Protocol numbers in firewalls

Unanswered Question
Dec 9th, 2009


I need to discover protocol name from protocol numbers that is available in Cisco ASA NSEL flows.

Got the below info from a cisco document:

table 1:

ProtoName      ProtoNumber

----------      --------------

icmp                  1
igmp                  2
ipinip                 4
tcp                   6
igrp                   9
udp                   17
gre or pptp         47
esp or ipsec        50
ah                     51
icmp6                58
eigrp                 88
ospf                  89
nos                   94
pim                   103
pcp                  108
snp                  109


But Internet Assigned Numbers Authority , gives me the below specifications:

table 2:

Decimal  Keyword          Protocol                                 References
-------  ---------------  ---------------------------------------  ------------------
0        HOPOPT           IPv6 Hop-by-Hop Option                   [RFC1883]
1        ICMP             Internet Control Message                 [RFC792]
2        IGMP             Internet Group Management                [RFC1112]
3        GGP              Gateway-to-Gateway                       [RFC823]
4        IP               IP in IP (encapsulation)                 [RFC2003]
5        ST               Stream                                   [RFC1190][RFC1819]
6        TCP              Transmission Control                     [RFC793]
7        CBT              CBT                                      [Ballardie]
8        EGP              Exterior Gateway Protocol                [RFC888][DLM1]
9        IGP              any private interior gateway             [IANA]
                          (used by Cisco for their IGRP) 
10       BBN-RCC-MON      BBN RCC Monitoring                       [SGC]
11       NVP-II           Network Voice Protocol                   [RFC741][SC3]
12       PUP              PUP                                      [PUP][XEROX]
13       ARGUS            ARGUS                                    [RWS4]
14       EMCON            EMCON                                    [BN7]
15       XNET             Cross Net Debugger                       [IEN158][JFH2]
16       CHAOS            Chaos                                    [NC3]
17       UDP              User Datagram                            [RFC768][JBP]
18       MUX              Multiplexing                             [IEN90][JBP]
19       DCN-MEAS         DCN Measurement Subsystems               [DLM1]
20       HMP              Host Monitoring                          [RFC869][RH6]

and the above table keeps on growing. To see the entire list click here.

Do firewalls report for all the protcols listed by IANA, or Is it enough to see the Protocol numbers listed in table1?

Kindly clarify me.

Many Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
fbauhaus Mon, 12/14/2009 - 03:05

In the flow the NF_F_PROTOCOL field uses only the protocol number. ASA will translate the number to the name and vice-versa if it is found in the table1. If you happen to see any of the other protocols found in the IANA table you will only see the number and have to translate the name yourself but that should rarely happen.



This Discussion