Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bob_Zimmerman
Authority
Authority

List of valid protocols for services?

If I try to set an object to an invalid color, I get a list of all of the valid options. Where can I find a list of all of the protocols defined for protocol inspection purposes?

[Expert@LabSC1]# mgmt_cli -r true set service-tcp uid "97AEB3AB-9AEA-11D5-BD16-0090272CCB30" protocol "some value which does not exist" --format json
{
  "code" : "generic_err_invalid_parameter",
  "message" : "Invalid parameter for [protocol]. No such protocol : [ some value which does not exist ]"
}
Executed command failed. Changes are discarded.

While it would be amusing to see the FTP inspection module try to make sense of UDP traffic, I assume the list of acceptable protocols will differ between TCP and UDP. Are there any other constraints?

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

I believe they are listed in the UI when you edit a service of the relevant type.
It refers to a specific low-level INSPECT handler, I believe.
However, I wouldn’t edit this on a service unless you’ve received specific advice/documentation to suggest you should. 

0 Kudos
Bob_Zimmerman
Authority
Authority

Sure, but is there a way for me to get that list short of opening a service object in SmartConsole and writing down each option?

I agree this isn't a commonly-used option, but I've had to set some service's protocol inspection to nothing enough times that I want to provide the ability to set the protocol on service objects. You know what I'm working on, and the level of functionality I want to provide. 😉

0 Kudos
PhoneBoy
Admin
Admin

Yes, I'm aware of what you're building and I look forward to seeing it 😉
Unfortunately, I'm not aware of a way to get it short of opening SmartConsole.

0 Kudos
PhoneBoy
Admin
Admin

That said, maybe @Omer_Kleinstern has a list of valid options for that parameter. 

0 Kudos
Bob_Zimmerman
Authority
Authority

Well, I just bit the bullet and manually typed out all the protocol inspection options as of SmartCenter R80.40 jumbo 91, SmartConsole R80.40 994000394. I found three categories of protocol inspections: TCP, UDP, and "other" (for IP protocols). The styling is wildly inconsistent. All-caps, camelCase, dashes, underscores, "Proto" versus "Protocol".

Also, there's a protocol inspection item which shows as "HTTPS" in SmartConsole, but which is "ENC-HTTP" in the object. That was an enormous pain to figure out.

I tested the TCP and UDP lists using a script like this:

#!/usr/bin/env bash
protoList=( "ADP_DNS_TCP_PROTO"
"ADP_IRC_PROTO"
"adp_open_ssl"
...)

mgmt_cli -r true login --format json > session.txt
for cpmProto in "${protoList[@]}"; do
echo "${cpmProto}"
mgmt_cli -s session.txt --format json set service-tcp uid 72B65D82-C1D7-4C9F-ADD2-906DEE45D8A6 protocol "${cpmProto}" | wc -l
echo ""
done
mgmt_cli -s session.txt discard
mgmt_cli -s session.txt --format json logout

Successful changes return 45 lines for TCP services, 46 lines for UDP services. Unsuccessful ones return four lines. I couldn't test the service-other list, as set service-other does not have a 'protocol' parameter. The lists are quite long, so I'm putting them in spoiler tags so they can be collapsed.

 

TCP:

