Layer 7 application identification identifies which application a particular packet or flow is generated by, independent of the port that is being used.

Enforcement based on application identity enables users to allow or deny applications to run on any port, or to force applications to run on their standard port. Deep Packet Inspection (DPI) enables matching packet payload against defined patterns, commonly referred to as signatures. Layer 7 service objects can be used for port-independent enforcement or to create new service objects that leverage a combination of Layer 7 application identity, protocol and port. Layer 7 based service objects can be used in the firewall rule table and Service Composer, and application identification information is captured in Distributed Firewall logs, and Flow Monitoring and Application Rule Manager (ARM) when profiling an application.

Table 1. Application Identification GUIDs

GUID

Description

Type

360ANTIV

360 Safeguard is a program developed by Qihoo 360, an IT company based in China

Web Services

ACTIVDIR

Microsoft Active Directory

Networking

AD_BKUP

Microsoft Active Directory Backup Service

Networking

AD_NSP

Microsoft Active Directory Service Provider

Networking

AMQP

Advanced Message Queueing Protocol, is an application layer protocol which supports business message communication between applications or organizations

Networking

AVAST

Traffic generated by browsing Avast.com official website of Avast! Antivirus downloads

Web Services

AVG

AVG Antivirus/Security software download and updates

File Transfer

AVIRA

Avira Antivirus/Security software download and updates

File Transfer

BLAST

A remote access protocol that compresses, encrypts, and encodes a computing experiences at a data center and transmits it across any standard IP network for VMware Horizon desktops.

Remote Access

BDEFNDER

BitDefender Antivirus/Security software download and updates.

File Transfer

CA_CERT

Certification authority (CA) issues digital certificates which certifies the ownership of a public key for message encryption

Networking

CIFS

CIFS (Common Internet File System) is used to provide shared access to directories, files, printers, serial ports, and miscellaneous communications between nodes on a network

File Transfer

CLRCASE

A software tool for revision control of source code and other software development assets. It is developed by the Rational Software division of IBM. ClearCase forms the base of revision control for many large and medium sized businesses and can handle projects with hundreds or thousands of developers

Networking

CTRXCGP

Citrix Common Gateway Protocol

Remote Access

CTRXGOTO

Hosting Citrix GoToMeeting, or similar sessions based on the GoToMeeting platform. Includes voice, video, and limited crowd management functions

Collaboration

CTRXICA

ICA (Independent Computing Architecture) is a proprietary protocol for an application server system, designed by Citrix Systems

Remote Access

DCERPC

Distributed Computing Environment / Remote Procedure Calls, is the remote procedure call system developed for the Distributed Computing Environment (DCE)

Networking

DIAMETER

An authentication, authorization, and accounting protocol for computer networks

Networking

DNS

Querying a DNS server over TCP or UDP

Networking

EPIC

Epic EMR is an electronic medical records application that provides patient care and healthcare information.

Client Server

ESET

Eset Antivirus/Security software download and updates

File Transfer

FPROT

F-Prot Antivirus/Security software download and updates

File Transfer

FTP

FTP (File Transfer Protocol) is used to transfer files from a file server to a local machine

File Transfer

GITHUB

Web-based Git or version control repository and Internet hosting service

Collaboration

HTTP

(HyperText Transfer Protocol) the principal transport protocol for the World Wide Web

Web Services

HTTP2

Traffic generated by browsing websites that support the HTTP 2.0 protocol

Web Services

IMAP

IMAP (Internet Message Access Protocol) is an Internet standard protocol for accessing email on a remote server

Mail

KASPRSKY

Kaspersky Antivirus/Security software download and updates

File Transfer

KERBEROS

Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography

Networking

LDAP

LDAP (Lightweight Directory Access Protocol) is a protocol for reading and editing directories over an IP network

Database

MAXDB

SQL connections and queries made to a MaxDB SQL server

Database

MCAFEE

McAfee Antivirus/Security software download and updates

File Transfer

MSSQL

Microsoft SQL Server is a relational database.

Database

NFS

Allows a user on a client computer to access files over a network in a manner similar to how local storage is accessed

File Transfer

NTBIOSNS

NetBIOS Name Service. In order to start sessions or distribute datagrams, an application must register its NetBIOS name using the name service

Networking

NTP

NTP (Network Time Protocol) is used for synchronizing the clocks of computer systems over the network

Networking

OCSP

An OCSP Responder verifying that a user's private key has not been compromised or revoked

Networking

ORACLE

An object-relational database management system (ORDBMS) produced and marketed by Oracle Corporation.

Database

PANDA

Panda Security Antivirus/Security software download and updates.

File Transfer

PCOIP

A remote access protocol that compresses, encrypts, and encodes a computing experiences at a data center and transmits it across any standard IP network.

Remote Access

POP2

POP (Post Office Protocol) is a protocol used by local e-mail clients to retrieve e-mail from a remote server.

Mail

POP3

Microsoft's implementation of NetBIOS Name Service (NBNS), a name server and service for NetBIOS computer names.

Mail

RADIUS

Provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service

Networking

RDP

RDP (Remote Desktop Protocol) provides users with a graphical interface to another computer

Remote Access

RTCP

RTCP (Real-Time Transport Control Protocol) is a sister protocol of the Real-time Transport Protocol (RTP). RTCP provides out-of-band control information for an RTP flow.

Streaming Media

RTP

RTP (Real-Time Transport Protocol) is primarily used to deliver real-time audio and video

Streaming Media

RTSP

RTSP (Real Time Streaming Protocol) is used for establishing and controlling media sessions between end points

Streaming Media

RTSPS

A secure network control protocol designed for use in entertainment and communications systems to control streaming media servers. The protocol is used for establishing and controlling media sessions between end points.

Streaming Media

SIP

SIP (Session Initiation Protocol) is a common control protocol for setting up and controlling voice and video calls

Streaming Media

SKIP

Simple Key Management for Internet Protocols (SKIP) is hybrid Key distribution protocol Simple Key Management for Internet Protocols (SKIP) is similar to SSL, except that it establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis.

Networking

SMTP

SMTP (Simple Mail Transfer Protocol) An Internet standard for electronic mail (e-mail) transmission across Internet Protocol (IP) networks.

Mail

SNMP

SNMP (Simple Network Management Protocol) is an Internet-standard protocol for managing devices on IP networks.

Network Monitoring

SQLNET

Networking software that allows remote data-access between programs and the Oracle Database, or among multiple Oracle Databases.

Database

SQLSERV

SQL Services

Database

SSH

SSH (Secure Shell) is a network protocol that allows data to be exchanged using a secure channel between two networked devices.

Remote Access

SSL

SSL (Secure Sockets Layer) is a cryptographic protocol that provides security over the Internet.

Web Services

SVN

Managing content on a Subversion server.

Database

SYMUPDAT

Symantec LiveUpdate traffic, this includes spyware definitions, firewall rules, antivirus signature files, and software updates.

File Transfer

SYSLOG

Symantec LiveUpdate traffic, this includes spyware definitions, firewall rules, antivirus signature files, and software updates.

Network Monitoring

TELNET

A network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection.

Remote Access

TFTP

TFTP (Trivial File Transfer Protocol) being used to list, download, and upload files to a TFTP server like SolarWinds TFTP Server, using a client like WinAgents TFTP client.

File Transfer

VNC

Traffic for Virtual Network Computing.

Remote Access

WINS

Microsoft's implementation of NetBIOS Name Service (NBNS), a name server and service for NetBIOS computer names.

Networking