(Application Signature) Release Notes

Juniper Networks Deep Packet Inspection-Decoder (Application Signature) Release Notes

February 06, 2019

Contents Recent Release History ...... 2 Overview ...... 2 New Features and Enhancements ...... 3 New Software Features and Enhancements Introduced in JDPI-Decoder Release 3139 ...... 3 New Applications ...... 3 Updated Applications ...... 11 Resolved Issues ...... 12 Requesting Technical Support ...... 13 Self-Help Online Tools and Resources ...... 13 Creating a Service Request with JTAC ...... 13 Revision History ...... 14

Recent Release History

Table 1 on page 2 summarizes the features and resolved issues in recent releases. You can use this table to help you decide to update the JDPI-Decoder version in your deployment.

Table 1: JDPI-Decoder Features and Resolved Issues by Release

Release Signature Pack JDPI Decoder Engine Version Engine Version Date Version Version 4 5 Features and Resolved Issues

February The relevant 1.380.0-60.005 4.20.0-103 5.3.0-52 This JDPI-Decoder version is 06, 2019 signature supported only on the Junos OS package version 12.3X48-D80 and later releases, is 3139. 15.1X49-D140 and later releases, and Junos OS 17.4R1 and later releases on all supported SRX Series platforms.

Overview

The JDPI-Decoder is a dynamically loadable module that mainly provides application classification functionality and associated protocol attributes. It is hosted on an external server and can be downloaded as a package and installed on the device. The package also includes XML files that contain additional details of the list of applications and groups. The list of applications can be viewed on the device using the CLI command show services application-identification application summary. Additional details of any particular application can be viewed on the device using the CLI command show services application-identification application detail . For additional details, see Application Signature.

NOTE: This release is a major upgrade for the JDPI-Decoder to version 1.380.0-60.005 from the previous version 1.340.0-73.005. This upgrade is only supported for Junos OS 12.3X48-D80 and later releases, 15.1X49-D140 and later releases, and 17.4R1 and later releases. This is because the older Junos releases have an engine which is incompatible with the 1.380.0-60.005 version. So the older Junos releases will remain on JDPI-Decoder version 1.340.0-73.005 and there will be no more updates for these releases.

New Features and Enhancements

The following sections describe new features and enhancements available in the JDPI-Decoder releases:

• New Software Features and Enhancements Introduced in JDPI-Decoder Release 3139 on page 3

• New Applications on page 3

• Updated Applications on page 11

New Software Features and Enhancements Introduced in JDPI-Decoder Release 3139

The following sections describe new features and enhancements available in JDPI-Decoder Release 3139.

New Applications

Table 2 on page 3 shows the applications that are added to this release of JDPI-Decoder.

Table 2: New Applications

Application Name Application Type Reported Over Description

ADTELLIGENT Web HTTP/HTTP2/HTTPS/SPDY/SSL Adtelligent Inc. is an advertising technology company. Vertamedia has been rebranded to Adtelligent.

AKAMAI-VIDEO Web AKAMAI-SSL Akamai Video is the Akamai cloud service for video streaming used for Media Services Live, the Old HD Flash 1.0 Solution, and Media Services On-Demand technologies.

AKOAM Web HTTP/HTTP2/HTTPS/SPDY/SSL Famous pirate movie streaming website in Yemen.

AMPLITUDE Web HTTP/HTTP2/HTTPS/SPDY/SSL Amplitude is a Web and mobile analytics platform.

APPTIMIZE Web HTTP/HTTP2/HTTPS/SPDY/SSL Apptimize provides tools for management features and customer analytics on Android and iOS applications.

AUMIX Web HTTP/HTTP2/HTTPS/SPDY/SSL AUMIX Internet Solutions is a service provider and a hosting company.

BF1 Gaming ELECTRONIC-ARTS/HTTP2/ Battlefield 1 is a first-person shooter video game published by Electronic Arts HTTPS/SPDY/SSL/TCP/UDP and released in October 2016.

Table 2: New Applications (continued)

Application Name Application Type Reported Over Description

BF4 Gaming AKAMAI-SSL/ELECTRONIC-ARTS/HTTP/ Battlefield 4 is a first-person shooter video game published by Electronic Arts HTTP2/HTTPS/SPDY/SSL and released in October 2013.

CABIFY Web AMAZON-AWS/HTTP/HTTP2 Cabify is an international transportation network company. This plug-in classifies /HTTPS/SPDY/SSL only website browsing.

