diff options
Diffstat (limited to 'doc/protocols.rst')
| -rw-r--r-- | doc/protocols.rst | 117 |
1 files changed, 64 insertions, 53 deletions
diff --git a/doc/protocols.rst b/doc/protocols.rst index d4b813017..ef3846d80 100644 --- a/doc/protocols.rst +++ b/doc/protocols.rst @@ -8,10 +8,10 @@ Work in progress! .. _Proto 72: `NDPI_PROTOCOL_HART_IP` -============================ +======================= Highway Addressable Remote Transducer over IP -References: `Protocol Specs: <https://library.fieldcommgroup.org/20085/TS20085>`_. +References: `Protocol Specs: <https://library.fieldcommgroup.org/20085/TS20085>`_ .. _Proto 96: @@ -26,19 +26,19 @@ References: `RFC1350 <https://datatracker.ietf.org/doc/html/rfc1350>`_ and `RFC2 .. _Proto 127: `NDPI_PROTOCOL_MS_RPCH` -==================== +======================= A Remote Procedure Call protocol over HTTP from Microsoft. -References: `Protocol Specs: <https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rpch/c0f4c9c5-1a61-4d10-b8e2-005378d1d212`_. +References: `Protocol Specs: <https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rpch/c0f4c9c5-1a61-4d10-b8e2-005378d1d212`_ .. _Proto 201: `NDPI_PROTOCOL_GOOGLE_MEET` -==================== +=========================== Google Meet is a video conferencing service from Google. -References: `Main site: <https://meet.google.com/>`_. +References: `Main site: <https://meet.google.com/>`_ .. _Proto 338: @@ -47,7 +47,7 @@ References: `Main site: <https://meet.google.com/>`_. ==================== The Secure Real-time Transport Protocol (SRTP) is a profile for Real-time Transport Protocol (RTP) intended to provide encryption, message authentication, integrity, and replay attack protection to the RTP data. -References: `RFC3711 <https://datatracker.ietf.org/doc/html/rfc3711>`_. +References: `RFC3711 <https://datatracker.ietf.org/doc/html/rfc3711>`_ Notes: @@ -61,7 +61,7 @@ Notes: ========================= Opera VPN is a free VPN included with Opera Browser. -References: `Main site <https://www.opera.com/it/features/free-vpn>`_. +References: `Main site <https://www.opera.com/it/features/free-vpn>`_ .. _Proto 340: @@ -70,7 +70,7 @@ References: `Main site <https://www.opera.com/it/features/free-vpn>`_. ========================= Epic Games is a video game company developing the Unreal Engine and some successful games as Fortnite and Gears of War. -References: `Main site <https://store.epicgames.com/en-US/>`_ and `Fortnite <https://www.fortnite.com/>`_. +References: `Main site <https://store.epicgames.com/en-US/>`_ and `Fortnite <https://www.fortnite.com/>`_ .. _Proto 341: @@ -79,7 +79,7 @@ References: `Main site <https://store.epicgames.com/en-US/>`_ and `Fortnite <htt ========================== GeForce Now is the brand used by Nvidia for its cloud gaming service. -References: `Main site <https://www.nvidia.com/en-us/geforce-now/>`_. +References: `Main site <https://www.nvidia.com/en-us/geforce-now/>`_ .. _Proto 342: @@ -88,7 +88,7 @@ References: `Main site <https://www.nvidia.com/en-us/geforce-now/>`_. ====================== Generic web traffic from Nvidia sites. -References: `Main site <https://www.nvidia.com>`_. +References: `Main site <https://www.nvidia.com>`_ .. _Proto 343: @@ -97,7 +97,7 @@ References: `Main site <https://www.nvidia.com>`_. ======================= Bitcoin is one of the most common crypto currencies. -References: `Main site <https://en.bitcoin.it/wiki/Protocol_documentation>`_. +References: `Main site <https://en.bitcoin.it/wiki/Protocol_documentation>`_ Notes: @@ -112,7 +112,7 @@ Notes: ========================= Proton VPN is a VPN service operated by the Swiss company Proton AG, the company behind the email service Proton Mail -References: `Main site <https://protonvpn.com/>`_. +References: `Main site <https://protonvpn.com/>`_ .. _Proto 345: @@ -121,7 +121,7 @@ References: `Main site <https://protonvpn.com/>`_. ====================== Apache Thrift is a generic data interchange framework that supports a bunch of different languages and platforms. -References: `Official site <https://thrift.apache.org>`_ and `Github <https://github.com/apache/thrift>`_. +References: `Official site <https://thrift.apache.org>`_ and `Github <https://github.com/apache/thrift>`_ .. _Proto 346: @@ -130,7 +130,7 @@ References: `Official site <https://thrift.apache.org>`_ and `Github <https://gi ====================== Roblox is an online game platform and game creation system. -References: `Main site <https://www.roblox.com/>`_. +References: `Main site <https://www.roblox.com/>`_ Notes: @@ -143,7 +143,7 @@ Notes: ================================ The Service Location Protocol is a service discovery protocol that allows computers and other devices to find services in a local area network without prior configuration. -References: `SLPv1 <https://datatracker.ietf.org/doc/html/rfc2165>`_ and `SLPv2 <https://datatracker.ietf.org/doc/html/rfc2608>`_. +References: `SLPv1 <https://datatracker.ietf.org/doc/html/rfc2165>`_ and `SLPv2 <https://datatracker.ietf.org/doc/html/rfc2608>`_ .. _Proto 348: @@ -152,7 +152,7 @@ References: `SLPv1 <https://datatracker.ietf.org/doc/html/rfc2165>`_ and `SLPv2 ======================= Mullvad is a VPN service operated by Mullvad VPN AB, based in Sweden -References: `Main site <https://mullvad.net/>`_. +References: `Main site <https://mullvad.net/>`_ .. _Proto 349: @@ -161,7 +161,7 @@ References: `Main site <https://mullvad.net/>`_. ===================== HTTP/2 (originally named HTTP/2.0) is a major revision of the HTTP network protocol used by the World Wide Web. -References: `RFC <https://datatracker.ietf.org/doc/html/rfc9113>`_. +References: `RFC <https://datatracker.ietf.org/doc/html/rfc9113>`_ Notes: @@ -174,7 +174,7 @@ Notes: ======================= HAProxy is a free and open source software that provides a high availability load balancer and reverse proxy for TCP and HTTP-based applications that spreads requests across multiple servers. -References: `Main site: <https://www.haproxy.org>`_. +References: `Main site: <https://www.haproxy.org>`_ .. _Proto 351: @@ -183,7 +183,7 @@ References: `Main site: <https://www.haproxy.org>`_. ==================== The Intelligent Platform Management Interface (IPMI) is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system's CPU, firmware (BIOS or UEFI) and operating system. -References: `Protocol Specs: <https://www.dmtf.org/sites/default/files/standards/documents/DSP0114.pdf>`_. +References: `Protocol Specs: <https://www.dmtf.org/sites/default/files/standards/documents/DSP0114.pdf>`_ .. _Proto 352: @@ -192,7 +192,7 @@ References: `Protocol Specs: <https://www.dmtf.org/sites/default/files/standards =================== Controller Area Network (CAN) is used extensively in automotive applications, with in excess of 400 million CAN enabled microcontrollers manufactured each year. -References: `Protocol Specs: <https://www.iso.org/standard/63648.html>`_. +References: `Protocol Specs: <https://www.iso.org/standard/63648.html>`_ .. _Proto 353: @@ -201,7 +201,7 @@ References: `Protocol Specs: <https://www.iso.org/standard/63648.html>`_. ======================== Protocol Buffers (Protobuf) is a free and open-source cross-platform data format used to serialize structured data. -References: `Encoding: <https://protobuf.dev/programming-guides/encoding>`_. +References: `Encoding: <https://protobuf.dev/programming-guides/encoding>`_ .. _Proto 354: @@ -210,8 +210,7 @@ References: `Encoding: <https://protobuf.dev/programming-guides/encoding>`_. ======================= Ethereum is a decentralized, open-source blockchain with smart contract functionality. -References: `Main site <https://ethereum.org/en/developers/docs/intro-to-ethereum/>`_. - +References: `Main site <https://ethereum.org/en/developers/docs/intro-to-ethereum/>`_ Notes: @@ -224,7 +223,7 @@ Notes: ============================ Audio/video calls made using the telegram app. -References: `Wikipedia <https://en.wikipedia.org/wiki/telegram_(software)/>`_. +References: `Wikipedia <https://en.wikipedia.org/wiki/telegram_(software)/>`_ .. _Proto 356: @@ -233,7 +232,7 @@ References: `Wikipedia <https://en.wikipedia.org/wiki/telegram_(software)/>`_. ============================ Chinese microblogging (weibo) website. -References: `Wikipedia <https://en.wikipedia.org/wiki/Sina_Weibo>`_. +References: `Wikipedia <https://en.wikipedia.org/wiki/Sina_Weibo>`_ .. _Proto 358: @@ -242,7 +241,7 @@ References: `Wikipedia <https://en.wikipedia.org/wiki/Sina_Weibo>`_. ============================ IEEE 1588-2008 Precision Time Protocol (PTP) Version 2. -References: `Protocol Specs: <https://standards.ieee.org/ieee/1588/4355/>`_. +References: `Protocol Specs: <https://standards.ieee.org/ieee/1588/4355/>`_ .. _Proto 359: @@ -251,7 +250,7 @@ References: `Protocol Specs: <https://standards.ieee.org/ieee/1588/4355/>`_. ============================ Real-Time Publish Subscribe Protocol -References: `Protocol Specs: <https://www.omg.org/spec/DDSI-RTPS/>`_. +References: `Protocol Specs: <https://www.omg.org/spec/DDSI-RTPS/>`_ .. _Proto 360: @@ -260,7 +259,7 @@ References: `Protocol Specs: <https://www.omg.org/spec/DDSI-RTPS/>`_. ============================ IEC62541 OPC Unified Architecture -References: `Protocol Specs: <https://reference.opcfoundation.org/>`_. +References: `Protocol Specs: <https://reference.opcfoundation.org/>`_ .. _Proto 361: @@ -270,7 +269,7 @@ References: `Protocol Specs: <https://reference.opcfoundation.org/>`_. A proprietary protocol from Siemens used for data exchange between PLCs and access PLC data via SCADA systems. Completely different from classic S7Comm, but also uses TPKT/COTP as a transport. -References: `Unofficial description: <https://plc4x.apache.org/protocols/s7/s7comm-plus.html>`_. +References: `Unofficial description: <https://plc4x.apache.org/protocols/s7/s7comm-plus.html>`_ .. _Proto 362: @@ -279,7 +278,7 @@ References: `Unofficial description: <https://plc4x.apache.org/protocols/s7/s7co ============================ Factory Interface Network Service (FINS) is a network protocol used by Omron PLCs. -References: `Protocol Specs: <https://assets.omron.eu/downloads/manual/en/v4/w421_cj1w-etn21_cs1w-etn21_ethernet_units_-_construction_of_applications_operation_manual_en.pdf>`_. +References: `Protocol Specs: <https://assets.omron.eu/downloads/manual/en/v4/w421_cj1w-etn21_cs1w-etn21_ethernet_units_-_construction_of_applications_operation_manual_en.pdf>`_ .. _Proto 363: @@ -288,7 +287,7 @@ References: `Protocol Specs: <https://assets.omron.eu/downloads/manual/en/v4/w42 ============================ Ether-S-I/O is a proprietary protocol used by Saia-Burgess's PLCs. -References: `Wireshark wiki: <https://wiki.wireshark.org/EtherSIO.md>`_. +References: `Wireshark wiki: <https://wiki.wireshark.org/EtherSIO.md>`_ .. _Proto 364: @@ -297,7 +296,7 @@ References: `Wireshark wiki: <https://wiki.wireshark.org/EtherSIO.md>`_. ============================ UMAS is a proprietary Schneider Electric protocol based on Modbus. It's used in Modicon M580 and Modicon M340 CPU-based PLCs. -References: `Unofficial article: <https://ics-cert.kaspersky.com/publications/reports/2022/09/29/the-secrets-of-schneider-electrics-umas-protocol/>`_. +References: `Unofficial article: <https://ics-cert.kaspersky.com/publications/reports/2022/09/29/the-secrets-of-schneider-electrics-umas-protocol/>`_ .. _Proto 365: @@ -306,17 +305,16 @@ References: `Unofficial article: <https://ics-cert.kaspersky.com/publications/re ============================ Automation Device Specification is the protocol used for interfacing with Beckhoff PLCs via TwinCAT. -References: `Protocol Specs: <https://infosys.beckhoff.com/english.php?content=../content/1033/tc3_ads_intro/115847307.html>`_. +References: `Protocol Specs: <https://infosys.beckhoff.com/english.php?content=../content/1033/tc3_ads_intro/115847307.html>`_ .. _Proto 366: `NDPI_PROTOCOL_ISO9506_1_MMS` ============================ -The international standard MMS (Manufacturing Message Specification) is an OSI application layer messaging protocol origionally designed for the remote control and monitoring of devices such as Remote Terminal Units (RTU), -Programmable Logic Controllers (PLC), Numerical Controllers (NC), or Robot Controllers (RC). +The international standard MMS (Manufacturing Message Specification) is an OSI application layer messaging protocol origionally designed for the remote control and monitoring of devices such as Remote Terminal Units (RTU), Programmable Logic Controllers (PLC), Numerical Controllers (NC), or Robot Controllers (RC). -References: `Paid Specs: <https://www.iso.org/ru/standard/37079.html>`_. +References: `Paid Specs: <https://www.iso.org/ru/standard/37079.html>`_ .. _Proto 367: @@ -325,7 +323,7 @@ References: `Paid Specs: <https://www.iso.org/ru/standard/37079.html>`_. ============================ IEEE Standard for Synchrophasor Data Transfer for Power Systems -References: `Paid Specs: <https://standards.ieee.org/ieee/C37.118.1/4902/>`_. +References: `Paid Specs: <https://standards.ieee.org/ieee/C37.118.1/4902/>`_ .. _Proto 368: @@ -334,7 +332,7 @@ References: `Paid Specs: <https://standards.ieee.org/ieee/C37.118.1/4902/>`_. ============================ Ether-S-Bus is a proprietary protocol used for the communication with and between PLCs manufactured by Saia-Burgess Controls Ltd. -References: `Wireshark wiki: <https://wiki.wireshark.org/EtherSBus>`_. +References: `Wireshark wiki: <https://wiki.wireshark.org/EtherSBus>`_ .. _Proto 369: @@ -350,16 +348,16 @@ Monero is a private and decentralized cryptocurrency with focus on confidentiali ====================== DCE/RPC is a specification for a remote procedure call mechanism that defines both APIs and an over-the-network protocol. -References: `Wireshark wiki: <https://wiki.wireshark.org/DCE/RPC>`_. +References: `Wireshark wiki: <https://wiki.wireshark.org/DCE/RPC>`_ .. _Proto 371: `NDPI_PROTOCOL_PROFINET_IO` -====================== +=========================== PROFINET/IO is a field bus protocol based on connectionless DCE/RPC. -References: `Protocol Specs: <https://www.profibus.com/download/profinet-specification>`_. +References: `Protocol Specs: <https://www.profibus.com/download/profinet-specification>`_ .. _Proto 372: @@ -368,13 +366,13 @@ References: `Protocol Specs: <https://www.profibus.com/download/profinet-specifi ====================== High-Speed LAN Instrument Protocol (HiSLIP) is a protocol for remote instrument control of LAN-based test and measurement instruments. -References: `Protocol Specs: <https://www.ivifoundation.org/downloads/Protocol%20Specifications/IVI-6.1_HiSLIP-2.0-2020-04-23.pdf>`_. +References: `Protocol Specs: <https://www.ivifoundation.org/downloads/Protocol%20Specifications/IVI-6.1_HiSLIP-2.0-2020-04-23.pdf>`_ .. _Proto 373: `NDPI_PROTOCOL_UFTP` -====================== +==================== Encrypted UDP based FTP with multicast. References: `Protocol Specs: <https://uftp-multicast.sourceforge.net/protocol.txt>`_. @@ -383,19 +381,19 @@ References: `Protocol Specs: <https://uftp-multicast.sourceforge.net/protocol.tx .. _Proto 374: `NDPI_PROTOCOL_OPENFLOW` -====================== +======================== OpenFlow protocol is a network protocol closely associated with Software-Defined Networking (SDN). -References: `Protocol Specs: <https://opennetworking.org/wp-content/uploads/2014/10/openflow-switch-v1.5.1.pdf>`_. +References: `Protocol Specs: <https://opennetworking.org/wp-content/uploads/2014/10/openflow-switch-v1.5.1.pdf>`_ .. _Proto 375: `NDPI_PROTOCOL_JSON_RPC` -====================== +======================== JSON-RPC is a remote procedure call protocol encoded in JSON. -References: `Protocol Specs: <https://www.jsonrpc.org/specification>`_. +References: `Protocol Specs: <https://www.jsonrpc.org/specification>`_ .. _Proto 376: @@ -404,7 +402,7 @@ References: `Protocol Specs: <https://www.jsonrpc.org/specification>`_. ====================== WebDAV is a set of extensions to the HTTP protocol that allows WebDAV clients to collaboratively edit and manage files on remote Web servers. -References: `RFC4918: <https://datatracker.ietf.org/doc/html/rfc4918>`_. +References: `RFC4918: <https://datatracker.ietf.org/doc/html/rfc4918>`_ Notes: @@ -414,16 +412,29 @@ Notes: .. _Proto 377: `NDPI_PROTOCOL_APACHE_KAFKA` -====================== +============================ Apache Kafka is a distributed event store and stream-processing platform. -References: `Official site <https://kafka.apache.org>`_ and `Github <https://github.com/apache/kafka>`_. +References: `Official site <https://kafka.apache.org>`_ and `Github <https://github.com/apache/kafka>`_ .. _Proto 378: `NDPI_PROTOCOL_NOMACHINE` -====================== +========================= NoMachine is a popular proprietary remote desktop software. -References: `Main site <https://www.nomachine.com/>`_. +References: `Main site <https://www.nomachine.com/>`_ + + +.. _Proto 379: + +`NDPI_PROTOCOL_IEC62056` +============================ +IEC 62056-4-7 DLMS/COSEM is a transport layer for IP networks. + +References: `Paid Specs: <https://webstore.iec.ch/publication/22487>`_ + +Notes: + +- Wireshark is not able to recognize this protocol. Some old plugins/code (with some documentation) are available `here <https://github.com/bearxiong99/wireshark-dlms>` and `here <https://github.com/matousp/dlms-analysis/tree/master>`. |