Protocol inspectors

Protocol inspectors can identify protocols like HTTP, POP3, FTP, telnet, and others. You can also exclude the protocol inspectors. When you exclude the protocol inspectors, any network traffic data that is associated with the inspector is processed and indexed only at a generic level.

Any protocol that is not identifiable by a protocol inspector is categorized as Unknown.

The following parameters must be set in QRadar Network Insights for any protocol.
  • Tag - the protocol name as it appears in the QRadar Console UI.
  • Auto-Sense - If the value is 'Yes', then it means that QRadar Network Insights uses intelligent content heuristics to detect the protocol. If 'No', then QRadar Network Insights scans the metadata such as MIME type and the TCP/UDP port.

The following table describes the supported protocols that QRadar Network Insights can process.

Table 1. Protocols supported by QRadar Network Insights
Protocol name Tag Auto-Sense
3S Smart Software Solutions CoDeSys Gateway Server Protocol codesys No
ABB MicroSCADA Server Protocol (wserver.exe) micro_scada No
ABB Robot Service Protocol (RobNetScanHost.exe) abb_robot No
Adobe Macromedia Flash Media Server Protocol fms No
Aerospike Database Server Protocol aerospike Yes
Agent Extensibility Protocol v1 agentx No
AlienVault OSSIM Framework Protocol alienvault_ossim No
AlphaStor Device Manager Protocol emc_adm No
AlphaStor Library Manager Protocol emc_alm No
Apache JServ Protocol ajp Yes
Ares Galaxy Protocol ares Yes
Arkeia Network Backup Protocol arkeia No
ASN.1 Protocol asn1 No
Asterisk Manager Interface Protocol asteriskmanager Yes
Baidu Hi Protocol baiduhi Yes
BigAnt Document Service Protocol antds No
BIND Remote Name Daemon Control rndc No
Bitcoin Protocol bitcoin Yes
BitTorrent Protocol bittorrent Yes
BlackBerry Service Routing Protocol srp Yes
Border Gateway Protocol bgp No
Borland Visibroker Protocol visibroker No
BrightStor Backup Protocol brightstor No
BrightStor LGServer Protocol brightstor:lgserver No
BSD Unix Line Printer Daemon Protocol lpr No
CA Console Server Protocol on 12168/TCP ca_consvr No
CA eTrust Intrusion Detection Engine Protocol etrust_ids No
CA License Server and License Client Protocol ca_licsvr No
CA Unicenter Message Queuing Server (CAM/CAFT) Protocol unicenter No
Centennial Discovery Protocol (xferwan.exe) xferwan No
Cisco Hot Standby Router Protocol hsrp No
Cisco Real-Time Information Server Data Collector Service Protocol cisco_cucm_ris No
Cisco Skinny Client Control Protocol sccp No
Cisco Supervisor Protocol cisco_superv No
CitectSCADA and CitectFacilities ODBC Service Protocol citect_scada No
Citrix IMA Remote Administration Service Protocol citrix_ima No
Citrix Program Neighborhood Protocol citrix_pn No
Citrix Provisioning Services Protocol (streamprocess.exe) citrix_provisioning No
CLI1 Binary Protocol for Jenkins CI cli1 Yes
Conficker Downadup Protocol conficker Yes
Connectionless Lightweight Directory Access Protocol cldap Yes
Control and Provisioning of Wireless Access Points Protocol capwap Yes
CUCM: Cisco Unified Communications Manager Protocol cisco_cmdb No
CVS SCM Protocol (pserver) cvs No
DameWare Protocol dameware No
DAS: Db2 Administration Server Protocol db2_das No
Data Stream Interface Protocol dsi No
Datagram Transport Layer Security Protocol dtls No
DHCP/BOOTP Protocol dhcp_bootp No
DHCPv6 Protocol dhcpv6 No
Digital Audio Access Protocol daap Yes
DirectConnect Protocol directconnect Yes
Distributed Network Protocol dnp No
Distributed Relational Database Architechture Stream Protocol drda Yes
Domain Name Service Protocol dns No
Echo Protocol echo Yes
eDonkey Protocol edonkey Yes
Electronic Messaging System / Microsoft DB Protocol emsmdb No
Email Post Office Protocol v3 pop3 No
Email Simple Mail Transfer Protocol smtp Yes
EMC Autostart Protocol emc_autostart No
EMC Data Protector Advisor Protocol emc_dpa No
EMC Replication Manager IRCC Protocol emc_ircc No
Extensible Authentication Protocol eap No
File Sharing Protocol fsp Yes
