Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1012
Views
0
Helpful
1
Replies

Protocol numbers in firewalls

senthil085
Level 1
Level 1

‎12-09-2009 09:11 AM - edited ‎03-11-2019 09:47 AM

Hi,

I need to discover protocol name from protocol numbers that is available in Cisco ASA NSEL flows.

Got the below info from a cisco document:

table 1:

ProtoName      ProtoNumber

----------      --------------

icmp                  1
igmp                  2
ipinip                 4
tcp                   6
igrp                   9
udp                   17
gre or pptp         47
esp or ipsec        50
ah                     51
icmp6                58
eigrp                 88
ospf                  89
nos                   94
pim                   103
pcp                  108
snp                  109

Source: http://www.cisco.com/en/US/docs/security/pix/pix62/command/reference/intro.html#wp1031557

But Internet Assigned Numbers Authority http://www.iana.org/assignments/protocol-numbers , gives me the below specifications:

table 2:

Decimal  Keyword          Protocol                                 References
-------  ---------------  ---------------------------------------  ------------------
0        HOPOPT           IPv6 Hop-by-Hop Option                   [RFC1883]
1        ICMP             Internet Control Message                 [RFC792] 
2        IGMP             Internet Group Management                [RFC1112]
3        GGP              Gateway-to-Gateway                       [RFC823]
4        IP               IP in IP (encapsulation)                 [RFC2003]
5        ST               Stream                                   [RFC1190][RFC1819]
6        TCP              Transmission Control                     [RFC793]
7        CBT              CBT                                      [Ballardie]
8        EGP              Exterior Gateway Protocol                [RFC888][DLM1]
9        IGP              any private interior gateway             [IANA]
                          (used by Cisco for their IGRP)  
10       BBN-RCC-MON      BBN RCC Monitoring                       [SGC]
11       NVP-II           Network Voice Protocol                   [RFC741][SC3]
12       PUP              PUP                                      [PUP][XEROX]
13       ARGUS            ARGUS                                    [RWS4]
14       EMCON            EMCON                                    [BN7]
15       XNET             Cross Net Debugger                       [IEN158][JFH2]
16       CHAOS            Chaos                                    [NC3]
17       UDP              User Datagram                            [RFC768][JBP]
18       MUX              Multiplexing                             [IEN90][JBP]
19       DCN-MEAS         DCN Measurement Subsystems               [DLM1]
20       HMP              Host Monitoring                          [RFC869][RH6]

and the above table keeps on growing. To see the entire list click here.

Do firewalls report for all the protcols listed by IANA, or Is it enough to see the Protocol numbers listed in table1?

Kindly clarify me.

Many Thanks
Senthil.S

Labels:
0 Helpful
1 Reply 1

fbauhaus
Level 1
Level 1

‎12-14-2009 03:05 AM

In the flow the NF_F_PROTOCOL field uses only the protocol number. ASA will translate the number to the name and vice-versa if it is found in the table1. If you happen to see any of the other protocols found in the IANA table you will only see the number and have to translate the name yourself but that should rarely happen.

-Florian

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card