Cisco Stealthwatch Default Application Definitions 7.2.1 Stealthwatch® Default Application Definitions
Stealthwatch® Default Application Definitions
The table in this document lists the default Stealthwatch applications defined on the Custom Applications page in the Stealthwatch Web App. The intended audience for this document includes users who want a clearer understanding of what comprises a default application that Stealthwatch monitors. In the table below, the number in parentheses after the application name is a unique identifier (UID).
Application Criteria Name Description Stealthwatch Classification Port/Protocol
Registered with IANA on port 629 3com AMP3 3com AMP3 (719) TCP/UDP.
Registered with IANA on port 106 3com TSMUX 3com TSMUX (720) TCP/UDP.
The Application Configuration Access Protocol (ACAP) is a protocol for storing and synchronizing general configuration and preference data. It was originally ACAP ACAP (722) developed so that IMAP clients can easily access address books, user options, and other data on a central server and be kept in sync across all clients.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 2 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
AccessBuilder (Access Builder) is a family of dial-in remote access servers that give mobile computer users and remote office workers full access to workgroup, depart- mental, and enterprise network resources. Remote users dial into AccessBuilder via analog or digital connections to get direct, transparent links to Ethernet and Token AccessBuilder AccessBuilder (724) Ring LANs-just as if they were connected locally. AccessBuilder products support a broad range of computing platforms, net- work operating systems, and protocols to fit a variety of network environments. They provide multi-protocol bridging and routing for wide area Client-to-LAN connections and remote LAN extensions to the central site.
ActiveX is a software framework created by Microsoft that adapts its earlier Component ActiveX ActiveX (257) Object Model (COM) and Object Linking and Embedding (OLE) technologies for con- tent downloaded from a network, par-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 3 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
ticularly in the context of the World Wide Web. It was introduced in 1996 and is com- monly used in its Windows operating sys- tem.
A web conferencing platform for web meet- Adobe Connect Adobe Connect (265) ings, eLearning, and webinars.
EchoSign is a web-based electronic sig- nature and enterprise content management system with specific focus on the doc- Adobe ument management and verification life- Adobe EchoSign (713) EchoSign cycle. Its major features center on doc- ument signing, tracking and filing. It sup- ports signing by email (e signature) or by fax.
A distributed networked file system similar AFS AFS (573) to NFS Sources of id: Palo Alto Networks, Packetshaper.
An online online business-to-business Alibaba Alibaba (746) trading platform for small businesses.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 4 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
ALPES is a client server protocol build on top of TCP. Its main goal is to secure the administration of a network of computers ALPES ALPES (731) by transferring configuration text files between an information server and its cli- ents and executing programs on them.
AMInet Protocol is used for communication AMInet AMInet (733) and control of Alcorn McBride Inc. products.
AppleTV updates is a service that provides Apple TV Apple TV Updates (735) updates for the AppleTV operating system Updates and its installed components.
Active Directory (256) Kerberos (47) LDAP (43) LDAP Secure (185) NTLM (763) Other authentication (408) Other authentication Access control technologies. Directory Services (582) Palo Alto (410) PowerBroker (411) RADIUS (72) SiteMinder (413) TACACS (174)
Bitbucket-base (714) bitbucket-upload- Bitbucket is a web-based hosting service Bitbucket ing (715) for projects that use either the Mercurial or
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 5 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
Git revision control systems for their source code repositories. This app-id controls uploading activities by bitbucket using https protocol. To enforce policies on bit- bucket, respective repositories must be allowed. In other words, if bitbucket is used with GIT, git-base must be allowed. Alternately if it is used with Mercurial, mer- curial-base must be allowed.
The BlackBerry is a line of wireless hand- held devices and services. A BlackBerry can shoot video, take photos, play music, and perform online functions such as web- browsing and emailing. They can also send Blackberry Blackberry (167) and receive push email and instant mes- sages while maintaining a high level of security through on-device message encryption, and are designed to function as personal digital assistants.
Business system applications help busi- business sys- 360 Total Security (891) Acronis Snap nesses meet customer demands for fast tems and reliable delivery of services.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 6 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
Deploy (543) AirBnB (867) Akamai Cloud (873) Altiris (544) Amazon Chime (863) Amazon Drive (888) Antivirus (549) APC PowerChute (499) Apple Geolocation (878) Apple Maps (877) Apple Services (864) apt-get (545) Auth0 (880) AutoDesk (594) Base CRM (595) Bitcoin (895) Cedexis (893) Check Point CPMI (546) Cloudflare (876) CommVault (547) Concur (500) Crashlytics (889) CVS (501) Digicel TopUp (866) distcc (502) Evernote (553) Facebook Cloud (890) Fastly (875) Fubon E-Broker (752) Git (503) Google Ads (887) Google Analytics (884) Google APIs (881) Google Calendar (883) Google Earth (862) Google Maps (861) Hightail (868 ) Jira (504) KACE (548) LearningHub-online (886) Limelight Cloud ( 874) Livelink (505) LivePerson (506) Lyft (871) management (542) Mapbox (892) Microsoft Services (865) Middleware
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 7 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
z (551) Norton Security (764) Office 365 (741) office programs (552) other business (498) Perforce (507) Rackspace Cloud (882) Reuters (508) SAP (49) SharePoint (509) SOAP (510) software update (568) StackPath Cloud (885) storage backup (570) Stratum Mining (897) Subversion (511) Symantec (894) synology (778) TomTom (869) Tripadvisor (870) Trulia (872) Uber (758) Wish (879) Zero (896) ZeroMQ (898)
Buzzsaw® is data management software as a service (SaaS) that helps enable Building Information Modeling (BIM) workflows. It includes tools for documentation, mod- Buzzsaw Buzzsaw (599) eling, and data management, and it is integ- rated with the Autodesk portfolio of design and data management solutions. Access Buzzsaw securely from your desktop, the web, or your mobile device.
Callidus Callidus (600) CallidusCloud is a cloud-based sales, mar-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 8 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
keting and learning solution.
Citrix Systems, Inc. is an American mul- tinational software company founded in 1989, that provides server and desktop vir- Citrix Citrix (31) tualization, networking, software-as-a-ser- vice (SaaS), and cloud computing technologies, including Xen open source products.
The Rational ClearCase family consists of several software tools for supporting soft- ware configuration management (SCM) of source code and other software devel- opment assets. It is developed by the Clearcase Clearcase (136) Rational Software division of IBM. ClearCase forms the base for configuration management for many large and medium sized businesses and can handle projects with hundreds or thousands of developers.
Live Pitch & Screen Share. ClearSlide’s Clearslide Clearslide (601) Live Pitch allows you to start a presentation in one click. A customized link from which
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 9 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
you can present presentations, HD video, live screen share. Viewer joins by typing viewer’s link into their browser. No down- load software or plugins to view present- ations.
A cloud storage application or platform that Cloud storage & allows customers to build and host applic- iCloud (751) Google Drive (744) computing ser- ations and websites, store data, analyze Amazon Cloud (769) vices data, back up files, share files, print pho- tos, and more.
