IANA Protocol Name
The IANA Protocol Name representing the official registered name for well-known network protocols. For more information, see RFC 5237 and RFC 7045.
Data Type
String
Aliases
| Use | Alias |
|---|---|
Client Console Full Name | Known Application |
Client Console Short Name | Not applicable |
Web Console Tab/Name | Application |
Elasticsearch Field Name | application/protocolName/serviceName |
Rule Builder Column Name | <protname> |
Regex Pattern | <protname> |
NetMon Name | Not applicable |
Field Relationships
- SIP
- SIPv4
- SIPv6
- SIPv6E
- Origin Hostname
- Origin Hostname or IP
- Origin NAT IP
- DIP
- DIPv4
- DIPv6
- DIPv6E
- Impacted Hostname
- Impacted Hostname or IP
- Impacted NAT IP
- Origin Port
- Origin NAT Port
- Impacted Port
- Impacted NAT Port
- Origin MAC Address
- Impacted MAC Address
- Origin Interface
- Impacted Interface
- Origin Domain
- Impacted Domain
- Origin Login
- Impacted Account
- IANA Protocol Number
Common Applications
- Firewalls
- IDS/IPS
- NetMon
Use Case
Classifying network traffic.
MPE/Data Masking Manipulations
Compares to list of IANA Protocol Names and is shown in Known Application in the Client Console or Application in the Web Console.
Usage Standards
- Only parse IANA Protocol Names in this field.
- If both Protocol Number and Protocol Name are present in a log, parse Protocol Number.
- For Protocol Names and Numbers, see https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
Examples
- FortiGate
12 12 2016 12:18:55 1.1.1.1 <LOC7:ALRT> date=2016-12-12 time=12:18:55 devname=ABC-DEF-FORTIGATE-02 devid=FG80050000000 logid=0419016385 type=utm subtype=ips eventtype=signature level=alert vd=root severity=low srcip=1.1.1.1 srccountry="Reserved" dstip=1.1.1.1 srcintf="WIFI_NETWORK" dstintf="VLAN" policyid=380 sessionid=24634444 action=dropped proto=1 service="PING" attack="Traceroute" icmpid=0x6425 icmptype=0x08 icmpcode=0x00 attackid=12466 profile="IPS_WEB_OUT" ref="http://Host1/ids/VID12345" incidentserialno=123456789 msg="icmp: Traceroute," crscore=5 crlevel=low
Service corresponds with proto=1 which is ICMP (Ping). Service can sometimes indicate an IANA Protocol Name instead of a process. For more information, see http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml.
- Juniper Firewall
11 06 2009 12:09:51 1.1.1.1 <SAU1:CRIT> dc-dp-1: NetScreen device_id=dc-dp-1 [Root]system-critical-00033: Src IP session limit! From 1.1.1.1:11698 to 1.1.1.1:49156, proto UDP (zone DAVE-PK1 int ethernet0/0.3). Occurred 16 times. (2010-11-06 12:09:50)
Proto shows the Protocol Name UDP instead of a number. Corresponds to protocol number 17. For more information, see http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml.