Main Page

From Protocolinfo

Welcome! This site documents methods of identifying application layer network protocols.

• P2P protocols
• Instant messenger protocols
• Game protocols
• VoIP protocols
• Protocols with RFCs
• Viruses, Worms and Spyware
• Uncategorized protocols

Purpose

There are several reasons why you may want to be able to identify traffic on your network. Usually they boil down to some combination of:

• Accounting: You want to know what sorts of things your users are doing.
• Shaping: You want to limit the bandwidth used by certain protocols.
• Blocking: You want to forbid the use of certain protocols.

Obviously to do any of these things, you will need to be able to tell which packets belong to which protocols. On today's Internet, a large amount of traffic is not identifiable by easy methods such as looking at the port number. This site documents any and all known methods for identification. (While currently we list mostly generic and Linux-specific methods, others are welcome.)

This is a wiki

If you are not familiar with the concept of a "wiki", Wikipedia probably explains it much better than we could. In short, anyone can edit the pages on this website.

How to add/improve content on this site

As on Wikipedia, we encourage you to be bold in updating pages! All edits are easily undone or revised, so don't worry about breaking the site. General guidelines:

• The most important thing is to add information. Don't let any of the rest of these directions stop you from doing that!
• Each protocol should have its own article and should be categorized on one of the above lists.
• Different versions of a protocol should be discussed within one article.
• If you'd like to write an article that isn't about a specific protocol, post in the main page discussion and we'll figure out where to put it.
• Before making large edits, look at existing pages to see how they are layed out.
• Don't be surprised (or miffed) when Sysop comes around and re-edits your edit. He's just like that.

Each protocol page should have:

• A brief description of the protocol
• A link to its specification (official or otherwise)
• Identification methods:
  • By port: Does it use TCP, UDP, or something else? What ports does it use?
  • By server: Do clients always connect to the same server?
  • Any other ways of identification, such as information about packet length, l7-filter, IPP2P, etc.
• Link(s) to more information about the protocol

Feel free to start pages even if you can't supply all of these things. You can even just make a link to an article on the appropriate list without making the article itself.