File Transfer Protocol (control channel) ftp Yes
File Transfer Protocol (data transfer) ftp_data Yes
Financial Information eXchange Protocol fix Yes
Finger User Info Protocol finger No
Flexera FlexNet Publisher License Server Protocol flexnet No
Flexera FlexNet Publisher License Server Vendor Daemon Protocol flexnet_vendor No
Fortinet Single Sign-On Authentication Protocol fortinetsso No
Ganglia Meta Daemon Protocol ganglia No
GE Proficy Real Time Information Portal Protocol rtip No
General Inter-ORB Protocol giop Yes
Git SCM Data Transfer Protocol git Yes
Gnutella Peer to Peer File Sharing Protocol gnutella Yes
Google QUIC Protocol quic Yes
Gopher Protocol gopher No
H.245 Media Control Channel Protocol h245 Yes
H.323 Voice and Videoconferencing Protocol h323 No
HP Data Protector Express Protocol hp_dataprotect_ex No
HP Data Protector Protocol (Cell Manager) hp_dataprotect:cell No
HP Data Protector Protocol (Media Operations) hp_dataprotect:media No
HP Data Protector Recovery Manager Protocol hp_dataprotect:recovery Yes
HP Intelligent Management Center Protocol hp_imc No
HP Intelligent Management Center Protocol (dbman.exe) hp_imc_dbman No
HP Intelligent Management Center User Access Management Protocol hp_imc_uam No
HP Intelligent Manamgent Center DBMan TCP Protocol hp_tcp_dbman No
HP LeftHand Virtual SAN Hydra Service Protocol lefthand_hydra No
HP Network Node Manager i Protocol PMD Service Communication hpnnmi No
HP Network Node Manager Process Control Protocol Service Communication hp_nnm_ovuispmd No
HP Network Node Manager Topology Manager Protocol Service Communication hp_nnm_topology No
HP OpenView Network Node Manager Alarm Protocol Service Communication hp_nnm_alarmsrv No
HP OpenView Operations Shared Trace Service Protocol hp_ovtrace No
HP Operations Agent ELinkService Protocol hp_opagent_elinkservice No
HP StorageWorks File Migration Agent Protocol hp_fma No
HP StorageWorks Storage Mirroring Service Protocol hp_storageworks_mirroring No
Hypertext Caching Protocol htcp No
Hypertext Transfer Protocol http Yes
Hypertext Transfer Protocol Version 2 http2 Yes
IBM Lotus SameTime Instant Messenger Protocol sametime No
IBM Lotus SameTime Instant Messenger Protocol (File Transfer) sametime_ft No
IBM Site Protector Communications Protocol ibmleap No
IBM Tivoli Monitoring Pipe Protocol itm_pipe No
ICQ File Transfer Protocol aolft Yes
ICQ Messaging Protocol icq Yes
ICQ Messaging Protocol (formerly also AOL Instant Messenger) aolim Yes
IDA-Discover1 Protocol idapro No
IDENT Identification Protocol ident No
Indusoft Web Studio Remote Agent Protocol schneiderindusoft No
InformixSQL Protocol informix No
Ingres Database Communications Protocol ingresdb No
Intelligent Platform Management Interface Protocol ipmi No
Interactive Graphical SCADA System Protocol igss_collection No
Interactive Graphical SCADA System Protocol (Data) igss_data No
Inter-Asterisk Exchange Protocol iax No
Interbase SQL Protocol (also GDS_DB, also Firebird XDR) interbase No
Inter-Control Center Communications Protocol iccp No
Internet Content Adaptation Protocol icap No
Internet Message Access Protocol v4 imap4 Yes
Internet Relay Chat Protocol irc Yes
Internet Security Association Key Management Protocol isakmp Yes
Internet Small Computer Systems Interface Protocol iscsi No
Internet Storage Name Service Protocol isns Yes
IPFIX/NetFlow Protocol ipfix Yes
Java™ Object Serialization Stream Protocol java_object_stream_raw Yes
Java Remote Method Invocation Protocol jrmi Yes
KakaoTalk VOIP & Instant Messaging Protocol kakaotalk Yes
Kerberos KPASSWD Protocol on 464/UDP kpasswd No
Kerberos Protocol kerberos No
Kerberos Remote Login Service Protocol klogin No
Kerberos Remote Shell Service Protocol kshell No
Kerberos Slave Propagation Service Protocol kprop No
LANDesk QIP Service Protocol on 12175/TCP landesk_qip No
LANDesk XFR Intel File Transfer Service Protocol on 12174/TCP landesk_xfr No
Lightweight Directory Access Protocol ldap Yes
Line VOIP & Instant Messaging Protocol line Yes
Link Local Multicast Name Resolution Protocol llmnr Yes
Mail.ru IM Protocol mailru No
McAfee Common Management Agent Framework Service Protocol mcafee_cma_framework No
Mcafee E-Business Server Protocol mcafeeebiz No
Media Gateway Control Protocol mgcp Yes
memcached Protocol memcached No
Mercury Loadrunner Agent Protocol loadrunner Yes
Mercury Mail Transport System Protocol mercurymail No
Message Queuing Binary Protocol msmq Yes
Message Queuing Telemetry Transport Protocol mqtt Yes
Microsoft Challenge-Handshake Authentication Protocol v2 mschapv2 No
Microsoft Dynamics GP Distributed Process Server Protocol dps No
Microsoft Host Integration Server Protocol snabase No
Microsoft Media Player Protocol mms No
Microsoft Messenger Protocol ms_messenger Yes
Microsoft Messenger Protocol (File Transfer) ms_messenger_ft Yes
Microsoft Messenger Protocol (VOIP) ms_messenger_voice Yes
Microsoft OXCRPC Protocol ms-oxcrpc No
Microsoft Remote Desktop Protocol rdp No
Microsoft Remote Procedure Call Protocol msrpc Yes
Microsoft Server Message Buffer Protocol smb No
Microsoft Simple Server Redundancy Protocol ssrp No
Microsoft Windows LAN Manager Remote API Protocol lanman No
MODBUS Protocol modbus No
Motorola Timbuktu Remote Control Protocol timbuktu No
MPEG Transport Stream Protocol mpeg_ts Yes
Multicast DNS Protocol mdns Yes
MySQL Multi-Master Manager Protocol mysql_mmm No
MySQL Protocol mysql Yes
Nagios Remote Plugin Executor Protocol nagiosnrpe No
NAT-T UDP Encapsulation of IPsec ESP Packets ipsec_tunnel Yes
NetBIOS Datagram Service Protocol nbds No
NetBIOS Name Services Protocol nbns No
NetBIOS Session Service Protocol nbss No
NetSupport Manager Protocol netsupport No
NetVault Backup Protocol netvault_backup No
Network Dynamic Data Exchange Protocol netdde No
Network Mapper Protocol nmap No
Novell Distributed Printing Services Protocol ndps No
Novell NetWare Core Protocol ncp No
Novell XTier Framework Remote Procedure Call Protocol xtierrpc No
Novell ZENworks Asset Management Protocol zenworks_am No
Novell ZENworks Configuration Management Protocol zenworks_cm No
Novell ZENworks Handheld Management Protocol (IP Conduit) zenworks:hhmgr No
Novell ZENworks Handheld Management Protocol (ZfHSrvr.exe) zenworks:hhmgr2 No
Novell ZenWorks Remote Manager Protocol zenworks:remmgr No
NT LAN Manager Authentication Protocol ntlm No
OpenVPN Protocol open_vpn No
Oracle Transparent Network Substrate Protocol tns Yes
Oracle WebLogic Node Manager Protocol weblogic_nodemgr No
Poison Ivy RAT Protocol poison_ivy No
PostgreSQL Frontend/Backend Protocol postgresql Yes
PPS.tv Streaming Protocol ppstream Yes
PPTV Streaming Protocol pplive Yes
Proxy DNS Protocol pdnsd No
PXE Protocol: Proxy DHCP for Preboot eXecution Environment proxy_dhcp No
Q.931 ISDN Signalling Protocol q931 No
QQ VOIP & Instant Messaging Protocol qq Yes
Quake 3 Protocol quake3 Yes
Radia Notify Daemon Protocol radia_notify No
Real Time Messaging Protocol rtmp No
Real Time Streaming Protocol rtsp No
Real Time Transport Protocol rtp No
RealWin SCADA Control Service Protocol on 910/TCP realwin_control No
RealWin SCADA HMI Service Protocol on 912/TCP realwin_hmi No
Registration Admission Status Protocol (VOIP) ras No
Remote Authentication Dial In User Service Protocol radius No
Retrospect Backup Protocol retrospect No
Routing Information Protocol rip No
RWHO Enumeration Protocol rwho Yes
SAP MaxDB Communications Protocol sap_maxdb No
SAP Netweaver Protocol (Dispatcher) netweaverdispatcher No
SAP Netweaver Protocol (Gateway Server) netweavergateway Yes
SAP Netweaver Protocol (Message Server) netweavermsgsvr No
Script-Fu Protocol (GIMP: GNU Image Manipulation Program) scriptfu No
Secure Shell Protocol ssh Yes
Secure Socket Layer Protocol ssl Yes
Service Location Protocol srvloc Yes
Session Initiation Protocol (VOIP) sip Yes
Simple and Protected GSSAPI Negotiation Mechanism Protocol spnego No
Simple Network Management Protocol snmp Yes
Simple Service Discovery Protocol ssdp Yes
Skype Protocol skype Yes
SOCKS Proxy Protocol v4, v5 socks Yes
SolidDB Protocol soliddb No
SPDY Protocol spdy Yes