CALIENTE Web HTTP/HTTP2/HTTPS/SPDY/SSL Famous gambling website featuring sports and online games in Mexico.

CANVAS Web INSTRUCTURE Canvas Student is an educational application.

CHINANETCENTER Web HTTP/HTTP2/HTTPS/SPDY/SSL ChinaNetCenter is an Internet service platform provider and one of the largest Content Delivery Network (CDN) platforms in the world.

CHROME-REMOTE- Web GOOGLE-GEN This signature classifies chrome remote desktop based on Domain Name System DESKTOP (DNS) caching and Secure Sockets Layer (SSL) common name on computers as well as on mobiles.

CHUNGHWA- Web HTTP/HTTP2/HTTPS/SPDY/SSL Services and websites provided by Chunghwa Telecom. TELECOM

CISCO-AP Infrastructure HTTP2/HTTPS/SPDY/SSL This plug-in identifies Control And Provisioning of Wireless Access Points (CAPWAP) control flows specific to Cisco Access Points devices.

CISCO-RRM Infrastructure UDP Cisco Wireless LAN controller coordinates a set of Cisco wireless LAN access points. This plug-in classifies the Neighbor Discovery Packet (NDP) packets and the protocol used between wireless LAN controller (WLC) instances for the radio resource management functionality. The WLC also communicates with the access points using CAPWAP tunnels and classifies the protocols.

CITRIX-CLOUD Web HTTP/HTTP2/HTTPS/SPDY/SSL Citrix Cloud is a cloud based platform for managing and deploying Citrix products.

CLASH-ROYALE Gaming TCP/UDP Clash Royale is an online mobile game by Supercell.

Table 2: New Applications (continued)

Application Name Application Type Reported Over Description

DCARD Web HTTP/HTTP2/HTTPS/SPDY/SSL Dcard is a social networking application on mobile devices.

DELTAV Infrastructure TCP/UDP The DeltaV distributed control system (DCS) is an easy-to-use automation system that simplifies operational complexity and lowers project risk. DeltaV is used in industrial process control (Emerson Process Management).

DIGIOH Web HTTP/HTTP2/HTTPS/SPDY/SSL Digioh is a lead generation and marketing company. This plug-in classifies the website access.

DOTA2 Gaming HTTP/HTTP2/HTTPS/SPDY/STEAM Dota2 is a free-to-play multiplayer online battle arena (MOBA) video game developed and published by Valve Corporation.

ECHO360 Web AMAZON-AWS/HTTP/ Echo360 application allows user to build online courses and share them with HTTP2/HTTPS/SPDY/SSL students.

ELECTRONIC- Web AKAMAI-SSL/HTTP/ This protocol plug-in classifies the generic Web traffic related to Electronic ARTS HTTP2/HTTPS/SPDY/SSL/UDP Arts.

EMC- Infrastructure TCP CLARiiON is a SAN product line from EMC. NaviSphere is its remote NAVISPHERE configuration interface. This plug-in classifies the internal communication protocols and Web interface of NaviSphere.

EPL Web OPTUS English Premier League (EPL) application is provided by Optus (Australian mobile operator). Subscribers can watch the English Premier League football tournament.

FACEBOOK-LITE Web FBCDN Facebook Lite is an official Facebook client that allows to use this popular social network through a much lighter application.

FACEBOOK- Web FACEBOOK-ACCESS Workplace by Facebook is a social network for enterprises. Workplace by WORKPLACE Facebook is mostly classified as Facebook on mobile devices.

Table 2: New Applications (continued)

Application Name Application Type Reported Over Description

FASP Infrastructure UDP Fast Adaptive and Secure Protocol (FASP) is developed by the Aspera company. It is a transfer protocol of high performance.

FURK-NET Web HTTP/HTTP2/HTTPS/SPDY/SSL Furk.net is a cloud file storage service. This plug-in classifies the traffic generated by servers hosted by Furk.net.

GCP Web GOOGLE-GEN Google Cloud Platform is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products.

GFYCAT Web HTTP/HTTP2/HTTPS/SPDY/SSL Gfycat is a Web platform for uploading and hosting short video content.

GOODNIGHT Messaging AMAZON-AWS/HTTP/HTTP2 Goodnight is a simple voice-chat application for calling and chatting for /HTTPS/SPDY/SSL/WEBSOCKET free, focused on the Korean, Chinese, and Anglophone markets.