Cloud9 provides an open source integrated development environment in the cloud. It supports more than 40 languages. Col- Cloud9 Cloud9 (726) laborate with their peers with collaborative coding features, and web development fea- tures.
internet conferencing (520) Foursquare Collaborative software or groupware is (560) FriendFeed (561) Google Docs application software designed to help Collaboration (745) Google Hangouts (616) people involved in a common task achieve GooglePlus (562) Hi5 (563) Join Me goals. (521) Live Meeting (522) LotusLive
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 10 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
(419) Other collaboration (584) Plaxo (565) SecureMeeting (523) Slack (753) social business (558) social networking (559) Tumblr (576) web posting (571)
Electronic mail, most commonly referred to Exchange (63) IMAP (34) LotusNotes as email or e-mail, is a method of exchan- Corporate email (218) other email (249) OutlookMobile ging digital messages from an author to (762) POP3 (35) SMTP (36) one or more recipients.
Customer relationship management (CRM) is a model for managing a company's inter- actions with current and future customers. CRM software allows the organizing of cus- CRM other CRM (493) tomer information, and also provides the means to track sales leads from the time they are obtained until the sales are closed.
D2D Data Trans- Disk to Disk data transfer such as backup D2D Data Transfer (602) fer operations.
Applications associated with databases Database other database (586) DB2 (586) and database management systems
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 11 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
(DBMSs).
Decryption Cli- Decryption Clients (593) Decryption Client ent
The Dynamic Host Configuration Protocol (DHCP) is a network protocol used to con- figure devices that are connected to a net- work so they can communicate on that network using the Internet Protocol (IP). DHCP DHCP (25) The protocol is implemented in a client- server model, in which DHCP clients request configuration data, such as an IP address, a default route, and one or more DNS server addresses from a DHCP server.
Digital Distribution store is a digital dis- Digital Dis- tribution platform or service which allows Windows Store (755) Google Play (756) tribution store users to browse and download applic- ations.
The Domain Name System (DNS) is a hier- DNS DNS (26) Multicast DNS (149) archical distributed naming system for com-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 12 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
puters, services, or any resource con- nected to the Internet or a private network. It associates various information with domain names assigned to each of the par- ticipating entities. Most prominently, it translates easily memorized domain names to the numerical IP addresses needed for the purpose of locating computer services and devices worldwide. By providing a worldwide, distributed keyword-based redirection service, the Domain Name Sys- tem is an essential component of the func- tionality of the Internet.
DNS (unclas- Applications using the ports/protocols nor- 53 (udp) sified) (183) mally associated with DNS.
Vision Solutions' Double-Take® Avail- Double Take ability: real-time high availability and dis- Double Take Availability (603) Availability aster recovery solution to with options for physical, virtual or cloud servers.
Dropbox Dropbox (232) Dropbox is a file hosting service operated
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 13 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
by Dropbox, Inc., that offers cloud storage, file synchronization, and client software. Dropbox allows users to create a special folder on each of their computers, which Dropbox then synchronizes so that it appears to be the same folder (with the same contents) regardless of which com- puter is used to view it. Files placed in this folder also are accessible through a web- site and mobile phone applications.
eBay.com is an online auction and shop- ping website in which people and busi- eBay Zoho (529) nesses buy and sell a broad variety of goods and services worldwide.
eFolder Backup is a business-grade, cloud backup service designed for VARs and MSPs. The service enables anytime, any- where data backup to the eFolder Storage eFolder eFolder (716) Cloud for Windows, Mac, or Linux work- stations, laptops, or servers. Through file versioning, eFolder’s encrypted cloud backup solution protects against file cor-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 14 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
ruption and accidental save-overs. Mon- itoring and reporting for eFolder’s cloud backup solution is built in.
Video Management System (VMS): Exacq Technologies is a manufacturer of video exacqVision exacqVision (606) management system (VMS) software and servers used for video surveillance.
Facebook is an online social networking Facebook Facebook (196) service.
The FCC Measuring Broadband America Program's mobile measurement effort is an initiative to gather anonymous data from the smartphones of thousands of volun- teers in order to assess broadband per- FCC Speed formance nationwide. Data related to the FCC Speed Test (607) Test radio characteristics of the handset, inform- ation about the handset type and operating system version, the GPS coordinates avail- able from the handset at the time each test is run, the date and time of the obser- vation, and the results of active test are
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 15 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
recorded on the handset.
File hosting is an Internet hosting service 123upload (774) Direct Download Link specifically designed to host user files. It (248) edisk (773) easypaste-org (777) allows users to upload files that could then HiDrive (585) NW5 (590) rusfolder (775) be accessed over the internet from a dif- file hosting share-online (770) SunND (592) ferent computer, tablet, smart phone or ultrashare (771) WDC (591) uploaded other networked device, by the same user (776) yunfile (772) or possibly by other users, after a password or other authentication is provided.
droplr (605) Box (742) eyvx-com (899) File Sharing File Sharing Applications. File Sharing (577) onedrive (779)
Online file sharing, data storage, backup filesanywhere filesanywhere (608) service.
Web page re-formatting tool Finch gives you just the text from any site you plug into Finch Finch (609) its address box, stripping Flash, JavaScript, stylesheets, and even images from the lay- out.
Finger Finger (81) The Name/Finger protocol is an interface to
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 16 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
the name and finger programs that provide status reports on a particular computer sys- tem or a particular person at network sites. Due to security and privacy concerns, the vast majority of sites on the internet no longer offer the service.
The Financial Information eXchange (FIX) protocol is an electronic communications FIX FIX (121) protocol initiated in 1992 for international real-time exchange of information related to the securities transactions and markets.
Flickr is an image hosting and video host- ing website, and web services suite that was created by Ludicorp in 2004 and acquired by Yahoo in 2005. In addition to being a popular website for users to share Flickr Flickr (200) and embed personal photographs, and effectively an online community, the ser- vice is widely used by photo researchers and by bloggers to host images that they embed in blogs and social media.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 17 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
F-Secure Freedome: Security and Privacy Freedome (610) Freedome (610) Change your virtual location Prevent ads and sites from tracking and block apps.
File Transfer Protocol (FTP) is a standard network protocol used to transfer files from FTP FTP (28) TFTP (88) SFTP (117) one host to another host over a TCP-based network, such as the Internet.
FTP (unclas- Applications using the ports/protocols nor- 20-21 (tcp) sified) (183) mally associated with FTP.
Applications associated with the practice of gambling other gambling (494) playing games of chance or betting in the hope of winning money.
Battlefield (103) Clash Royale (795) Doom (98) EA Games (766) Friendster (487) Half-Life (102) Halfbrick Studios (748) Half-Life (102) King of Avalon Activities normally associated with recre- gaming (794) Lineage 2 (798) Minecraft (802) ational pleasure and enjoyment. Mobile Strike (797) Modern War (765) MSN-Zone (104) Nintendo Network (796) other gaming (165) PlayStation
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 18 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
(96) QQGame (206) Quake (97) Second Life (140) SimCity Buildit (799) StarWars Galaxy of Heroes (800) TeamSpeak (152) Unity (801) Unreal (101) Warcraft (95) Wii (107) World of Kung Fu (803) Xbox (94) Zynga (434)
GifBoom is a free Social network applic- ation that enables its users to upload silent GifBoom GifBoom (611) animated GIFs and to share them on GifBoom as well as Facebook, Twitter, and Tumblr or via E-mail or MMS.
