April 16, 2001
Tracking IP Protocols
Most network analysis tools are designed to provide detailed information on almost any set of network protocols. At the higher layers, analysis of individual applications becomes more difficult - there are thousands of different applications, and all of them work differently!
Many IP-based applications can be identified through their TCP (Transport Control Protocol) or UDP (User Datagram Protocol) header. Each header contains a port number that identifies the application at the higher layer. For example, most web-based applications use port 80. Telnet uses port 23, and FTP uses port 21.
Many of the more commonly used ports are listed in RFC 1700, which can be found here:
ftp://ftp.isi.edu/in-notes/rfc1700.txt
Although this RFC was written in 1994, the port numbers listed are still valid. There are other resources on the net that keep an updated list of port numbers, and my favorites are the application lists at Practically Networked and Network Ice:
http://www.practicallynetworked.com/sharing/app_port_list.htm
http://www.networkice.com/Advice/Exploits/Ports/default.htm
With this information, you can track most applications on your network. Good hunting!
Posted by james_messer at April 16, 2001 11:18 PM
Thanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)