service

service

Use the service keyword to specify the session type associated with a packet. In order for this keyword to work, the session that is being identified should be supported by a suitable dissector. To see a list of services currently supported by the IPS engine dissectors, refer to the table, Supported service types. You can use the service keyword once in a signature.

Syntax:

--service <service_name>;

Examples:

--service HTTP;

--service DNS;

Supported service types

Session Type	Criterion	Service Option
Back_office (bo, bo2k)	TCP/UDP, any port	service BO
COTP	TCP, 102	service COTP
DCE RPC	TCP/UDP, any port	service DCERPC
DHCP	UDP, any port	service DHCP
DNP3	TCP, any port	service DNP3
DNS	TCP/UDP, 53	service DNS
FTP	TCP, any port	service FTP
H323	TCP, 1720	service H323
HTTP	TCP, any port	service HTTP
IEC104	TCP, 2024	service IEC104
IM (yahoo, msn, aim, qq)	TCP/UDP, any port	service IM
IMAP	TCP, any port	service IMAP
LDAP	TCP, 389	service LDAP
MODBUS	TCP, 502	service MODBUS
MSSQL	TCP, 1433	service MSSQL
NBSS	TCP, 139, 445	service NBSS
NNTP	TCP, any port	service NNTP
P2P (skype, BT, eDonkey, kazaz, gnutella, dc++)	TCP/UDP, any port	service P2P
POP3	TCP, any port	service POP3
RADIUS	UDP, 1812, 1813	service RADIUS
RDT	TCP, any port, by RTSP	service RDT
RTCP	TCP, any port, by RTSP	service RTCP
RTP	TCP, any port, by RTSP	service RTP
RTSP	TCP, any port	service RTSP
SCCP (skinny)	TCP, 2000	service SCCP
SIP	TCP/UDP any port	service SIP
SMTP	TCP, any port	service SMTP
SNMP	UDP, 161, 162	service SNMP
SSH	TCP, any port	service SSH
SSL	TCP, any port	service SSL
SUN RPC	TCP/UDP, 111, 32771	service RPC
TELNET	TCP, 23	service TELNET
TFN	ICMP, any port	service TFN
TFTP	UDP, any port	service TFTP
WebSocket	TCP, any port	service websocket

service

Syntax:

--service <service_name>;

Examples:

--service HTTP;

--service DNS;

Supported service types

Session Type

Criterion

Service Option

Back_office (bo, bo2k)

TCP/UDP, any port

service BO

COTP

TCP, 102

service COTP

DCE RPC

TCP/UDP, any port

service DCERPC

DHCP

UDP, any port

service DHCP

DNP3

TCP, any port

service DNP3

DNS

TCP/UDP, 53

service DNS

FTP

TCP, any port

service FTP

H323

TCP, 1720

service H323

HTTP

TCP, any port

service HTTP

IEC104

TCP, 2024

service IEC104

IM (yahoo, msn, aim, qq)

TCP/UDP, any port

service IM

IMAP

TCP, any port

service IMAP

LDAP

TCP, 389

service LDAP

MODBUS

TCP, 502

service MODBUS

MSSQL

TCP, 1433

service MSSQL

NBSS

TCP, 139, 445

service NBSS

NNTP

TCP, any port

service NNTP

P2P (skype, BT, eDonkey, kazaz, gnutella, dc++)

TCP/UDP, any port

service P2P

POP3

TCP, any port

service POP3

RADIUS

UDP, 1812, 1813

service RADIUS

RDT

TCP, any port, by RTSP

service RDT

RTCP

TCP, any port, by RTSP

service RTCP

RTP

TCP, any port, by RTSP

service RTP

RTSP

TCP, any port

service RTSP

SCCP (skinny)

TCP, 2000

service SCCP

SIP

TCP/UDP any port

service SIP

SMTP

TCP, any port

service SMTP

SNMP

UDP, 161, 162

service SNMP

SSH

TCP, any port

service SSH

SSL

TCP, any port

service SSL

SUN RPC

TCP/UDP, 111, 32771

service RPC

TELNET

TCP, 23

service TELNET

TFN

ICMP, any port

service TFN

TFTP

UDP, any port

service TFTP

WebSocket

TCP, any port

service websocket

Custom IPS and Application Control Signature Syntax Guide

service

Syntax:

Examples:

Supported service types

service

Syntax:

Examples:

Supported service types