GitHub is a web-based Git repository host- ing service, which offers all of the dis- GitHub (612) GitHub-Base (613) GitHub tributed revision control and source code GitHub-uploading (614) management (SCM) functionality of Git as well as adding its own features.
GoAgent is a GNU GPL open-source cross- platform network access software. It uses GoAgent GoAgent (615) Google App Engine servers to provide users with a free proxy service to gain access to blocked information. It is nor-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 19 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
mally used with web browsers.
Classroom was designed hand-in-hand with Google Apps for Education teachers to help them save time, keep classes organ- ized, and improve communication with stu- dents. Students access Classroom assignments, announcements, and resources online. Assignment creation and Google Google Classsroom (717) distribution is accomplished through Classroom Google Drive, Google's file hosting service, while Gmail, Google's webmail, is used to provide classroom communication. Each class created with Google Classroom cre- ates a separate folder in the respective Google Product where the student can sub- mit work to be graded by a teacher.
The Gopher protocol is a TCP/IP applic- ation layer protocol designed for dis- tributing, searching, and retrieving Gopher Gopher (135) documents over the Internet. Strongly ori- ented towards a menu-document design, the Gopher protocol presented an altern-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 20 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
ative to the World Wide Web in its early stages, but ultimately HTTP became the dominant protocol. The Gopher ecosystem is often regarded as the effective pre- decessor of the World Wide Web.
Hamicloud Hamicloud (617) Taiwan-based cloud services.
Founded in 1987, Health Level Seven Inter- national (HL7) is a not-for-profit, ANSI- accredited standards developing organ- ization dedicated to providing a com- Health Level prehensive framework and related HL7 (105) Seven standards for the exchange, integration, sharing, and retrieval of electronic health information that supports clinical practice and the management, delivery and eval- uation of health services.
Integrated Lights-Out, or iLO, is a pro- prietary embedded server management HP-iLO HP-iLO (618) technology by Hewlett-Packard which provides out-of-band management facil- ities. The physical connection is an Eth-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 21 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
ernet port that can be found on most Pro- liant servers of the 300 and above series.
The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, col- HTTP HTTP (29) laborative, hypermedia information sys- tems. HTTP is the foundation of data communication for the World Wide Web.
HTTP (unclas- Applications using the ports/protocols nor- 80 (tcp) sified) (168) mally associated with HTTP.
Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer net- work, with especially wide deployment on the Internet. Technically, it is not a protocol HTTPS HTTPS (39) in and of itself; rather, it is the result of simply layering the Hypertext Transfer Pro- tocol (HTTP) on top of the SSL/TLS pro- tocol, thus adding the security capabilities of SSL/TLS to standard HTTP com- munications.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 22 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
HTTPS (unclas- Applications using the ports/protocols nor- 443 (tcp) sified) (171) mally associated with HTTPS.
Huawei Dbank is a cloud service applic- Huawei-dbank Huawei-dbank (619) ation for storing and synchronizing files between computers.
HULFT is middleware that performs various functions based on the TCP/IP protocol, HULFT HULFT (620) including file transfer, between platforms connected to each other via a network.
Hulu is a website and over-the-top (OTT) subscription service offering ad-supported on-demand streaming video of TV shows, Hulu Hulu (236) movies, webisodes and other new media, trailers, clips, and behind-the-scenes foot- age from NBC, Fox, ABC, TBS, and many other networks and studios.
RMC is a content management system that provides a common management structure IBM-RMC IBM-RMC (621) and look and feel for all process content. All content managed in RMC can be pub-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 23 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
lished to HTML and deployed to Web serv- ers for distributed usage.
BM solidDB: In-Memory Database Optim- IBM-solidDB IBM-solidDB (622) ized for Extreme Speed and Availability.
The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite. It is used by the operating systems of networked computers ICMP ICMP (27) Echo (169) to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached.
The Internet Group Management Protocol (IGMP) is a communications protocol used by hosts and adjacent routers on IP net- works to establish multicast group mem- IGMP IGMP (130) berships. IGMP is an integral part of IP multicast. IGMP can be used for one-to- many networking applications such as online streaming video and gaming, and allows more efficient use of resources
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 24 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
when supporting these types of applic- ations. IGMP is used on IPv4 networks.
Imgur Imgur (623/624) Imgur is an online image hosting service.
AMQP (791) BACNET (793) CoAP (790) Industry Software for automation and IoT. DNP3 (792) S7comm (789)
Cloud-based customer relationship man- Insightly CRM Insightly CRM (625) agement (CRM) software for small busi- nesses.
A social networking app that allows users to share pictures and videos, either pub- Instagram Instagram (743) licly or privately, to pre-approved fol- lowers.
AIM (62) APNS (810) cotap (734) Google Allo (811) Google FCM (809) GoogleTalk (78) ICQ (807) iCrypt (806) Instant messaging (IM) is a type of online instant mes- IMplus (260) iO (805) IRC (42) IRC chat which offers real-time text trans- saging Secure (186) Kakaotalk (580) Jabber mission over the Internet. (61) LotusIM (217) Meebo (77) MSN Messenger (60) other instant mes-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 25 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
saging (184) Paltalk (139) QQ (204) Sig- nal (804) Snapchat (581) Spark (436) spark-im-base (681) Tenor (808) Wire Messenger (812) Xfire (438) Yahoo IM (73)
Android Market (524) Apache Jserv (525) Atom (526) other internet utility Applications that are generally of a util- (527) DCC Anti-Spam (528) Fold- internet utility itarian nature (i.e., practical, useful, func- ing@home (530) MobileMe (531) tional, sensible). traceroute (534) web crawler (536) Win- dows push (537)
InterSystems Caché® is an advanced data- Intersystems Intersystems Cache (626) base management system and rapid applic- Cache (626) ation development environment.
An intranet is a computer network that uses Internet Protocol technology to share Intranet Intranet (237) information, operational systems, or com- puting services within an organization.
Internetwork Packet Exchange (IPX) is the IPX IPX (129) OSI-model Network layer protocol in the
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 26 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
IPX/SPX protocol stack. The IPX/SPXM pro- tocol stack is supported by Novell's NetWare network operating system. Because of Netware's popularity through the late 1980s into the mid-1990s, IPX became a popular internetworking protocol.
iQIYI is an online video platform in China. iQiyi iQiyi (627) IT is the second largest online video site in China by number of video hours played.
ISO 8583 Financial transaction card ori- ginated messages — Interchange message ISO-8583 ISO-8583 (628) specifications is the ISO standard for sys- tems that exchange electronic transactions made by cardholders using payment cards.
JDI Online JDI Online Backup Storage (629) Online Backup solution. Backup Storage
Jenkins provides continuous integration services for software development. It is a Jenkins Jenkins (630) server-based system running in a servlet container such as Apache Tomcat.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 27 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
CareerBuilder.com (241) Monster.com job search Employment websites. (242)
Jobvite Jobvite (631) Recruiting platform for the social web.
