTO CIFS_PROTOCOL CitrixICA cmdtree_ms CONTENT_PROTECTION_MAIN CONTNT_PROT_MSN_MSNGR CPAS_NOTIFY cve_2009_0566 cve_2009_1546 cve_2009_3127 cve_2009_3132 cve_2009_3135 cve_2010_0029 cve_2010_0030 cve_2010_0031 cve_2010_0033 cve_2010_0034 dns_bruth dns_buff DNS_TCP draw_excel_mso dxlbuilder ecxel_cf EOT_PROTO excel_bof excel_bound excel_cal excel_data_valid excel_feathdr excel_ffp excel_legacy excel_pars excel_scview excel_startobj excel_str FASTTRACK FTP FTP-BIDIR FTP-PASV FTP-PORT FTP_BASIC FTP_DATA_ASPII FW1_CVP GIF_PROTO GOTOMYPC_PROTO GTALK_HTTP_PROTO GTALK_JABBER_PROTO GTALK_SSL_PROTO GTALK_SSL_PROTO2 H.323 H.323_ANY HTTP HTTP_DISPATCHER http_handlers HTTP_IE_PROTO HTTP_NON_STANDARD HTTP_WEBSEC ENC-HTTP husdawg ICAP ICQ_HTTP IIOP IKE-NAT-TRAVERSAL-TCP IKE-TCP IMAP imap_prot INSPECT_STREAMING ipv6_t isindex_ms KERBEROS-TCP LDAP-TCP ldap_ad_dos ldap_lsass LDAP_PROTO ldap_search legacy_226 legacy_227 mailslot masterstyle ms_ad ms_aurig MS_DCERPC_OVER_CIFS_PROTO MS_DCERPC_OVER_TCP_PROTO MS_DCERPC_RES_PROTO ms_entex ms_gdi_heap ms_iframe ms_mswmm ms_pct_flt ms_pct_pars ms_ppt ms_proj ms_schanel MS_SPOOL_RCE_PROTO ms_sqlx MSMQ_PROT MSNMS_PROTOCOL mswod08072 NBSESSION NetShow NFS_PROTO NTP-TCP oracle_ndmp oracle_plsql photostock PNA png_ani PNG_PROTO POP3 ppt_bound ppt_casting ppt_link ppt_mem ppt_notes ppt_sndent ppt_textbox PPTP_TCP RADMIN_AUTH_PROTO RADMIN_DETECT_NON_STD_PORT_PROTO RDP-TCP RDP_BUF_OVERFLOW RSHELL RTSP SCCP_TCP SD_HTTP_ENC_PROTO Secure_SCCP_Proto shared_point SIC SIP_ANY_TCP_PROTO SIP_TCP_PROTO SIP_TLS_TCP SKYPE_PROXY SMB SMTP SMTP_MAIL SNMP-TCP SOCKS_PROTO SQLNET2 SSH2 SSH_DPI ssh_kex SSH_OLD_VERSION SSH_WRONG_PORTS SSL_TUNNELING SSL_V3 SSLv2 SYN_ASPAM syslog_protocol TELNET TELNET_PROTO TIFF_PROTO TLS10 TLS11 TLS12 TLS_PARSER TNS unknown_tcp_protocol vb_j_script VERITAS_DOS_PROTO VERITAS_R_REG_PROTO vnc_auth VNC_PROTO WIN_SMB_PROT WinFrame WINS_REP_TCP_PROTO WMF_EMF_PROTO WMP_PROTO word_bad_pro word_plflfo word_prl works_font xml_core xml_core1 XMPP

UDP:

Click to Expand

ADP_DHCP_PROTO

ADP_IKE_AGR_PROTO

ADP_IKE_PROTO

adp_proto_msasn1_udp

adp_proto_mssql_udp

CP-DHCP-relay

CP-DHCP-reply

CP-DHCP-request

DHCP

dns_atma

DNS_UDP

DNS_UDP_PSL_MT_PROTO

DNS_UDP_PSL_PROTO

FreeTel

H.323_RAS

IKE-NAT-TRAVERSAL-UDP

IKE-UDP

KERBEROS-UDP

LDAP-UDP

MGCP_UDP

MMS

NBDATAGRAM

NBNAME

NBNS_UDP_PROTO

NTP-UDP

ntp_auto

Radius

RDP-UDP

RIP_PROTO

RTP

SIP_UDP

SIP_UDP_ANY

SMB-UDP

SNMP

Snmp-Read

SNMP_COMMUNITY

SNMP_TRAP

SNMP_V3

SQL_SLAMMER

SYSLOG

TFTP

UA

unknown_udp_protocol

WINS_REP_UDP_PROTO

ADP_DHCP_PROTO ADP_IKE_AGR_PROTO ADP_IKE_PROTO adp_proto_msasn1_udp adp_proto_mssql_udp CP-DHCP-relay CP-DHCP-reply CP-DHCP-request DHCP dns_atma DNS_UDP DNS_UDP_PSL_MT_PROTO DNS_UDP_PSL_PROTO FreeTel H.323_RAS IKE-NAT-TRAVERSAL-UDP IKE-UDP KERBEROS-UDP LDAP-UDP MGCP_UDP MMS NBDATAGRAM NBNAME NBNS_UDP_PROTO NTP-UDP ntp_auto Radius RDP-UDP RIP_PROTO RTP SIP_UDP SIP_UDP_ANY SMB-UDP SNMP Snmp-Read SNMP_COMMUNITY SNMP_TRAP SNMP_V3 SQL_SLAMMER SYSLOG TFTP UA unknown_udp_protocol WINS_REP_UDP_PROTO

Other (!!! UNTESTED !!!):

Click to Expand

adp_proto_cisco_ios

adp_proto_igmp

ADVP_both_protocol

ADVP_c2s_protocol

ADVP_s2c_protocol

BackWeb

DHCP-reply

DHCP-request

DHCPv6-relay

DHCPv6-reply

DHCPv6-request

OSPF_PROTO

RPC_LOOKUP

sasser_prot

adp_proto_cisco_ios adp_proto_igmp ADVP_both_protocol ADVP_c2s_protocol ADVP_s2c_protocol BackWeb DHCP-reply DHCP-request DHCPv6-relay DHCPv6-reply DHCPv6-request OSPF_PROTO RPC_LOOKUP sasser_prot

Are you a member of CheckMates?

List of valid protocols for services?