STUN Protocol: Session Traversal Utilities for NAT stun Yes
SubSeven Trojan Protocol subseven Yes
Subversion SCM Protocol subversion No
Sun RPC Automount Protocol automount Yes
Sun RPC bootparam Protocol bootparam Yes
Sun RPC Calendar Manager Service Protocol cmsd Yes
Sun RPC Host Status Monitor Protocol statd Yes
Sun RPC NFS Mount Service Protocol mountd Yes
Sun RPC Open Network Computing Remote Procedure Call Protocol sunrpc Yes
Sun RPC Remote Administration Protocol sunadmind Yes
Sun RPC Selection Service Protocol selnsvc Yes
Sun RPC SGI File Alteration Monitor Protocol sgifam Yes
Sun RPC SNMP DMI Subagent Protocol snmpxdmid Yes
Sun RPC ToolTalk Protocol tooltalk Yes
Sybase DB Tabular Data Stream Protocol tds Yes
Sybase SQL Anywhere MobiLink Protocol mobilink No
Symantec Alert Management System 2 Protocols symantec_ams No
Symantec Internet Security Suite Protocol (rtvscan.exe) rtvscan No
Symantec pcAnywhere Protocol pcanywhere No
System Center Configuration Manager (SCCM/ConfigMgr) Protocol sms No
T3 Binary Protocol for WebLogic Remote Method Invocation t3 Yes
TeamViewer Remote Desktop Protocol teamviewer Yes
Telnet Protocol telnet No
Telos xNode Protocol xnode No
Teredo IPv6 Tunneling Protocol teredo Yes
Tivoli Storage Manager FastBack Mount Server Protocol tsm_fastback_mount No
Tivoli Storage Manager FastBack Server Protocol tsm_fastback_server No
Tivoli Storage Manager Protocol tsm Yes
Tivoli Storage Manager Remote Client Agent Services Protocol tsm_remote_agent No
TMG Remote Winsock Protocol tmg Yes
Transaction Internet Protocol tip No
Transport Layer Security Protocol tls Yes
Trend Micro Control Manager cmdProcessor Protocol trend_cmdprocessor No
Trend Micro ServerProtect EarthAgent Protocol on port 5005 earthagent No
Trivial File Transfer Protocol v2 tftp No
TURN Protocol: Traversal Using Relay NAT Extensions ms_turn Yes
Unified Networks IP Stimulus Protocol unistim No
Unisys Business Information Server Protocol unisys_bis No
Universal Plug-n-Play Protocol upnp No
Unix Network File System Protocol nfs Yes
Unix Network Information Service Protocol nis Yes
Unix Network Time Protocol sntp No
Unix NIS Bind Protocol ypbind Yes
Unix NIS Password Change Sevice Protocol yppasswdd Yes
Unix NIS Update Protocol ypupdated Yes
Unix PC-NFS Protocol pcnfsd Yes
Unix portmapper Protocol portmapper Yes
Unix Remote Execution Protocol rexec No
Unix Remote File Synchronization Protocol rsync No
Unix Remote Login Protocol rlogin No
Unix Remote Shell Protocol rsh No
Unix System Message Logging Protocol syslog No
Unix Talk Protocol talk No
Usenet Network News Transport Protocol nntp No
Veritas Agent Browser for Backup Exec Protocol veritas:agent_browser Yes
Veritas BackupExec NetBackup Protocol veritas:netbackup No
Veritas BackupExec Volume Manager Protocol veritas:volumemgr No
Veritas Enterprise Backup Authentication Protocol veritas:auth No
Veritas NetBackup Client Daemon Protocol veritas:bpcd No
Veritas NetBackup Virual Network Daemon Protocol veritas:vnetd No
Veritas Network Data Backup Protocol veritas:ndmp Yes
Veritas Storage Foundation Scalable File Server Protocol veritas:sfs No
Veritas Universal Communication Layer Protocol ucl Yes
Veritas Web Server Protocol vrtsweb No
Viber Protocol viber Yes
VMware ESXi Status Update Protocol vcenter_heartbeat No
VNC Remote Frame Buffer Protocol vnc_rfb Yes
Web Cache Communication Protocol wccp Yes
WebSocket Protocol websocket No
WeChat Protocol wechat Yes
WellinTech KingView SCADA System Historical Logging Server Protocol kingview_history No
WhatsApp Protocol whatsapp Yes
Windows Internet Name Service Protocol wins No
Windows Media HTTP Streaming Protocol wmsp Yes
X11 Display Manager Control Protocol xdmcp No
X11 Font Service Protocol xfs No
Xfire IM Protocol xfire No
XMPP Protocol (Jabber) xmpp No
Xunlei Thunder P2P Protocol thunder Yes
Yahoo! Messenger Protocol yahoo_messenger Yes
Yahoo! Messenger Protocol (file transfer) yahoo_messenger_ft Yes
Yahoo! Messenger Protocol (VOIP) yahoo_messenger_voice Yes
Zend Java Bridge Protocol zendjavabridge No