Click to Expand

ADP_DNS_TCP_PROTO

ADP_IRC_PROTO

adp_open_ssl

adp_proto_msasn1_smtp

adp_proto_msasn1_tcp

adp_proto_mssql_tcp

altn

ANI_PROTO

animatemotion

art

ASPII_PROTO

AVI_PROTO

BGP_MD5

block_office

blockPnPVul

CIFS_BF_PROTO

CIFS_PROTOCOL

CitrixICA

cmdtree_ms

CONTENT_PROTECTION_MAIN

CONTNT_PROT_MSN_MSNGR

CPAS_NOTIFY

cve_2009_0566

cve_2009_1546

cve_2009_3127

cve_2009_3132

cve_2009_3135

cve_2010_0029

cve_2010_0030

cve_2010_0031

cve_2010_0033

cve_2010_0034

dns_bruth

dns_buff

DNS_TCP

draw_excel_mso

dxlbuilder

ecxel_cf

EOT_PROTO

excel_bof

excel_bound

excel_cal

excel_data_valid

excel_feathdr

excel_ffp

excel_legacy

excel_pars

excel_scview

excel_startobj

excel_str

FASTTRACK

FTP

FTP-BIDIR

FTP-PASV

FTP-PORT

FTP_BASIC

FTP_DATA_ASPII

FW1_CVP

GIF_PROTO

GOTOMYPC_PROTO

GTALK_HTTP_PROTO

GTALK_JABBER_PROTO

GTALK_SSL_PROTO

GTALK_SSL_PROTO2

H.323

H.323_ANY

HTTP

HTTP_DISPATCHER

http_handlers

HTTP_IE_PROTO

HTTP_NON_STANDARD

HTTP_WEBSEC

ENC-HTTP

husdawg

ICAP

ICQ_HTTP

IIOP

IKE-NAT-TRAVERSAL-TCP

IKE-TCP

IMAP

imap_prot

INSPECT_STREAMING

ipv6_t

isindex_ms

KERBEROS-TCP

LDAP-TCP

ldap_ad_dos

ldap_lsass

LDAP_PROTO

ldap_search

legacy_226

legacy_227

mailslot

masterstyle

ms_ad

ms_aurig

MS_DCERPC_OVER_CIFS_PROTO

MS_DCERPC_OVER_TCP_PROTO

MS_DCERPC_RES_PROTO

ms_entex

ms_gdi_heap

ms_iframe

ms_mswmm

ms_pct_flt

ms_pct_pars

ms_ppt

ms_proj

ms_schanel

MS_SPOOL_RCE_PROTO

ms_sqlx

MSMQ_PROT

MSNMS_PROTOCOL

mswod08072

NBSESSION

NetShow

NFS_PROTO

NTP-TCP

oracle_ndmp

oracle_plsql

photostock

PNA

png_ani

PNG_PROTO

POP3

ppt_bound

ppt_casting

ppt_link

ppt_mem

ppt_notes

ppt_sndent

ppt_textbox

PPTP_TCP

RADMIN_AUTH_PROTO

RADMIN_DETECT_NON_STD_PORT_PROTO

RDP-TCP

RDP_BUF_OVERFLOW

RSHELL

RTSP

SCCP_TCP

SD_HTTP_ENC_PROTO

Secure_SCCP_Proto

shared_point

SIC

SIP_ANY_TCP_PROTO

SIP_TCP_PROTO

SIP_TLS_TCP

SKYPE_PROXY

SMB

SMTP

SMTP_MAIL

SNMP-TCP

SOCKS_PROTO

SQLNET2

SSH2

SSH_DPI

ssh_kex

SSH_OLD_VERSION

SSH_WRONG_PORTS

SSL_TUNNELING

SSL_V3

SSLv2

SYN_ASPAM

syslog_protocol

TELNET

TELNET_PROTO

TIFF_PROTO

TLS10

TLS11

TLS12

TLS_PARSER

TNS

unknown_tcp_protocol

vb_j_script

VERITAS_DOS_PROTO

VERITAS_R_REG_PROTO

vnc_auth

VNC_PROTO

WIN_SMB_PROT

WinFrame

WINS_REP_TCP_PROTO

WMF_EMF_PROTO

WMP_PROTO

word_bad_pro

word_plflfo

word_prl

works_font

xml_core

xml_core1

XMPP

UDP:

Click to Expand

ADP_DHCP_PROTO

ADP_IKE_AGR_PROTO

ADP_IKE_PROTO

adp_proto_msasn1_udp

adp_proto_mssql_udp

CP-DHCP-relay

CP-DHCP-reply

CP-DHCP-request

DHCP

dns_atma

DNS_UDP

DNS_UDP_PSL_MT_PROTO

DNS_UDP_PSL_PROTO

FreeTel

H.323_RAS

IKE-NAT-TRAVERSAL-UDP

IKE-UDP

KERBEROS-UDP

LDAP-UDP

MGCP_UDP

MMS

NBDATAGRAM

NBNAME

NBNS_UDP_PROTO

NTP-UDP

ntp_auto

Radius

RDP-UDP

RIP_PROTO

RTP

SIP_UDP

SIP_UDP_ANY

SMB-UDP

SNMP

Snmp-Read

SNMP_COMMUNITY

SNMP_TRAP

SNMP_V3

SQL_SLAMMER

SYSLOG

TFTP

UA

unknown_udp_protocol

WINS_REP_UDP_PROTO

Other (!!! UNTESTED !!!):

Click to Expand

adp_proto_cisco_ios

adp_proto_igmp

ADVP_both_protocol

ADVP_c2s_protocol

ADVP_s2c_protocol

BackWeb

DHCP-reply

DHCP-request

DHCPv6-relay

DHCPv6-reply

DHCPv6-request

OSPF_PROTO

RPC_LOOKUP

sasser_prot

(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events