Welcome! This site documents methods of identifying application layer network protocols.
- P2P protocols
- Instant messenger protocols
- Game protocols
- VoIP protocols
- Protocols with RFCs
- Viruses, Worms and Spyware
- Uncategorized protocols
There are several reasons why you may want to be able to identify traffic on your network. Usually they boil down to some combination of:
- Accounting: You want to know what sorts of things your users are doing.
- Shaping: You want to limit the bandwidth used by certain protocols.
- Blocking: You want to forbid the use of certain protocols.
Obviously to do any of these things, you will need to be able to tell which packets belong to which protocols. On today's Internet, a large amount of traffic is not identifiable by easy methods such as looking at the port number. This site documents any and all known methods for identification. (While currently we list mostly generic and Linux-specific methods, others are welcome.)
This is a wiki
If you are not familiar with the concept of a "wiki", Wikipedia probably explains it much better than we could. In short, anyone can edit the pages on this website.
How to add/improve content on this site
As on Wikipedia, we encourage you to be bold in updating pages! All edits are easily undone or revised, so don't worry about breaking the site. General guidelines:
- The most important thing is to add information. Don't let any of the rest of these directions stop you from doing that!
- Each protocol should have its own article and should be categorized on one of the above lists.
- Different versions of a protocol should be discussed within one article.
- If you'd like to write an article that isn't about a specific protocol, post in the main page discussion and we'll figure out where to put it.
- Before making large edits, look at existing pages to see how they are layed out.
- Don't be surprised (or miffed) when Sysop comes around and re-edits your edit. He's just like that.
Each protocol page should have:
- A brief description of the protocol
- A link to its specification (official or otherwise)
- Identification methods:
- Link(s) to more information about the protocol
Feel free to start pages even if you can't supply all of these things. You can even just make a link to an article on the appropriate list without making the article itself.