Network and Security Manager (NSM) - management over the lifecycle of Juniper’s Juniper NSM Juniper NSM (632) routing, switching and security infra- structure.
88 (tcp) Kerberos 88 (udp) Applications using the ports/protocols nor- (unclassified) 10000 (null) mally associated with Kerberos. (189) 100000 (zeh) 1000000 (zeh)
Khan Academy is an educational organ- ization providing online education. All videos (hosted via YouTube) are available through Khan Academy's website, with pro- Khan Academy Khan Academy (633) gress tracking, practice exercises, and tools for teachers in public schools. Khan Academy also provides a web-based exer- cise system. The exercise software is avail-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 28 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
able as open source under the MIT license.
Alibaba Group - Laiwang, a social net- Laiwang laiwang-base (634) laiwang-file-trans- working service - instant messaging - file (634/635) fer (635) sharing.
LANDESK Software provides systems man- landesk-base (636 landesk-inventory agement, security management, service Landesk (637) management, asset management, and pro- cess management solutions.
379 (tcp) 389 (tcp) LDAP (unclas- Applications using the ports/protocols nor- 389 (udp) sified) (183) mally associated with LDAP. 636 (tcp) 636 (udp)
Lifesize, a division of Logitech, is a video and audio telecommunications company in the United States which provides high Lifesize Lifesize (638) definition videoconferencing endpoints and accessories, infrastructure products and a cloud-based video collaboration plat- form.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 29 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
LinkedIn is a social networking website for LinkedIn LinkedIn (216) people in professional occupations.
Windows Live Personalized Experience (also known as My.Live.com, previously Live.com) was a customizable portal Live Live.com (225) launched by Microsoft in early November 2005. It was one of the first Windows Live services to launch.
LiveNewsChat provides a web interface to view text, image and video content posted by third parties. LiveNewsChat cannot and Livenewschat Livenewschat (639) does not screen the sites or its contents before including them in the results from which such automated searches are gathered.
Localtunnel lets you expose a local web Localtunnel Localtunnel (640) server to the public Internet.
LSI Raid Man- LSI is an Avago Technologies company - LSI Raid Management (641) agement Storage management software.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 30 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
Lync is an application from Microsoft that lets you connect with others through Lync Lync (303) DHCP (25) instant messaging (IM), video calls, and online meetings.
The American College of Radiology (ACR) and the National Electrical Manufacturers Association (NEMA) formed a joint com- mittee in 1983 to develop a standard to: — Promote communication of digital image info rmation, regardless of device man- ufacturer — Facilitate the development and Medical Imaging ACR-NEMA (729) expansion of picture archiving and com- munication systems (PACS) that can also interface with other systems of hospital information — Allow the creation of dia- gnostic information data bases that can be interrogated by a wide variety of devices distributed geographically.
Meetup is an online social networking meetup-base (642) meetup-email (643) Meetup portal that facilitates offline group meet- meetup-forum (644) ings.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 31 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
Mendeley is a desktop and web program for managing and sharing research papers, discovering research data and collaborating mendeley-base (645) mendeley-upload- Mendeley online. It combines Mendeley Desktop, a ing (646) PDF and reference management applic- ation with Mendeley Web, an online social network for researchers.
Mercurial is a free, distributed source con- mercurial-base (647) mercurial-upload- trol management tool.Mercurial is a free, Mercurial ing 648) distributed source control management tool.
Microsoft.com is the main site for product Microsoft.com x Microsoft.com (649) information, support, and news for Microsoft Corporation.
Social media for location based photo shar- Minus Minus (649) ing and chat.
Mobile devices may provide telephony as ActiveSync (166) BOLT (262) FunPlus well as a wide variety of other services mobile (782) iMessage (740) MMS (164) Oper- such as text messaging, MMS, email, Inter- aMini (261) WAP (163) net access, short-range wireless com-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 32 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
munications (infrared, Bluetooth), business applications, gaming, and photography. Mobile phones that offer these and more general computing capabilities are referred to as smartphones.
The Exchange Admin Center (EAC) is the MS Exchange ms-exchange-admin-center (650) web-based management console in Admin Center Microsoft Exchange Server.
Virtual Machine Connection is a tool that you use to connect to a virtual machine so that you can install or interact with the MS Hyper-V VM ms-hyper-v-vm-connect (650) guest operating system in a virtual Connect x machine. Virtual Machine Connection is installed automatically when you install the Hyper-V role.
135 (tcp) MS-RPC 1025 (tcp) Applications using the ports/protocols nor- (unclassified) 1026 (tcp) mally associated with MS-RPC. (183) 135 (udp)
Mymarket Mymarket (652) mymarket.com is an e-procurement solu-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 33 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
tions provider.
MySpace is a social networking service MySpace MySpace (201) with a strong music emphasis.
NetBIOS is an acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. As strictly an API, NetBIOS is not a networking protocol. Older operating systems[clarification needed] ran NetBIOS over IEEE 802.2 and IPX/SPX using the NetBIOS NetBIOS (48) NetBIOS Frames (NBF) and NetBIOS over IPX/SPX (NBX) protocols, respectively. In modern networks, NetBIOS normally runs over TCP/IP via the NetBIOS over TCP/IP (NBT) protocol. This results in each com- puter in the network having both an IP address and a NetBIOS name cor- responding to a (possibly different) host name.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 34 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
NetBIOS 137-139 (tcp) Applications using the ports/protocols nor- (Unclassified) 137-139 (udp) mally associated with NetBIOS. 186)
NetFlow is a network protocol developed by Cisco Systems for collecting IP traffic information. NetFlow has become an industry standard for traffic monitoring and is supported on various platforms. sFlow is NetFlow/sFlow NetFlow/sFlow (91) 6343 (udp) a technology for monitoring network, wire- less, and host devices. sFlow uses sampling to achieve scalability and is, for this reason, applicable to high speed net- works (gigabit per second speeds and higher).
Northern European Transaction Services - NETS NETS (653) Nets is a Nordic provider of payments, cards and information services.
Software that enables administrators to per- Network Man- form services such as fault analysis, per- IPFIX (788) IPMI (787) OpenFlow (786) agement formance management, provisioning of networks, maintaining the quality of ser-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 35 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
vice, etc.
9pfs (721) ACAS (723) Apple Airport (512) ARCserve (513) Host Access Networking software facilitates the linking (587) Infrastructure (514) Internet Pro- Networking of two or more computing devices together tocol (539) Non IP (576) other protocols for the purpose of sharing data. (583) PeerGuardian (517) Proxy (557) RPC (518) UPnP (519)
CNN (230) FoxNews (231) Google Information on current events which is News News (229) MSNBC(233) Yahoo News presented over the Internet. (228)
Next Media Taiwan-based news service, computer- Next Media video (653) video x animated dramatizations of news events.
Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems in 1984, allowing a user AFP (115) CIFS (194) Lockd (156) NFS on a client computer to access files over a NFS (57) SMB (116) network in a manner similar to how local storage is accessed. NFS, like many other protocols, builds on the Open Network Computing Remote Procedure Call (ONC
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 36 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
RPC) system. The Network File System is an open standard defined in RFCs, allowing anyone to implement the protocol.
