Release Notes for NBAR2 Protocol Pack 11.0.0

Home , Digital distribution, KeyHoleTV, Perfect Dark (P2P), Putlocker

• Supported Platforms, on page 2 • New Protocols in NBAR2 Protocol Pack 11.0.0, on page 3 • Updated Protocols in NBAR2 Protocol Pack 11.0.0, on page 5 • Caveats in NBAR2 Protocol Pack 11.0.0, on page 6 • Restrictions and Limitations in NBAR2 Protocol Pack 11.0.0, on page 7 • Recommended Configurations, on page 8

Release Notes for NBAR2 Protocol Pack 11.0.0 1 Release Notes for NBAR2 Protocol Pack 11.0.0 Supported Platforms

Supported Platforms Network-Based Application Recognition (NBAR2) Protocol Pack 11.0.0 support is provided for Cisco Wireless LAN Controller platforms, starting with the 8.0 release. NBAR2 Protocol Pack 11.0.0 is supported on the following Cisco Wireless LAN Controller platforms: • Cisco 5508 Wireless Controller • Cisco Flex 7500 Series Wireless Controllers • Cisco 8510 Wireless Controller • Cisco Wireless Services Module 2 (WiSM2)

Note • Cisco Wireless LAN Controller software release 8.0, uses NBAR engine 16, and contains NBAR2 Protocol Pack 9.0.0 built-in. For more information on software releases and compatible protocol packs, see Working with Protocol Packs. • Though the NBAR2 protocol library and the protocol signatures support IPv6 traffic classification, Cisco Wireless LAN Controller platforms currently support only IPv4 traffic classification. • The Cisco 2504 Wireless Controller supports Application Visibility and Control, but supports only built-in protocol packs present in Wireless LAN Controller software releases. It does not support downloading and installing protocol packs.

Release Notes for NBAR2 Protocol Pack 11.0.0 2 Release Notes for NBAR2 Protocol Pack 11.0.0 New Protocols in NBAR2 Protocol Pack 11.0.0

New Protocols in NBAR2 Protocol Pack 11.0.0 The following new protocols have been added in NBAR2 Protocol Pack 11.0.0, after NBAR2 Protocol Pack 9.0.0.

Common Name Syntax Name Description

AliWangwang aliwangwang AliWangwang is a free instant messenger for Alibaba.com and Taobao.com members. It allows text, voice, and video chat between buyers and sellers who use Alibaba web e-commerce services. The English version of AliWangwang is called TradeManager.

Consumer Cloud consumer-cloud-storage The Consumer Cloud Storage protocol gathers the leading Storage websites on the internet that offer cloud storage services, mainly for media consumers, such as PutLocker, Rapidshare, box, and more.

FC2 Fc2 FC2 is a popular Japanese blogging host and the third most popular video hosting service in Japan. Among its other services are also websites tools such as ad-free hosting, analyzer, counters, and more.

Kakao-Talk kakao-talk Kakao-Talk is a free mobile messenger application for smartphones with free multimedia messaging and free call features. Kakao-Talk was released by Kakao corporation which is based in Seoul, South Korea. It is available on most common mobile operating systems including IOS, Android, and also available on PC by syncing between the PC and the mobile device.

Kakao-Services kakao-services kakao-services is a set of tools and APIs used by Kakao applications such as kakao story, kakao music, kakao website, and so on.

Perfect Dark perfect-dark Perfect-Dark is a P2P application being developed in Japan by an anonymous author. It was developed with the intention for it to be the successor to both Winny and Share. The network function has a huge distributed disk called 'Unity' and the minimum requirement is 40GB disk space.

QQ-Games qq-games QQ Games is a platform developed by Tencent America LLC which lets users play hundreds of casual multiplayer games with other people through the web. A Chinese version is available as well as an English version.

Release Notes for NBAR2 Protocol Pack 11.0.0 3 Release Notes for NBAR2 Protocol Pack 11.0.0 New Protocols in NBAR2 Protocol Pack 11.0.0

Common Name Syntax Name Description

Android Updates android-updates Android updates is the OS updating service for Google's Android OS. Most devices are capable of receiving the updates OTA. Due to the extensive variation in hardware of Android devices and the Android OS versions, updates need to be specially tailored for each device or software. Another aspect of this situation is updates do not have a specific source. Currently, SAMSUNG, LG, HTC and devices with cyanogenmod ROM is supported.

Apple App Store apple-app-store Apple App Store is a digital distribution platform for iOS/OS X applications, developed by Apple Inc. The service allows users to browse, download and update applications into their MAC/Apple devices.

Apple iOS updates apple-ios-updates Apple iOS updates is a service that provides updates for the iOS operating system and its installed components.

AppleTV updates apple-tv-updates AppleTV updates is a service that provides updates for the AppleTV operating system and its installed components.

HTC Services htc-services HTC Services are HTC mobile devices software support and HTC website traffic.

Google Play google-play Google Play, formerly known as Android Market, is a Google operated digital store for applications developed with the Android operating system SDK, and is published through Google.

KeyHoleTV keyholetv KeyHoleTV is an online television portal that links to a limited selection of Japanese television channels, radio stations, and user-made channels. It has clients on Windows, Mac, Linux and iOS.

MAC OS X updates mac-os-x-updates MAC OS X updates is a service that provides updates for the MAC OS X operating system and its installed components.