GOOGLE-SUPL Web GOOGLE-GEN Google SUPL is the Secure User Plane Location (SUPL) generated by Android.

HAMI-BOOK Web HTTP/HTTP2/HTTPS/SPDY/SSL Traffic from Hami Book website.

HAMI-CLOUD Web HTTP/HTTP2/HTTPS/SPDY/SSL Traffic from Hamicloud website.

HAMI-MUSIC Web TCP Traffic from Hami Music website.

HAPROXY Web TCP HAProxy is free, open source software that provides a high availability load balancer and proxy server for TCP and HTTP based applications. This plug-in classifies proxy protocol for TCP encapsulation over IPv4 or IPv6.

HP-JETADMIN Infrastructure HTTP2/HTTPS/SPDY/SSL HP WebJet Admin (WjA) is a printer management software for HP printers. This plug-in classifies secured Web services of HP WjA.

HULKSHARE Multimedia HTTP/HTTP2/HTTPS/SPDY/SSL Free Internet radio service featuring personal audio file uploading and sharing.

HUOMAO Web HTTP/HTTP2/HTTPS/SPDY/SSL Huomao is a streaming video platform for gamer. This plug-in classifies Web browsing and video playing.

Table 2: New Applications (continued)

Application Name Application Type Reported Over Description

INSTRUCTURE Web AMAZON-AWS/HTTP/ Instructure is a learning technology company and the developer of the HTTP2/HTTPS/SPDY/SSL Canvas learning management system.

JAWABKOM Web HTTP/HTTP2/HTTPS/SPDY/SSL Question and answer Web service in the Arab world.

KAHOOT Web HTTP/HTTP2/HTTPS/SPDY/SSL Kahoot! is a free game-based learning platform used as educational technology in schools and other educational institutions.

KAKAO Gaming HTTP/HTTP2/HTTPS/KAKAOTALK/SPDY/SSL Anipang for Kakao is a mobile puzzle game where you match animals to earn points and high scores.

KKBOX Multimedia HTTP/HTTP2/HTTPS/SPDY/SSL Traffic from KKBOX website.

KRCOM Web SINA-WEIBO krcom.cn is a Chinese video website.

LE360 Web HTTP/HTTP2/HTTPS/SPDY/SSL Infotainment website in Morocco.

LIBJINGLE- P2P STUN/UDP This signature classifies Pseudo TCP used by the libjingle on computers as PSEUDOTCP well as on mobiles.

LOTRO Gaming HTTP/HTTP2/HTTPS/SPDY/SSL/UDP The Lord of the Rings Online is a massive multiplayer online role-playing game (MMORPG).

M800 Web HTTP/HTTP2/HTTPS/SPDY/SSL M800 provides communication products and solutions.

MAIL-COM Web UNITED-INTERNET Mail.com is a Web portal and web-based e-mail service provider owned by the German Internet company United Internet. It offers news articles and a free webmail application.

MAIL-RU-LOVE Web HTTP/HTTP2/HTTPS/ [email protected] is a Russian dating website and mobile application. MEDIASCOPE/SPDY/SSL/WAMBA It uses the Wamba dating website platform.

MEDIASCOPE Web HTTP/HTTP2/HTTPS/SPDY/SSL Mediascope provides media and marketing information.

Table 2: New Applications (continued)

Application Name Application Type Reported Over Description

MEITU Web APPLE-HLS/HTTP/HTTP2/ Meitu is an online mobile photo-sharing and social networking service. HTTPS/RTMP/SPDY/SSL

MS-HYPERV Remote-access MS-PSRP/TCP Microsoft Hyper-V is a native hypervisor for Windows operating systems. Classification covers traffic related to VM remote display (VMRDP).

MSNP Infrastructure TCP Microsoft Notification Protocol or Mobile Status Notification Protocol (MSNP) is an instant messaging protocol developed by Microsoft for the Microsoft Messenger service and the instant messaging clients that connect to it, such as Skype since 2014.

MS-PSRP Infrastructure HTTP/HTTP2/HTTPS/SPDY/TCP Client applications use the MicroSoft PowerShell Remoting Protocol (MS PSRP) to send pipelines of commands to a server system over a network for execution by the server.

MS-TEAMS Messaging MICROSOFT Microsoft Teams is the chat-based workspace in Office 365. Most of the application traffic is classified as Skype or Office365.

NETVELOCITY Web GITHUB/HTTP/HTTP2/HTTPS/SPDY NetVelocity enables users to test, measure, compare, and share their network performance.