Nomadesk is a European SaaS company, Nomadesk Nomadesk (655) focused on Enterprise File Sharing & Syn- chronization (EFSS) technology.
Network Time Protocol (NTP) is a net- Day-Time (65) NTP (54) Time Server working protocol for clock synchronization NTP (247) between computer systems over packet- switched, variable-latency data networks.
NTP (unclas- Applications using the ports/protocols nor- 123 (udp) sified) (185) mally associated with NTP.
Office 365 is a line of subscription services offered by Microsoft, as part of the Microsoft Office product line. When you Office 365 Office 365 (741) have an active subscription, you always have the most up-to-date version of the Office applications, such as Word, Excel, PowerPoint, and others.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 37 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
Secure online file storage, file syn- Online Storage online storage (301) chronization, versioning and backup ser- vices.
OpenMeetings is software used for present- ing, online training, web conferencing, col- laborative whiteboard drawing and document editing, and user desktop shar- OpenMeetings OpenMeetings (656) ing. The product is based on OpenLaszlo RIA framework and Red5 media server, which in turn are based on a bunch of open source components.
OpenText Enter- OpenText Enterprise Information Man- OpenText Enterprise Connect (657) prise Connect agement software solutions.
Orkut is a social networking website that is owned and operated by Google. The ser- vice is designed to help users meet new and old friends and maintain existing rela- Orkut Orkut (203) tionships. Although Orkut is less popular in the United States than competitors Face- book and Google+, it is one of the most vis- ited websites in India and Brazil.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 38 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
ANtsP2P (768) Ares (108) AppleJuice (109) BitTorrent (30) DirectConnect (50) eDonkey (32) Filetopia (80) Gnutella (79) iMesh (131) Kazaa (33) Kontiki Applications that provide file-sharing ser- P2P file (198) Local Peer Discovery (785) Man- vices to end-users on a peer-to-peer olito (93) Mute (92) OFF (784) other (P2P) network. P2P file (175) Pando (171) Soulseek (145) spark-im-file-transfer (682) Thun- der (161) Winny (162) WinMX (125)
other P2P stream (210) PPLive (113) Applications that provide streamed mul- P2P stream PPStream (138) QQLive (205) TVANTS timedia content to end-users on a peer-to- (193) peer (P2P) network.
Palo Alto Networks® Traps provides Advanced Endpoint Protection that pre- vents sophisticated vulnerability exploits and unknown malware-driven attacks. Traps accomplishes this through a highly Palo Alto Traps Palo Alto Traps (727) scalable, lightweight agent that uses an innovative new approach for defeating attacks without requiring any prior know- ledge of the threat itself. By doing so, Traps provides organizations with a power-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 39 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
ful tool for protecting endpoints from vir- tually every targeted attack.
PayPal operates a worldwide online pay- ments system that supports online money PayPal PayPal (761) transfers and serves as an electronic altern- ative to traditional paper methods (e.g., checks and money orders.
Photo Video Photo Video (578) Photo-Video Applications.
Pinterest is a web and mobile application pinterest-base (658) pinterest-posting Pinterest company that offers a visual discovery, col- (659) lection, sharing, and storage tool.
Plex is a centralized home media playback system with a powerful central server–the Plex Plex (660) Plex Media Server–that streams its media to many Plex player Apps.
The Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for encap- PPPoE PPOoE (124) sulating PPP frames inside Ethernet frames.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 40 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
A printer is a peripheral which produces a representation of an electronic document Printer Printer (81) on physical media such as paper or trans- parency film.
ProxyLocal could proxy your local web- server and make it publicly available over the internet. This software is split into cli- ProxyLocal ProxyLocal (661) ent and server parts. Server part is running on proxylocal.com server. Client is written in ruby and distributed as gem, its source code is open and available on github.
Quantum Edge Quantum Edge TMS (663) Cloud-based logistics software. TMS
QUIC (Quick UDP Internet Connections) (Google) is an early-stage network protocol QUIC QUIC (664) that runs a stream multiplexing protocol over a new flavor of Transport Layer Secur- ity (TLS) on top of UDP instead of TCP.
BSD r-Commands BSD r-commands (211) r-Commands r-commands (211) A set of commands that was developed for
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 41 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
BSD UNIX to provide convenient remote access (access without passwords) to oper- ation functions over a TCP/IP network. All of the "r" commands begin with the letter "r".
Rally’s cloud-based, Agile software man- Rally Rally Sofware (598) agement platform.
Reddit, is an entertainment, social net- reddit(760) reddit-base (665) reddit- working service and news website where Reddit posting 666) registered community members can submit content, such as text posts or direct links.
Adobe (462) Apple (464) Avocent (465) CitrixGoTo (251) DameWare Mini Remote desktop is a software or operating Remote (467) Jump Desktop (469) system feature that allows a personal com- LogMeIn (470) Netviewer (472) other puter's desktop environment to be run Remote remote desktop (463) PcANYWHERE remotely on one system (usually a PC, but desktop (85) PocketCloud (473) qq-rdp (662) R- the concept applies equally to a server), Services (480) Radmin (474) RDM+ while being displayed on a separate client (475) RDP (70) RemoteCall (476) device. RemoteView (477) TeamViewer (243) Timbuktu (255) VNC (56) XDMCP (126)
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 42 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
XWindows (127)
RIP next generation (RIPng) is an extension of RIP-2 for IPv4. Most RIP concepts are applicable in RIPng. RIPng for IPv6 made RIPng RIPng (667) the following changes to RIP: l UDP port number: RIPng uses UDP port 521 for send- ing and receiving routing information.
Routing is the process of selecting paths in a network along which to send network BGP (46) RIP (69) EGP (114) EIGRP traffic. The routing process usually directs Routing (120) ISIS (485) LDP (300) OSPF (87) forwarding on the basis of routing tables other routing (484) which maintain a record of the routes to various network destinations.
A remote procedure call (RPC) is an inter- process communication that allows a com- puter program to cause a subroutine or pro- cedure to execute in another address RPC CORBA (137) ONC RPC (192) space (commonly on another computer on a shared network) without the programmer explicitly coding the details for this remote interaction. That is, the programmer writes
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 43 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
essentially the same code whether the sub- routine is local to the executing program, or remote. When the software in question uses object-oriented principles, RPC is called remote invocation or remote method invocation.
The Resource Reservation Protocol (RSVP) is a Transport Layer protocol designed to reserve resources across a network for an integrated services Internet. RSVP can be used by either hosts or routers to request RSVP RSVP (68) or deliver specific levels of quality of ser- vice (QoS) for application data streams or flows. RSVP defines how applications place reservations and how they can relin- quish the reserved resources once the need for them has ended.
rsync (572) File transfer application for File transfer application for Unix systems. rsync Unix systems. Sources of id: Palo Alto Sources of id: Palo Alto Networks, Pack- Networks, Packetshaper. etshaper.
Salesforce Salesforce (219) Salesforce is an information system used in
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 44 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
CRM marketing and management that helps automate some sales and sales force management functions.
SaltStack is a Python-based open source configuration management and remote exe- SaltStack SaltStack (668) cution application. Supporting the "infra- structure-as-code" approach to deployment and cloud management.