Mixi mixi Mixi is an online Japanese social networking service.

Microsoft Windows windows-store Windows store is an application store operated by Store Microsoft. It has free and paid applications, as well as desktop and mobile applications written for Windows and Windows mobile.

Yahoo Messenger yahoo-messenger-video Yahoo Messenger Video is a feature included in Yahoo Video Messenger. It uses the webcam to allow users to make private video calls and wide broadcasts.

Release Notes for NBAR2 Protocol Pack 11.0.0 4 Release Notes for NBAR2 Protocol Pack 11.0.0 Updated Protocols in NBAR2 Protocol Pack 11.0.0

Updated Protocols in NBAR2 Protocol Pack 11.0.0 The following table displays the protocols that have been updated in NBAR2 Protocol Pack 11.0.0, after NBAR2 Protocol Pack 9.0.0:

Protocol Updates

airplay Updated signatures.

cisco-ip-camera Updated signatures.

edonkey Updated signatures.

espn-video Updated signatures.

qq-im Updated signatures.

real-media Updated signatures.

rtsp Updated signatures.

Aol-messenger Updated signatures.

Bittorrent Updated signatures.

DNS Updated signatures.

Dropbox Updated signatures.

eDonkey Updated signatures.

Facebook Updated signatures.

Facetime Updated signatures.

Google-services Updated signatures.

Gtalk-video Updated signatures.

iTunes Updated signatures.

Linkedin Updated signatures.

Naver-line Updated signatures.

SSL Updated signatures.

Whatsapp Updated signatures.

YouTube Updated signatures.

Release Notes for NBAR2 Protocol Pack 11.0.0 5 Release Notes for NBAR2 Protocol Pack 11.0.0 Caveats in NBAR2 Protocol Pack 11.0.0

Caveats in NBAR2 Protocol Pack 11.0.0

Note If you have an account on Cisco.com, you can also use the Bug Search Tool to find select caveats of any severity. To reach the Bug Search Tool, log in to Cisco.com and go to https://tools.cisco.com/bugsearch/search . (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)

Resolved Caveats in NBAR2 Protocol Pack 11.0.0 The following table lists the resolved caveats in NBAR2 Protocol Pack 11.0.0, after NBAR2 Protocol Pack 9.0.0:

Resolved Caveat Description

CSCug20539 Traffic generated by airplay might be misclassified as unknown

CSCum59732 Traffic generated by qq-im might not be blocked

CSCun48646 Youtube traffic might be misclassified as internet-video-streaming

CSCub62860 Gtalk Video might be misclassified as RTP

CSCun62513 Some aim-pro traffic is misclassified as ssl

CSCun85161 Apple Facetime is classified as SSL

CSCun92364 Misclassifications in Whatsapp protocol

CSCuo06154 Add ssl sc wildcards support

CSCuo06831 Some yahoo-messenger-video may be misclassified as unknown

CSCuo46084 Dropbox traffic may be misclassified as consumer-cloud-storage

CSCuo50275 Some youtube traffic may be misclassified

CSCuo51104 IPv6 DNS queries are misclassified as unknown

CSCuo51650 Google-Services support needs some update

CSCuo67857 Sending messages on naver-line is passable under blocking (on iphone)

CSCuo70957 Gaps in DNS signature

CSCuo74754 Failure of bittorrent fallback signature

CSCuo78444 Update facebook and linkedin SSL servers

Release Notes for NBAR2 Protocol Pack 11.0.0 6 Release Notes for NBAR2 Protocol Pack 11.0.0 Restrictions and Limitations in NBAR2 Protocol Pack 11.0.0

Restrictions and Limitations in NBAR2 Protocol Pack 11.0.0

The following table lists the limitations and restrictions in NBAR2 Protocol Pack 11.0.0:

Protocol Limitation/Restriction

apple-app-store Login and a few encrypted sessions are classified as iTunes

bittorrent http traffic generated by the bitcomet bittorrent client might be classified as http

capwap-data For capwap-data to be classified correctly, capwap-control must also be enabled

cisco-jabber Encrypted cisco jabber might be classified as unknown.

hulu Encrypted video streaming generated by hulu might be classified as its underlying protocol rtmpe

logmein Traffic generated by the logmein android app might be misclassified as ssl

ms-lync Login and chat traffic generated by the ms-lync client might be misclassified as ssl

pcanywhere Traffic generated by pcanywhere for mac might be classified as unknown

perfect-dark Some perfect-dark sessions might be classified as unknown

qq-accounts Login to QQ applications which is not via web may not be classified as qq-accounts

secondlife Voice traffic generated by secondlife might be misclassified as ssl

Release Notes for NBAR2 Protocol Pack 11.0.0 7 Release Notes for NBAR2 Protocol Pack 11.0.0 Recommended Configurations

Recommended Configurations

The following configurations are tested and recommended for blocking the respective traffic.

Recommended Configuration Caveat for reference To block Picasa traffic, you need to block Google CSCud40143 services and the Picasa application, because Google applications share signatures. To block Gmail traffic, you need to block Google CSCud43226 services and the Gmail application, because Google applications share signatures. To effectively apply AVC policy for FTP , we need __ to add both ftp-data and ftp as part of the AVC Profile.

Release Notes for NBAR2 Protocol Pack 11.0.0 8