Define protocols -- do you mean layer 2 or layer 3 or layer 4? <laugh type=nasty />
The canonical list for tcp/ip (tcp and udp) - which is probably what you mean - below port 1024 is maintained by IANA. Theoretically, ports from 1024-49151 are also registered through IANA. It is a custom more honour'd in the breach than the observance. And 49152-65535 are free for all. The list is here: http://www.iana.org/assignments/port-numbers. But all of that only covers protocols for which there are RFCs. Not the ad hoc protocols we've all come to know and "love". So, just about every security organization / mailing list / wannabe maintains their own list. Some of which are truly useless in a dangerous way - they list EVERY port as "Common service(s): client". Well, Duh! Oh, and at the end of the day, monitoring EVERY port is useless. You are as likely to be mis-tagging as correctly tagging. Remember, when setting up a connection between two hosts, say http, the requestor picks a random port > 1023 for the reply. If you have a list of every possible port that a protocol ever might have used, you're likely to have hits and so mis-classify traffic. Best bet is to build a list of the ports YOU need to monitor on YOUR network. -----Burton [REF: Hamlet, Act 1, Scene 4 - http://www-tech.mit.edu/Shakespeare/Tragedy/hamlet/hamlet.1.4.html] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Baird Sent: Wednesday, March 02, 2005 9:38 AM To: [email protected] Subject: [Ntop] Protocol List Does anyone have a really extensive protocol list file, or know of a place where I can go to keep my own list updated? Regards Michael Baird _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