Samsung Samsung Updates (669) Software updates for Samsung devices. Updates
TechSmith's media hosting solution for Screencast Screencast (670) sharing.
ScreenConnect is a self-hosted remote desktop software application that has remote support, remote access, and ScreenConnect ScreenConnect (671) remote meeting capabilities. ScreenCon- nect was developed by Elsinore Tech- nologies.
SCTP SCTP (90) Stream Control Transmission Protocol
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 45 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
(SCTP) is a transport layer protocol (pro- tocol number 132), serving in a similar role to the popular protocols Transmission Con- trol Protocol (TCP) and User Datagram Pro- tocol (UDP). It provides some of the same service features of both: it is message-ori- ented like UDP and ensures reliable, in- sequence transport of messages with con- gestion control like TCP.
Baidu.com (227) Bing.com (222) Book- ing-com (767) Google.com (224) Loop Search engines and websites designed to search Trade Classifieds (780) Wikipedia (754) find information on the Internet. Yahoo.com (223) Yahoo Images (238)
Silent Circle is an encrypted com- munications firm providing multiplatform Silent Circle Silent Circle (672) secure communication services for mobile devices, desktop and email.
The Standard Interchange Protocol is a pro- prietary standard for communication SIP2 for ILS SIP2 for ILS (673) between library computer systems and self-service circulation terminals. Version
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 46 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
2.0 of the protocol, known as "SIP2". SIP2 for ILS (Integrated Library Systems) for pat- ron and guest wireless access.
Skype allows users to communicate with peers by voice using a microphone, video by using a webcam, and instant messaging Skype Skype (55) over the Internet. Unlike most other VoIP services, Skype is a hybrid peer-to-peer and client-server system.
SMB (unclas- 445 (tcp) Applications using the ports/protocols nor- sified) (184) 445 (udp) mally associated with SMB.
Short Message Service (SMS) is a text mes- saging service component of phone, web, or mobile communication systems, using SMS SMS (250) standardized communications protocols that allow the exchange of short text mes- sages between fixed line or mobile phone devices.
SMTP (unclas- Applications using the ports/protocols nor- 25 (tcp) sified) (172) mally associated with SMTP.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 47 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
Simple Network Management Protocol (SNMP) is an "Internet-standard protocol for managing devices on IP networks". Devices that typically support SNMP include routers, switches, servers, work- SNMP agentX (730) SNMP (40) stations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant admin- istrative attention.
SNMP (unclas- 161 (tcp) pplications using the ports/protocols nor- sified) (183) 161 (udp) mally associated with SNMP.
SNMP-Trap 162 (tcp) Applications using the ports/protocols nor- (unclassified) 162 (udp) mally associated with SNMP-Trap. (182)
Azar (813) Badoo (819) Dubsmash (818) Easy Taxi (820) Giphy (814) Grindr (822) Websites and applications that enable Houseparty (825) Imgur (815) Life Social users to create and share content or to par- Church (821) Meetic Group (823) Sara- ticipate in social networking. hah (824) Shazam (817) Smule (826) tinder (691) Waze (816)
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 48 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
Socket Secure (SOCKS) is an Internet pro- SOCKS SOCKS (172) tocol that routes network packets between a client and server through a proxy server.
SolveQuotes parses incoming messages, corporate emails, and attachments announ- cing inventories up for sale or lists of secur- ities being liquidated. The program provides instantaneous updates on bids, offers, price talk, trades, covers, and more, SolveQuotes SolveQuotes (675) resulting in unparalleled access to market pricing when buying, selling, or marking securities to market. SolveQuotes can be deployed on the client side so that pro- prietary information never leaves the firm's firewalls, and can be integrated with pro- prietary systems and analytics.
SOTI MobiControl is a Mobile Device Man- agement (MDM) solution for enhancing SOTI MobiCon- enterprise mobility and enabling BYOD ini- soti-mobicontrol (718) trole tiatives. MobiControl enables organizations to centrally manage, support, secure, and track corporate-liable and employee-liable
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 49 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
mobile devices, regardless of device type, mobile platform, and location.
SoundCloud is an online audio distribution platform that allows collaboration, pro- motion and distribution of audio recordings by users. SoundCloud is an online audio soundcloud-base (676) soundcloud- SoundCloud distribution platform that enables its users uploading (677) to upload, record, promote and share their originally-created sounds. SoundCloud Uploading lets users control the action of uploading music with a distinctive URL.
SourceForge is a web-based source code repository. It acts as a centralized location for software developers to control and man- age free and open source software devel- opment. SourceForge.net provides a File sourceforge-base (678) sourceforge- SourceForge Manager as a means for projects to make file-transfer (679) files available for download by their users. In addition to the web based File Manager, SourceForge provides an interactive-shell service for managing files. Sourceforge File Transfer captures different methods to
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 50 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
manipulate/upload and download the files and folders accessible via File Manager and shell service.
SPAMfighter is a Spam filter for Outlook, Windows Mail, Windows Live Mail, Outlook Express and Thunderbird email clients. It SPAMfighter SPAMfighter (680) works to protect all the email accounts on your PC against phishing, identity theft, and other email fraud.
Speedtest is an application that can be used by the users to test their internet con- nectivity speed against hundreds of geo- graphically dispersed servers around the world. At the end of each test, users are Speedtest Speedtest (683) presented with their download (the speed of data from the server to their computer) and upload (the speed of sending data from the user's computer to the server) band- width speeds.
Spotify is a digital music service that gives Spotify Spotify (259) you access to millions of songs.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 51 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
SQL is a special-purpose programming lan- Informix (415) MySQL (158) Oracle guage designed for managing data held in SQL (160) PostgreSQL (159) SQL Server a relational database management system (157) Sybase (417) (RDBMS).
SQL-server 1433 (tcp) Applications using the ports/protocols nor- (unclassified) 1434 (udp) mally associated with SQL-server. (181)
Srvdir makes any folder a secure public HTTP file server which serves the files from that folder. Users can share, download or Srvdir Srvdir (684) upload file from anywhere via public IP provided. Srvdir can be useful for testing static responses to webhooks.
The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet Protocol Suite for advertisement and discovery of network services and pres- SSDP SSDP (141) ence information. It accomplishes this without assistance of server-based con- figuration mechanisms, such as the Dynamic Host Configuration Protocol
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 52 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
(DHCP) or the Domain Name System (DNS), and without special static con- figuration of a network host.
Secure Shell (SSH) is a cryptographic net- work protocol for secure data com- munication, remote command-line login, SSH SSH (44) remote command execution, and other secure network services between two net- worked computers.