NIANTIC Web HTTP/HTTP2/HTTPS/SPDY/SSL Niantic Inc. is an American software development company.

OMNICAST Multimedia HTTP/HTTP2/HTTPS/RTSP/SPDY Omnicast is an IP CCTV (closed-circuit television) collector, storage and visualization product. This plug-in classifies http and rtsp flows of Omnicast. This plug-in does not work on protocols specific to cameras.

OPTUS Web HTTP/HTTP2/HTTPS/SPDY/SSL Optus is an Australian mobile operator. This plug-in classifies streams related to Optus website and likely streams generated by other applications or services owned by Optus, such as MyOptus ELP (English Premier League).

ORIGIN Web AKAMAI-SSL/HTTP/HTTP2/ Origin is a gaming download platform available on the Web at www.origin.com. HTTPS/JABBER/SPDY/SSL

Table 2: New Applications (continued)

Application Name Application Type Reported Over Description

PERFECT- Web AKAMAI-SSL/HTTP/HTTP2/ Perfect World Entertainment is a Chinese online game publisher WORLD-ENT HTTPS/MAILDOTRU/ specializing in free-to-play computer games. MAILRU-AGENT/SPDY/SSL/VIVOX

PL-PANORAMA- Infrastructure SSL Palo Alto Panorama is a network security management appliance with MNGT DPI visibility and network rules editing. This plug-in classifies the management protocol between Panorama and managed firewalls or managed collectors.

PORNHUB- Web HTTP/HTTP2/HTTPS/ Adult Content Delivery Network used by popular adult video streaming website NETWORK SPDY/SSL/TCP/UDP such as youporn, pornhub, redtube and tube8.

PTT Web HTTP/HTTP2/HTTPS/SPDY/SSL PTT is a Taiwanese BBS (Bulletin Board System) website.

PUBLINEWS Web HTTP/HTTP2/HTTPS/SPDY/SSL News website in Guatemala.

PWI Gaming PERFECT-WORLD-ENT/TCP PWI is a free gaming MMORPG offering an unparalleled character customization tool and a unique game play style in a magical universe.

SHAREFILE-COM Web AMAZON-AWS/HTTP/HTTP2/ Citrix ShareFile is a secure enterprise file sharing and sync (EFSS) solution. This HTTPS/SPDY/SSL plug-in classifies only website browsing.

SHAREMAN P2P HTTP/HTTP2/HTTPS/ Shareman is a peer-to-peer file sharing and streaming network. SPDY/SSL/TCP/UDP

SHOPEE Web AKAMAI-SSL/HTTP/HTTP2/ Shopee is an online shopping platform.

HTTPS/SPDY/SSL/TCP/UDP

SIMPLE- Web HTTP/HTTP2/HTTPS/SPDY Simple Speed Test helps to monitor network connection (bandwith, upload, SPEEDTEST download and ping latency) from smartphone or Web browser.

SMASHCAST Web AKAMAI-SSL/HTTP/HTTP2/ Smashcast is a gaming and eSports live streaming platform. Hitbox company HTTPS/SPDY/SSL has been acquired by Azubu (another live streaming platform for video games) and both have been merged to create Smashcast.

Table 2: New Applications (continued)

Application Name Application Type Reported Over Description

SNOW Messaging HTTP/HTTP2/HTTPS/ SNOW is a video messaging application.

SPDY/SSL/TCP/THIFT/UDP

SPEEDCHECK- Web AKAMAI-SSL/HTTP/ Speedcheck tests the speed of Internet connections and adds the results to INTERNET HTTP2/HTTPS/SPDY/SSL SpeedSpot WiFi speed database.

SPORTRADAR Web HTTP/HTTP2/HTTPS/SPDY/SSL Sportradar collects and analyzes sports data.

STREAMROOT Web HTTP/HTTP2/HTTPS/SPDY/SSL Distributed network architecture for over-the-top content (OTT) video delivery.

TEMASYS Infrastructure HTTP2/HTTPS/SPDY/SSL/STUN Temasys provides cloud based WebRTC infrastructure and developer-centric SDKs for embedding real-time communications into Web or mobile applications for interactive video, voice and data communications.

THRIFT Infrastructure TCP Apache Thrift framework used for serialization.

TIMEPRO-VG Infrastructure TCP TimePro VG is a time and attendance software developed by Amano.

TRAI- Web HTTP/HTTP2/HTTPS/SPDY/SSL This application measures data speed and sends the results to Telecom MYSPEED Regulatory Authority of India) TRAI.

UC-BROWSER Web HTTP/HTTP2/HTTPS/SPDY/SSL UC Browser is a Web browser developed by the Chinese mobile Internet company UCWeb and is owned by Alibaba Group of China.

UNITED- Web HTTP/HTTP2/HTTPS/SPDY/SSL United Internet is one of the leading European Internet companies. INTERNET

UPLIVE Messaging HTTP/HTTP2/HTTPS/ Uplive is a social network mobile for live streaming around the world. SPDY/SSL/TCP/UDP

VERO Web AMAZON-AWS/APPLE-HLS/ Vero is social network pretending to change usual social network business HTTP/HTTP2/HTTPS/SPDY/ models.

SSL/ZENDESK

Table 2: New Applications (continued)

Application Name Application Type Reported Over Description

VITAL-QIP Infrastructure SSH/UDP Vital QIP is a proven, open and scalable DDI solution (domain name system (DNS), Dynamic Host Configuration Protocol (DHCP), and IP address management (IPAM)) that comes with an Appliance Manager Software (AMS) to administrate Vital QIP appliance.

VIVOX Gaming HTTP/HTTP2/HTTPS/SIP/ Vivox provides managed communication services in the form of integrated voice SPDY/SSL/STUN/TCP/UDP chat, Instant Messaging (IM) to online games, virtual world and other online communities.

VK-LIVE Multimedia VKONTAKTE VK Live is an application for live streaming on VK (popular social network in Russia).

VTV Web HTTP/HTTP2/HTTPS/SPDY/SSL News Web portal of a Vietnamese TV and media group.

WALLSTREET Web AKAMAI-VIDEO/HTTP/ The Wall Street Journal is a US national daily. JOURNAL HTTP2/HTTPS/SPDY/SSL

WAMBA Web HTTP/HTTP2/HTTPS/SPDY/SSL Dating portal website framework.

WORLD- Gaming HTTP/HTTP2/HTTPS/JABBER/ World Of Tanks is a massively multiplayer online Belarusian game OF-TANKS SPDY/SSL/TCP/UDP/VIVOX/ developed by Wargaming.net company.

YOUTUBE- Web YOUTUBE-STREAM YouTube Kids is an application providing a family-friendly version of YouTube for KIDS younger children, with parental control features and video filter. This plug-in classifies traffic for Android devices.

YOUTUBE- Web YOUTUBE-STREAM YouTube Music is a music and music videos streaming application available MUSIC for iOS and Android.

ZONEALARM Infrastructure ZONEALARM ZoneAlarm is a personal firewall for Windows. This protocol plug-in classifies security updates of the software.

Updated Applications

No updated application for this release.

Resolved Issues

Table 3 on page 12 describes the issues that have been resolved in this release of JDPI-Decoder.

Table 3: Resolved Issues

PR Description

JDPI–Decoder

1279802 AppID support added for Fast Adaptive and Secure Protocol (FASP) application.

1280313 Application Firewall (AppFW) is unable to identify Ultrasurf Chrome plug-in.

1302647 AppID support added for Battlefield 4 application.

1389630 Application package installation fails in PFE with an error while disabling or enabling OPC Classic application multiple times.

1405160 Session data is altered when traffic undergoes IDP inspection.

1406744 AppFW is unable to block WhatsApp application.

Requesting Technical Support

Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or Partner Support Service support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC.

• JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.

• Product warranties—For product warranty information, visit http://www.juniper.net/support/warranty/.

• JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features:

• Find CSC offerings: https://www.juniper.net/customers/support/

• Search for known bugs: https://prsearch.juniper.net/

• Find product documentation: https://www.juniper.net/documentation/

• Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/

• Download the latest versions of software and review release notes: https://www.juniper.net/customers/csc/software/

• Search technical bulletins for relevant hardware and software notifications: https://kb.juniper.net/InfoCenter/

• Join and participate in the Juniper Networks Community Forum: https://www.juniper.net/company/communities/

• Create a service request online: https://myjuniper.juniper.net

To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/

Creating a Service Request with JTAC

You can create a service request with JTAC on the Web or by telephone.

• Visit https://myjuniper.juniper.net.

• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

For international or direct-dial options in countries without toll-free numbers, see https://support.juniper.net/support/requesting-support/.

Revision History

February 06, 2019—Revision 1, JDPI Release Notes

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.