SSH/SCP Applications using the ports/protocols nor- (unclassified) 22 (tcp) mally associated with SSH and SCP. (175)
ADNstream (556) Amazon (407) Amazon Prime Video (842) Apple Music (757) AVI (180) Channel One (846) CUSeeMe (199) DAZN (853) Digicel Multimedia content that is constantly streaming audi- Music (851) Digicel PlayGo (850) ESPN received by and presented to an end-user o/video (596) (235) Flash (74) Flixster (486) Fox while being delivered by a provider. Sports (857) HBO (441) HiNet (747) IcFlix (849) iFlix (847) IPTV (155) iTunes
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 53 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
(738) ITV (402) Ivi-Ru (845) Justin.TV (443) KanKan (843) LeTV (860) Limelight (444) Livestream (445) Macdome (859) Megavideo (446) Metacafe (447) MPEG (86) Napster (176) NetFlix (234) Nickelodeon Play (854) OGG (170) other streaming (208) Pandora (76) Photobucket (449) PPFilm (848) Qik (450) QuickTime (119) Real (75) Redbox (451) Rhapsody (400) RTP (51) RTSP (52) Shoutcast (168) Shutterfly (452) Silverlight (401) Simfy (759) Sky Go (844) Slingbox (143) Sling TV (856) Streambox (455) Streampix (456) StreamWorks (191) Streaming Audio (596) TuneIn Radio (852) Turner (858) TVUPlayer (147) vevo (700) Vimeo (459) Vudu (460) WindowsMedia (148) Xing Ustream (457) Youku (461) youku-base (708) Youku Tudou (855) youku-uploading (709)
Streetchat Streetchat (685) Streetchat, previously called Gaggle, is an
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 54 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
anonymous “local message board” applic- ation that utilizes texts and photo mes- sages of the people to communicate. It uses a geographical radius to match indi- viduals, this app allows users in a certain radius to see the same photos or text posts. There is also an “upvote” and “down- vote” system where users can vote on the quality of posts either up or down. It is pop- ular among high school and college stu- dents for the ability to post without being identified.
STUN is a lightweight client-server net- work protocol. Its purpose is to allow an application running on a host to determine STUN STUN (182) whether or not it is located behind a net- work device which is performing network address translation.
SWIPE SWIPE (589) IP Security Protocol.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 55 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
2967 (tcp) Symantec-AV 38293 (tcp) Applications using the ports/protocols nor- (unclassified) 2967 (udp) mally associated with Symantec-AV. (180) 38293 (udp)
Synology’s DiskStation Manager (DSM), a Linux based software package that is the operating system for the DiskStation and RackStation products. The Synology DSM is the foundation of the DiskStation, which Synology DSM Synology DSM (686) integrates the basic functions of file shar- ing, centralized backup, RAID storage, mul- timedia streaming, virtual storage, and using the DiskStation as a network video recorder.
Syslog is a standard for computer data log- ging. It separates the software that gen- erates messages from the system that Syslog Syslog (53) stores them and the software that reports and analyzes them. Syslog can be used for computer system management and secur- ity auditing as well as generalized inform-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 56 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
ational, analysis, and debugging mes- sages. It is supported by a wide variety of devices (like printers and routers) and receivers across multiple platforms. Because of this, syslog can be used to integrate log data from many different types of systems into a central repository.
Syslog (unclas- 514 (tcp) Applications using the ports/protocols nor- sified) (176) 514 (udp) mally associated with Syslog.
Tableau Software produces a family of inter- active data visualization products focused on business intelligence. Users can con- nect to any type of structured data, analyze Tableau Tableau (687) virtually and produce highly interactive graphs, dashboards, and reports. This app- id covers Tableau Desktop, Tableau Server, and Tableau Online, which is a hosted ver- sion of Tableau Server.
TACACS 49 (tcp) Applications using the ports/protocols nor- (unclassified) 65 (tcp) mally associated with TACACS. (179) 49 (udp)
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 57 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
65 (udp)
Telegram is a new messaging app where users can exchange encrypted and self- destructing messages, photos, videos and documents (all file-types supported). It is a Telegram Telegram (688) cross-platform messenger whose clients are open source.Telegram is officially avail- able for Android and iOS (including tablets and no-wifi devices).
TelePresence is a product developed by Cisco Systems which provides high-defin- ition 1080p video, spatial audio, and a Telepresence Telepresence (245) setup designed to link two physically sep- arated rooms so they resemble a single con- ference room regardless of location.
Telnet is a network protocol used on the Internet or local area networks to provide a Telnet (37) Reverse Telnet (188) Telnet bidirectional interactive text-oriented com- Telnet Secure (38) munication facility using a virtual terminal connection. User data is interspersed in- band with Telnet control information in an
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 58 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
8-bit byte oriented data connection over the Transmission Control Protocol (TCP).
Telnet (unclas- Applications using the ports/protocols nor- 23 (tcp) sified) (173) mally associated with Telnet.
Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable Teredo Teredo (258) hosts which are on the IPv4 Internet but which have no direct native connection to an IPv6 network.
The Tesla Motors app puts Model S owners in direct communication with their cars any- time, anywhere. With this app, owners can Tesla Car App Tesla Car App (689) perform various functions remotely e.g. check charging progress in real time and start or stop charge;lock or unlock from afar; etc.
TFTP (unclas- Applications using the ports/protocols nor- 69 (udp) sified) (177) mally associated with TFTP.
Threema Threema (690) Threema is an encrypted instant messaging
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 59 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
application for iOS and Android. It can be used to send and receive asymmetrically end-to-end encrypted instant messages, multimedia files and voice messages.
Torch Browser is a freeware Chromium- based web browser and Internet suite developed by Torch Media. The browser Torch -browser-base (692) Torch- handles common Internet-related tasks Torch Browser browser-games (694) Torch-browser- such as displaying websites, sharing web- music (693) sites via social networks, downloading tor- rents, accelerating downloads and grabbing online media, all directly from the browser.
TrueShare is an online file system used to securely upload, share, store, backup, and distribute files. Services include online file storage, online file sharing, and remote file TrueShare TrueShare (695) backup. TrueShare has the ability to handle large file sizes, and unlimited file types. It is designed to work with leading operating systems such as Mac, Windows, and Linux, as well as major web browsers.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 60 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
Epic Browser Proxy (833) GRE (122) Tunneling is when one network protocol GTP (179) HTTPTunnel (403) IP-in-IP (the delivery protocol) encapsulates a dif- (83) IPVanish (831) other tunnel (246) ferent payload protocol. By using tunneling Tunnel Private Internet Access (830) Psiphon one can (for example) carry a payload over (828) SWIPE (589) TOR (177) an incompatible delivery-network, or TVUPlayer (147) TunnelBear (832) provide a secure path through an untrusted VPN-X (827) Zenmate VPN (829) network.
Twitch (also known as Twitch.tv) is a live streaming video platform.The site primarily focuses on video gaming, including play- Twitch Twitch (696) throughs of video games by users, along with broadcasts of e-sports competitions. Content on the site can either be viewed live, or viewed on an on-demand basis.
Twitter is an online social networking ser- vice and microblogging service that Twitter Twitter (197) enables its users to send and read text- based messages of up to 140 characters, known as "tweets".
Ultrahook Ultrahook (697) Webhooks are HTTP requests made over
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 61 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
the web by services when certain events are triggered within the services. Many pop- ular services (GitHub, Stripe, Act- iveCampaign, Papertrail, etc) support updates via webhooks. However, since these webhook requests are made over the public web, it's difficult receive them when testing from behind a firewall. Ultrahook provides a public endpoint to give to other services and tunnels requests to a private endpoint on your computer.
Unclassified unclassified (183) The application cannot be classified.
Applications using the ports/protocols nor- Undefined TCP Undefined TCP (405) 1-65535 (tcp) mally associated with TCP.
Applications using the ports/protocols nor- Undefined UDP Undefined UDP (406) 1-65535 (udp) mally associated with UDP.
uniFLOW is a software platform for print, uniFLOW uniFLOW (698) scan, and device management. unknown Unknown (71) The application cannot be identified.
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 62 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
Usenet is a set of protocols for generating, storing and retrieving news "articles" Usenet (which resemble Internet mail messages) NNTP (106) NNTPS (187) NetNews and for exchanging them among a read- ership which is potentially widely dis- tributed.
Vagrant provides easy to configure, repro- ducible, and portable work environments built on top of industry-standard tech- nology and controlled by a single con- sistent workflow to help maximize the productivity and flexibility of you and your Vagrant Vagrant (699) team.Machines are provisioned on top of VirtualBox, VMware, AWS, or any other pro- vider. Then, industry-standard provisioning tools such as shell scripts, Chef, or Pup- pet, can be used to automatically install and configure software on the machine.
AOL Messenger Audio (736) Chat- Voice over IP (voice over Internet Protocol, roulette (488) Cisco Phone (244) VoIP) is a methodology and group of tech- VoIP FaceTime (739) Fring (153) Google Duo nologies for the delivery of voice com- (783) H323 (82) IAX (128) Iskoot (150) munications and multimedia sessions over
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 63 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
ooVoo (151) other VoIP (207) SIP (110)Skinny (111) MGCP (123) RTCP Internet Protocol (IP) networks, such as the (67) sipviaheader-nat (774) Truphone Internet. (154) Ventrilo (266) Voip Video (579)
A virtual private network (VPN) extends a private network across a public network, CheckPoint VPN (597) DroidVPN (604) such as the Internet. It enables a computer IPSec (41) ISAKMP (134) kerio-vpn to send and receive data across shared or VPN (725) L2TP (59) OpenVPN (84) other public networks as if it were directly con- VPN (178) PPTP (89) SoftEthernet (142) nected to the private network, while bene- SSTP (264) fitting from the functionality, security and management policies of the private net- work.
Watch ABC is the rebranded abc player, which allows viewers to access live Watch ABC Watch ABC (701) streams from a local ABC affiliate from within the app, making ABC the first U.S. broadcast network to offer this ability.
Amazon Services (838) Google Shared Websites offering content and interactive Web Services (834) Google App Engine media services. (841) Here (837) Kinopoisk (835) Loop
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 64 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
Caribbean Local News (839) Loop Pacific Local News (840) My Digicel (836) Vudu (460)
Web Distributed Authoring and Versioning (WebDAV) is an extension of the Hypertext Transfer Protocol (HTTP) that facilitates col- WebDAV WebDAV (302) laboration between users in editing and managing documents and files stored on World Wide Web servers.
WebEx provides on-demand collaboration, WebEx WebEx (202) online meeting, web conferencing and videoconferencing.
Webmail (or web-based email) is any email Gmail (213) Hotmail (226) Mail-Ru (781) Webmail client implemented as a web application Yahoo Mail (214) accessed via a web browser.
WHOIS is a query and response protocol that is widely used for querying databases WHOIS WHOIS (189) that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonom-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 65 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
ous system, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format.
Wickr is a free app that offers self-destruct- ing, encrypted messages. Text, photo, video and audio is encrypted into inde- cipherable code before it leaves the Wickr Wickr (702) device. So, it's safely guarded as it travels via airwaves and wires to Wickr's computer servers and eventually to another person's device. Meanwhile, one can destroy mes- sages by setting a timer.
Winbox is a small program that allows users to control and monitor Mikrotik Winbox Winbox (703) RouterOS using a fast and simple graphical user interface.
Windows Update is a service provided by Windows Microsoft that provides updates for the WindowsUpdate (220) BITS (252) Update Microsoft Windows operating system and its installed components, including Internet
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 66 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
Explorer.
Wink is a popular photo sharing application that lets users share photos with friends Wink Wink (704) who are in proximity. Wink lets users select application from any app - e.g. Instagram.
Windows Internet naming Service Sources WINS WINS (574) of id: Palo Alto Networks, Packetshaper.
Wiredrive is a cloud content management and collaboration solution for work-in-pro- gress, asset management, and rich media presentation. Wiredrive has become the Wiredrive Wiredrive (705) application of choice for creative pro- fessionals in the advertising, television and motion-picture industries who need to upload, manage and present their digital media.
X.400 is a suite of ITU-T Recom- mendations that define standards for Data X.400 X.400 (706) Communication Networks for Message Handling Systems (MHS) — more commonly
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 67 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
known as "email". At one time X.400 was expected to be the predominant form of email, but this role has been taken by the SMTP-based Internet e-mail. Despite this, it has been widely used within organ- izations and was a core part of Microsoft Exchange Server until 2006; variants con- tinue to be important in military and avi- ation contexts.
Yik Yak acts like a local bulletin board for your area by showing the most recent posts from other users around you. It Yik Yak Yik Yak (707) allows anyone to connect and share inform- ation with others without having to know them.
YouTube is a video-sharing website on which users can upload, view and share videos. It uses Adobe Flash Video and YouTube YouTube (118) HTML5 technology to display a wide variety of user-generated video content, including movie clips, TV clips, and music videos, as well as amateur content such as video blog-
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 68 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
ging, short original videos, and educational videos.
Yunpan is a cloud service provided by Baidu, Inc. It offers cloud storage service, client software, file management, resources sharing, and third Party Integ- Yunpan Yunpan (710) ration. After being created on one client ter- minal, files can be synchronized automatically on other internet-connected client terminals. It has rebranded as Baidu Cloud on Sep 3 2012.
ZAS Communicator is a Serverless open source P2P system for secure voice com- ZAS Com- munication, text chat and file transfer over ZAS Communicator (711) municator Internet. The communication is protected by strong encryption from one end of the link to the other.
Zello is a direct messaging service that allows members to communicate freely Zello Zello (728) either privately with individuals or over open channels that can support hundreds
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 69 - Stealthwatch® Default Application Definitions
Application Criteria Name Description Stealthwatch Classification Port/Protocol
of thousands of users. Zello applications are push-to-talk (PTT) walkie-talkie for con- sumers and business and available for Android, iOS, Blackberry, Windows Phone, Windows PC, rugged mobile devices and two-way radios. It allows people to use cell phones and computers all around the world like walkie-talkies.
ZenMate is a VPN plugin for browsers that aims to give internet browsers secure, encrypted access to any website, from any- ZenMate ZenMate (712) where in the world. Users can avail of full and comprehensive encryption into the browser with the ease of use and light- weight installation of a browser plugin.
Contacting Support If you need technical support, do one of the following: Call
l Your local Cisco Partner
l Cisco Stealthwatch Support
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 70 - Stealthwatch® Default Application Definitions
o (U.S.) 1-800-553-2447 o Worldwide support number: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-con- tacts.html
Open a case
l By web: http://www.cisco.com/c/en/us/support/index.html
l By email: [email protected]
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 71 - Copyright Information
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
© 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved.