Cisco QoS – Four CoS Levels

Work with your provider to find out what options you have. It’s critical that you match DSCP Names/Values with what they have configured or else it won’t work. You can’t just turn it on and it works like some people think. Below was an option from one of our providers:

CoS Level= DSCP Names | DSCP Values
Interactive Voice ~ premium plus (35%)= CS5,EF|40,46
Critical Data ~ Enhanced Plus (25%)= CS3,AF31,AF32,AF33,CS6,CS7|24,26,28,30,48,56
Preferred Data ~ Enhanced (15%)= CS2,AF21,AF22,AF23|16,18,20,22
Default ~ Basic Plus (25%)= CS1,AF11,AF12,AF13,All Remaining Traffic|1-15,17,19,21,23,25,27,29,31,33,35,37,39,41-45,49-55,57-63

So now if I want to throw something together, it would look like this:

ip access-list extended CRITICAL-APPS_ACL :A nice ACL to prioritize critical applications
  remark Critical Apps Subnet 1
  permit ip any
  remark Critical Apps Subnet 2
  permit ip any

class-map match-any INTERACTIVE-VOICE :Voice is Voice and always need to be the highest prioritized
  match ip dscp ef

class-map match-any CRITICAL-DATA :Here's where you need to do some homework and find out what's critical in your environment and put it here
  match protocol sip
  match protocol citrix
  match protocol bgp
  match access-group name CRITICAL-APPS_ACL
  match ip dscp cs3
  match ip dscp af31

class-map match-any PREFERRED-DATA :SSH was put here so that the IT staff can still have remote access to their devices to help troubleshoot
  match protocol ssh

policy-map WAN_QOS
     priority percent 35

    bandwidth percent 25
    set ip dscp af31

    bandwidth percent 15
    set ip dscp af21

  class class-default
    bandwidth percent 25
    random-detect dscp-based

interface gigx/x
  service-policy output WAN_QOS

Again this is just an example but you can customize it to fit your environment. Try to follow best practices when you can. Below is a snapshot of Cisco’s best practices:

Cisco QoS Best Practices

You can see for Network Mgmt they recommend CS2 and above we have SSH set to CS2 in Preferred Data since that’s where CS2 belongs (look at the SP’s settings). Routing is CS6 in Cisco’s documentation which falls under Critical Data, so we placed BGP in Critical Data but we are tagging it with AF31.

One thing to keep in mind is that difference values at the same level of CoS can have a difference Drop Probability. See below:

Cisco DCSP Values
Cisco Precedence Values

Above you’ll notice I’m using NBAR options to help match specific traffic by protocols. Below are all the options on the router I was using. There are a lot.

ISP1(config-cmap)#match protocol ?
  3com-amp3                3Com AMP3
  3com-tsmux               3Com TSMUX
  3pc                      Third Party Connect Protocol
  914c/g                   Texas Instruments 914 Terminal
  9pfs                     Plan 9 file service
  CAIlic                   Computer Associates Intl License Server
  Konspire2b               konspire2b p2p network
  MobilitySrv              Mobility XE protocol
  aarp                     AppleTalk ARP
  acap                     ACAP
  acas                     ACA Services
  accessbuilder            Access Builder
  accessnetwork            Access Network
  acp                      Aeolon Core Protocol
  acr-nema                 ACR-NEMA Digital Img
  active-directory         Active Directory Traffic
  activesync               Microsoft Activesync protocol,mobile data
                           synchronization based on HTTP
  adobe-connect            web conferencing software
  aed-512                  AED 512 Emulation service
  afpovertcp               AFP over TCP
  agentx                   AgentX
  alpes                    Alpes
  aminet                   AMInet
  an                       Active Networks
  anet                     ATEXSSTR
  ansanotify               ANSA REX Notify
  ansatrader               ansatrader
  any-host-internal        any host internal protocol
  aodv                     AODV
  aol-messenger            AOL Messenger Text Chat
  aol-messenger-audio      AOL Instant Messenger Audio Calls traffic
  aol-messenger-ft         DEPRECATED, signatures moved to OSCAR File-Transfer
  aol-messenger-video      AOL Instant Messenger Video Calls traffic
  aol-protocol             America OnLine software suite
  apc-powerchute           American Power Conversion
  apertus-ldp              Apertus Tech Load Distribution
  apollo                   Apollo Domain
  applejuice               Apple juice P2P file sharing
  appleqtc                 apple quick time
  appleqtcsrvr             appleqtcsrvr
  appletalk                AppleTalk
  application-group        application-group attribute
  applix                   Applix ac
  arcisdms                 arcisdms
  argus                    ARGUS
  ariel1                   Ariel1
  ariel2                   Ariel2
  ariel3                   Ariel3
  aris                     ARIS
  arns                     A remote network server system
  arp                      IP ARP
  aruba-papi               Aruba access point manager
  as-servermap             AS Server Mapper
  asa                      ASA Message router object def
  asa-appl-proto           asa-appl-proto
  asip-webadmin            AppleShare IP WebAdmin
  asipregistry             asipregistry
  at-3                     AppleTalk Unused
  at-5                     AppleTalk Unused
  at-7                     AppleTalk Unused
  at-8                     AppleTalk Unused
  at-echo                  AppleTalk Echo
  at-nbp                   AppleTalk Name Binding
  at-rtmp                  AppleTalk Routing Maintenance
  at-zis                   AppleTalk Zone Information
  attribute                Attribute based protocol match
  audio-over-http          Audio traffic over HTTP
  audit                    Unisys Audit SITP
  auditd                   Digital Audit daemon
  aurora-cmgr              Aurora CMGR
  aurp                     Appletalk Update-Based Routing Pro.
  auth                     Authentication Service
  avian                    avian
  avocent                  Secure management and installation discovery
  ax25                     AX.25 Frames
  ayiya-ipv6-tunneled      Ayiya IPv6 tunneling protocol
  babelgum                 Internet TV web platform
  bacnet                   Building Automation and Control Networks
  baidu-movie              Internet TV
  banyan-rpc               banyan-rpc
  banyan-vip               banyan-vip
  bb                       Big Brother network monitoring tool
  bbnrccmon                BBN RCC Monitoring
  bdp                      Bundle Discovery protocol
  bftp                     Background File Transfer Program
  bgmp                     BGMP
  bgp                      Border Gateway Protocol
  bgs-nsi                  bgs-nsi
  bhevent                  bhevent
  bhfhs                    bhfhs
  bhmds                    bhmds
  binary-over-http         Binary traffic over HTTP
  bittorrent               bittorrent p2p file sharing client
  bl-idm                   Britton Lee IDM
  blizwow                  World of Warcraft Gaming Protocol
  bmpp                     bmpp
  bna                      BNA
  bnet                     bnet
  borland-dsj              borland-dsj
  br-sat-mon               Backroom SATNET Monitoring
  bridge                   Bridging
  bstun                    Block Serial Tunnel
  cab-protocol             CAB Protocol
  cableport-ax             Cable Port A/X
  cadlock                  cadlock
  call-of-duty             Call of duty online gaming
  capwap-control           Control And Provisioning of Wireless Access Points
                           Control Protocol
  capwap-data              Control And Provisioning of Wireless Access Points
                           Data Protocol
  cbt                      CBT
  cdc                      Certificate Distribution Center
  cddbp-alt                CD DataBase Protocol
  cdp                      Cisco Discovery Protocol
  cfdptkt                  cfdptkt
  cftp                     CFTP
  chaos                    Chaos
  chargen                  Character Generator
  checkpoint-cpmi          Check Point Management Interface
  chshell                  chcmd
  cifs                     common internet file system
  cimplex                  cimplex
  cisco-fna                cisco FNATIVE
  cisco-ip-camera          Cisco video surveillance camera
  cisco-nac                Ciscos Network Access Control (NAC) system
  cisco-phone              Cisco IP Phones and PC-based Unified Communicators
  cisco-sys                cisco SYSMAINT
  cisco-tdp                Cisco TDP
  cisco-tna                cisco TNATIVE
  citrix                   Citrix Systems Metaframe 3.0
  citrix-static            Citrix Static
  clearcase                Rational ClearCase
  clns                     ISO CLNS
  clns_es                  ISO CLNS End System
  clns_is                  ISO CLNS Intermediate System
  cloanto-net-1            cloanto-net-1
  cmip-agent               CMIP/TCP Agent
  cmip-man                 CMIP/TCP Manager
  cmns                     ISO CMNS
  coauthor                 oracle
  codaauth2                codaauth2
  collaborator             collaborator
  commerce                 commerce
  compaq-peer              Compaq Peer Protocol
  compressedtcp            Compressed TCP (VJ)
  compressnet              Management Utility
  comscm                   comscm
  con                      con
  conference               chat
  connendp                 almanid Connection Endpoint
  contentserver            contentserver
  cooltalk                 Internet telephony tool
  corba-iiop               CORBA Internet Inter-ORB Protocol
  corerjd                  corerjd
  courier                  rpc
  covia                    Communications Integrator
  cphb                     Computer Protocol Heart Beat
  cpnx                     Computer Protocol Network Executive
  cpq-wbem                 Compaq HTTP
  creativepartnr           creativepartnr
  creativeserver           creativeserver
  crs                      crs
  crtp                     Combat Radio Transport Protocol
  crudp                    Combat Radio User Datagram
  cryptoadmin              Crypto Admin
  csi-sgwp                 Cabletron Management Protocol
  csnet-ns                 Mailbox Name Nameserver
  ctf                      Common Trace Facility
  cuseeme                  CU-SeeMe desktop video conference
  custix                   Customer Ixchange
  custom-01                Custom protocol custom-01
  custom-02                Custom protocol custom-02
  custom-03                Custom protocol custom-03
  custom-04                Custom protocol custom-04
  custom-05                Custom protocol custom-05
  custom-06                Custom protocol custom-06
  custom-07                Custom protocol custom-07
  custom-08                Custom protocol custom-08
  custom-09                Custom protocol custom-09
  custom-10                Custom protocol custom-10
  cvc_hostd                cvc_hostd
  cvspserver               CVS pserver
  cvsup                    Cvsup
  cybercash                cybercash
  cycleserv                cycleserv
  cycleserv2               cycleserv2
  dantz                    dantz
  dasp                     dasp
  datasurfsrv              DataRamp Svr
  datasurfsrvsec           DataRamp Svr svs
  datex-asn                datex-asn
  daytime                  Daytime (RFC 867)
  dbase                    dBASE Unix
  dccp                     Datagram Congestion Control Protocol
  dclink                   Automated Data Collection Solution
  dcn-meas                 DCN Measurement Subsystems
  dcp                      Device Control Protocol
  dctp                     dctp
  ddm-dfm                  DDM Distributed File management
  ddm-rdb                  DDM-Remote Relational Database Access
  ddm-ssl                  DDM-Remote DB Access Using Secure Sockets
  ddp                      Datagram Delivery Protocol
  ddx                      D-II Data Exchange
  dec_dlm                  dec_dlm
  decap                    decap
  decauth                  decauth
  decbsrv                  decbsrv
  decladebug               DECLadebug Remote Debug Protocol
  decnet                   DECnet
  decnet_node              DECnet Node
  decnet_router-l1         DECnet Router L1
  decnet_router-l2         DECnet Router L2
  decvms-sysmgt            decvms-sysmgt
  dei-icda                 dei-icda
  deos                     Distributed External Object Store
  desknets                 Groupware application for resource sharing
  device                   device
  dgp                      Dissimilar Gateway Protocol
  dhcp                     Dynamic Host Configuration Protocol
  dhcp-failover            DHCP Failover
  dhcp-failover2           dhcp-failover2
  dhcpv6-client            DHCPv6 Client
  dhcpv6-server            DHCPv6 Server
  dht                      Distributed sloppy Hash Table protocol
  dicom                    Digital Imaging and Communication in Medicine
  digital-vrc              digital-vrc
  directconnect            Direct Connect Version 2.0, peer-to-peer file
                           sharing protocol
  directplay               DirectPlay
  directplay8              DirectPlay8
  directv-catlg            Direct TV Data Catalog
  directv-soft             Direct TV Software Updates
  directv-tick             Direct TV Tickers
  directv-web              Direct TV Webcasting
  discard                  Discard
  disclose                 campaign contribution disclosures
  distcc                   Distributed Compiler
  dixie                    DIXIE Protocol Specification
  dls                      Directory Location Service
  dls-mon                  Directory Location Service Monitor
  dlsw                     Data Link Switching (Direct encapsulation only)
  dmp                      Cisco Digital Media Player
  dn6-nlm-aud              DNSIX Network Level Module Audit
  dna-cml                  DNA-CML
  dnp                      Distributed Network Protocol
  dns                      Domain Name Server lookup
  dnsix                    DNSIX Securit Attribute Token Map
  doom                     doom Id Software
  dpsi                     dpsi
  dsfgw                    dsfgw
  dsp                      Display Support Protocol
  dsp3270                  Display Systems Protocol
  dsr                      Dynamic Source Routing Protocol
  dtag-ste-sb              DTAG
  dtk                      dtk
  dwr                      dwr
  echo                     Echo dubbuging and measurement tool
  edonkey                  eDonkey p2p file sharing client
  edonkey-static           Static Edonkey
  egp                      Exterior Gateway Protocol
  eigrp                    Enhanced Interior Gateway Routing Protocol
  elcsd                    errlog copy/server daemon
  embl-ndt                 EMBL Nucleic Data Transfer
  emcon                    EMCON
  emfis-cntl               EMFIS Control Service
  emfis-data               EMFIS Data Service
  encap                    Encapsulation Header
  encrypted-bittorrent     Encrypted Bittorrent Traffic
  encrypted-emule          P2P file sharing encrypted protocol
  entomb                   entomb
  entrust-aaas             entrust-aaas
  entrust-aams             entrust-aams
  entrust-ash              Entrust Administration Service Handler
  entrust-kmsh             Entrust Key Management Service Handler
  entrust-sps              entrust-sps
  epmap                    DCE endpoint resolution
  erpc                     Encore Expedited Remote Pro.Call
  escp-ip                  escp-ip
  esignal                  Real-time market data and decision support tools
  esro-emsdp               ESRO-EMSDP V1.3
  esro-gen                 Efficient Short Remote Operations
  etherip                  Ethernet-within-IP Encapsulation
  eudora-set               Eudora Set
  exchange                 MS-RPC Exchange
  exec                     remote process execution
  fasttrack                DEPRECATED, traffic will not match
  fasttrack-static         FastTrack Traffic - KaZaA, Morpheus, Grokster...
  fatserv                  Fatmen Server
  fc                       Fibre Channel
  fcp                      FirstClass Protocol
  filemaker-announcement   Filemaker relational database application
  filetopia                Secure P2P file sharing application
  finger                   Finger
  fire                     FIRE
  fix                      Financial Information eXchange Protocol
  flash-video              Flash video streams
  flashmyspace             Flash streams at
  flashyahoo               Flash streams at yahoo
  flexlm                   Flexible License Manager
  fln-spx                  Berkeley rlogind with SPX auth
  font-service             X font service
  fring                    Fring IM setups and Ads
  fring-video              Fring Video, video conversations on mobiles
  fring-voip               Fring Voip, voice conversations on mobiles over IP
  ftp                      File Transfer Protocol
  ftp-agent                FTP Software Agent System
  ftp-data                 File Transfer
  ftps-data                ftp protocol, data, over TLS/SSL
  fujitsu-dev              Fujitsu Device Control
  gacp                     Gateway Access Control Protocol
  game-spy                 Game-spy online gaming
  gdomap                   gdomap
  gds_db                   GDS DataBase
  genie                    Genie Protocol
  genrad-mux               genrad-mux
  ggf-ncp                  GNU Generation Foundation NCP
  ggp                      Gateway-to-Gateway
  ghostsurf                GhostSurf Anonymous Internet Surfing Application
  ginad                    ginad
  gkrellm                  Monitoring program
  gmail                    Gmail and Gmail-chat traffic
  gmtp                     graphical Media Transfer Protocol
  gnutella                 Gnutella Version2 Traffic, peer-to-peer file-sharing
  go-login                 go-login
  goboogy                  P2P file sharing
  google-accounts          Google Services Authentication
  google-earth             Location Based Service
  gopher                   Internet Gopher protocol, online document
  gotodevice               Online device management application
  gotomypc                 GOTOMYPC is a remote control service
  graphics                 Graphics
  gre                      General Routing Encapsulation
  gridftp                  File Transfer Protocol over the Grid
  groove                   groove
  groupwise                Groupwise messaging and groupware platform
  gsiftp                   GSI FTP
  gss-http                 gss-http
  gss-xlicen               GNU Generation Foundation NCP
  gtalk                    Base google-talk protocol
  gtalk-chat               IM between the Google Talk servers and its clients
  gtalk-ft                 Google Talk File Transfer
  gtalk-video              Google Talk Video Call
  gtalk-voip               Google Talk voice
  gtp-user                 GTP-User Plane
  guruguru                 Japanese file sharing client
  h323                     H323 Protocol
  ha-cluster               ha-cluster
  hamachi                  Shareware VPN application
  hap                      hap
  hassle                   hassle
  hcp-wismar               Hardware Control Protocol Wismar
  hdap                     hdap
  hello-port               HELLO_PORT
  hems                     hems
  heroix-longitude         Network performance monitoring software
  hip                      Host Identity Protocol
  hitachi-spc              Hitachi Universal Storage Platform
  hl7                      health level 7 protocol, information exchanging
                           between health applications
  hmmp-ind                 HMMP Indication
  hmmp-op                  HMMP Operation
  hmp                      Host Monitoring
  hopopt                   DEPRECATED, traffic will not match
  hostname                 NIC Host Name Server
  hp-alarm-mgr             hp performance data alarm manager
  hp-collector             hp performance data collector
  hp-managed-node          hp performance data managed node
  hp-pdl-datastr           PDL data streaming port
  http                     World Wide Web traffic
  http-alt                 HTTP Alternate
  http-mgmt                http-mgmt
  http-rpc-epmap           HTTP RPC Ep Map
  hybrid-pop               hybrid-pop
  hyper-g                  hyper-g
  hyperwave-isp            hyperwave-isp
  i-nlsp                   Integrated Net Layer Security TUBA
  iafdbase                 iafdbase
  iafserver                iafserver
  iasd                     iasd
  iatp                     Interactive Agent Transfer Protocol
  iax                      Inter-Asterisk eXchange
  ibm-app                  IBM Application
  ibm-db2                  IBM-DB2
  ibm-director             Element management system
  ibprotocol               Internet Backplane Protocol
  iclcnet-locate           ICL coNETion locate server
  iclcnet_svinfo           ICL coNETion server info
  icmp                     Internet Control Message Protocol
  icq                       I seek you (ICQ), Instant Messaging Protocol
  icq-filetransfer         DEPRECATED, signatures moved to OSCAR File-Transfer
  idfp                     idfp
  idpr                     Inter-Domain Policy Routing Protocol
  idpr-cmtp                IDPR Control Message Transport Proto
  idrp                     Inter-Domain Routing Protocol
  ieee-mms                 ieee-mms
  ieee-mms-ssl             ieee-mms-ssl
  ifmp                     Ipsilon Flow Management Protocol
  igrp                     Cisco interior gateway
  iiop                     iiop
  il                       IL Transport Protocol
  imap                     Internet Mail Access Protocol
  imsp                     Interactive Mail Support Protocol
  inbusiness               inbusiness
  infoseek                 InfoSeek
  ingres-net               INGRES-NET Service
  intecourier              intecourier
  integra-sme              Integra Software Management Environment
  intrinsa                 intrinsa
  ip                       IP
  ip-messenger             Instant messaging over IP application
  ipcd                     ipcd
  ipcomp                   IP Payload Compression Protocol
  ipcserver                Sun IPC server
  ipcv                     Internet Packet Core Utility
  ipdd                     ipdd
  ipinip                   IP in IP
  ipip                     IP-within-IP Encapsulation Protocol
  iplt                     IPLT
  ipp                      Internet Printing Protocol
  ippc                     Internet Pluribus Packet Core
  ipsec                    IPSec traffic
  ipv6                     IPV6
  ipv6-frag                DEPRECATED, traffic will not match
  ipv6-icmp                ICMP for IPv6
  ipv6-nonxt               DEPRECATED, traffic will not match
  ipv6-opts                DEPRECATED, traffic will not match
  ipv6-route               DEPRECATED, traffic will not match
  ipv6inip                 Ipv6 encapsulated
  ipx                      Novell IPX
  ipx-in-ip                IPX in IP
  irc                      Internet Relay Chat
  irc-serv                 IRC-SERV
  irtp                     Internet Reliable Transaction
  is99c                    TIA/EIA/IS-99 modem client
  is99s                    TIA/EIA/IS-99 modem server
  isakmp                   Internet Security Association and Key Management
  isatap-ipv6-tunneled     Intra-Site Automatic Tunnel Addressing Protocol IPv6
                           over IPv4
  iscsi-target             Internet Small Computer System Interface
  isi-gl                   ISI Graphics Language
  isis                     Intermediate System-to-Intermediate System (ISIS)
                           over IPv4
  iso-ill                  ISO ILL Protocol
  iso-ip                   iso-ip
  iso-tp0                  iso-tp0
  iso-tp4                  ISO Transport Protocol Class 4
  iso-tsap                 ISO-TSAP Class 0
  iso-tsap-c2              ISO Transport Class 2 Non-Control
  itm-mcell-s              itm-mcell-s
  itunes                   Organize and play media applicaion
  jargon                   Jargon
  k-block                  k-block
  kali                     kali
  kazaa2                   DEPRECATED, traffic will not match
  kerberos                 Kerberos Authentication Protocol
  kerberos-adm             kerberos administration
  keyserver                Key Server
  kis                      KIS Protocol
  klogin                   klogin
  knet-cmp                 KNET/VM Command/Message Protocol
  kpasswd                  kpasswd
  kryptolan                kryptolan
  kshell                   krcmd
  kuro                     Japanese file sharing client
  l2tp                     l2tp
  la-maint                 IMP Logical Address Maintenance
  lanserver                lanserver
  larp                     Locus Address Resolution Protocol
  ldap                     Lightweight Directory Access Protocol
  ldp                      LDP
  leaf-1                   Leaf-1
  leaf-2                   Leaf-2
  legent-1                 Legent Corporation
  legent-2                 Legent Corporation
  livemeeting              Microsoft Office Live Meeting, online conferencing
  livestation              Live television and radio broadcasts
  ljk-login                ljk-login
  llc2                     llc2
  lockd                    NFS Lock Daemon Manager
  locus-con                Locus PC-Interface Conn Server
  locus-map                Locus PC-Interface Net Map Ser
  login                    Obtain a remote login Terminal
  loglogic                 Log and security management
  lwapp                    Lightweight Access Point Protocol
  mac-srvr-admin           MacOS Server Admin
  magenta-logic            magenta-logic
  mailbox-lm               mailbox-lm
  mailq                    MAILQ
  maitrd                   maitrd
  manet                    MANET Protocols
  manolito                 Free secure P2P filesharing
  mapi                     Messaging Application Programming Interface
  maplestory               Maple Story Gaming Protocol
  masqdialer               masqdialer
  matip-type-a             MATIP Type A
  matip-type-b             MATIP Type B
  maxdb                    MaxDB relational database management system
  mcafee-update            Update client of McAfee-computer security software
  mcidas                   McIDAS Data Transmission Protocol
  mcns-sec                 mcns-sec
  mdc-portmapper           mdc-portmapper
  mecomm                   mecomm
  megavideo                Video Hosting Service
  meregister               meregister
  merit-inp                MERIT Internodal Protocol
  meta5                    meta5
  metagram                 metagram
  meter                    meter
  mfcobol                  Micro Focus Cobol
  mfe-nsp                  MFE Network Services Protocol
  mftp                     mftp
  mgcp                     Media Gateway Control Protocol
  micom-pfs                micom-pfs
  micp                     Mobile Internetworking Control Pro.
  micromuse-lm             micromuse-lm
  microsoftds              Microsoft-DS
  mit-dov                  MIT Dover Spooler
  mit-ml-dev               MIT ML Device
  mobile                   IP Mobility
  mobileip-agent           mobileip-agent
  mobilip-mn               mobilip-mn
  mondex                   mondex
  monitor                  monitor
  mortgageware             mortgageware
  mpls-in-ip               MPLS-in-IP
  mpm                      Message Processing Module
  mpm-flags                MPM FLAGS Protocol
  mpm-snd                  MPM [default send]
  mpp                      Netix Message Posting Protocol
  mptn                     Multi Protocol Trans. Net
  mrm                      mrm
  ms-iis                   MS-RPC Internet Information Services (IIS)
  ms-live-accounts         Windows Live Services Authentication
  ms-netlogon              MS-RPC Net Logon, log on management service
  ms-ocs-file-transfer     Microsoft Office Communications Server and File
  ms-office-365            Microsoft Office 365
  ms-olap                  Microsoft OLAP
  ms-rome                  microsoft rome
  ms-rpc                   Microsoft Remote Procedure Call
  ms-shuttle               microsoft shuttle
  ms-sms                   Microsoft Systems Management Server
  ms-sql-m                 Microsoft-SQL-Monitor
  ms-streaming             Microsoft media services
  ms-update                Microsoft Update Service
  ms-wbt                   Microsoft Windows based Terminal Services
  ms-win-dns               MS-RPC windows Domain Naming System
  msdp                     msdp
  msexch-routing           MS Exchange Routing
  msft-gc                  Microsoft Global Catalog
  msft-gc-ssl              Microsoft Global Catalog with LDAP/SSL
  msg-auth                 msg-auth
  msg-icp                  msg-icp
  msn-messenger            MSN Messenger IM, Status Messages, News and Gaming
  msn-messenger-ft         MSN Messenger Filetransfer
  msn-messenger-video      msn-messenger-video
  msnp                     msnp
  msp                      Message Send Protocol
  mtp                      Multicast Transport Protocol
  multiling-http           Multiling HTTP
  multiplex                Network Innovations Multiplex
  mumps                    Plus Fives MUMPS
  mux                      Multiplexing
  my-jabber-ft             DEPRECATED,traffic will not match
  mylex-mapd               mylex-mapd
  mysql                    database management system
  name                     Host Name Server
  namp                     namp
  napster                  Commercial Media Distribution Application
  narp                     NBMA Address Resolution Protocol
  nas                      Netnews Administration System
  nced                     nced
  ncld                     ncld
  ncp                      Network services Protocol
  ncube-lm                 Ncube License Manager
  ndmp                     Network Data Management Protocol
  ndsauth                  NDSAUTH
  nest-protocol            nest-protocol
  net-assistant            net-assistant
  net8-cman                Oracle Net8 CMan Admin
  netapp-snapmirror        Data replication Enterprise  Solution
  netbios                  netbios
  netbios-ns               NetBIOS Naming Service
  netblt                   Bulk Data Transfer Protocol
  netflix                  Netflix online video streaming
  netgw                    netgw
  netnews                  readnews
  netop-remote-control     Remote control management and support software
  netrcs                   Network based RCS
  netrjs-1                 Remote Job Service
  netrjs-2                 Remote Job Service
  netrjs-3                 Remote Job Service
  netrjs-4                 Remote Job Service
  netsc-dev                NETSC
  netsc-prod               NETSC
  netshow                  Microsoft Netshow, media streaming protocol
  netviewdm1               IBM NetView DM
  netviewdm2               IBM NetView DM
  netviewdm3               IBM NetView DM
  netvmg-traceroute        Routing diagnostics tool
  netwall                  for emergency broadcasts
  netware-ip               Novell Netware over IP
  networking-gnutella      Gnutella-networking Version2 Traffic
  new-rwho                 new who
  nextstep                 NextStep Window Server
  nfs                      Network File System
  ni-ftp                   NI FTP
  ni-mail                  NI MAIL
  nicname                  Who Is
  nlogin                   nlogin
  nmap                     nmap
  nmsp                     Networked Media Streaming Protocol
  nnsp                     nnsp
  nntp                     network news transfer protocol
  notes                    Lotus Notes(R)
  novadigm                 Novadigm EDM
  novastorbakcup           Novastor Backup
  npmp-gui                 npmp-gui
  npmp-local               npmp-local
  npmp-trap                npmp-trap
  npp                      Network Printing Protocol
  nqs                      nqs
  ns                       ns
  nsfnet-igp               NSFNET-IGP
  nsiiops                  IIOP Name Service over TLS/SSL
  nsrmp                    Network Security Risk Management Protocol
  nss-routing              NSS-Routing
  nsw-fe                   NSW User System FE
  ntalk                    ntalk
  ntp                      Network Time Protocol
  nvp-ii                   Network Voice Protocol
  nxedit                   nxedit
  obex                     obex
  objcall                  Tivoli Object Dispatcher
  ocbinder                 ocbinder
  ocs_amu                  ocs_amu
  ocs_cmu                  ocs_cmu
  ocserver                 ocserver
  odmr                     odmr
  ohimsrv                  ohimsrv
  olsr                     olsr
  omginitialrefs           omginitialrefs
  omhs                     Operations Manager - Health Service
  omserv                   omserv
  onmux                    onmux
  opalis-rdv               opalis-rdv
  opalis-robot             opalis-robot
  opc-job-start            IBM Operations Planning and Control Start
  opc-job-track            IBM Operations Planning and Control Track
  openport                 openport
  openvms-sysipc           openvms-sysipc
  openvpn                  OpenVPN protocol
  opsmgr                   Microsoft Operations Manager
  ora-srv                  Oracle TCP/IP Listener
  oracle-bi                Oracle Business Intelligence
  oracle-sqlnet            SQL*NET for Oracle
  oraclenames              oraclenames
  oraclenet8cman           Oracle Net8 Cman
  orbix-config             Orbix 2000 Config
  orbix-loc-ssl            Orbix 2000 Locator SSL
  orbix-locator            Orbix 2000 Locator
  oscar-filetransfer       OSCAR Protocol File-transfer classification
  ospf                     Open Shortest Path First
  osu-nms                  OSU Network Monitoring System
  p10                      Internet relay chat
  pad                      PAD links
  pando                    Peer-to-Peer File-Sharing
  parsec-game              Parsec Gameserver
  passgo                   passgo
  passgo-tivoli            passgo-tivoli
  password-chg             Password Change
  pawserv                  Perf Analysis Workbench
  pcanywhere               Symantec pcAnywhere-remote desktop
  pcmail-srv               PCMail Server
  pcoip                    Virtual Desktop Infrastructure
  pdap                     Prospero Data Access Protocol
  perforce                 Software Configuration Management
  personal-link            personal-link
  pftp                     pftp
  pgm                      PGM Reliable Transport Protocol
  philips-vc               Philips Video-Conferencing
  phonebook                Phone
  photuris                 photuris
  pim                      Protocol Independent Multicast
  pim-rp-disc              PIM-RP-DISC
  ping                     Ping is echo-request/echo-reply over ICMP
  pip                      pip
  pipe                     Private IP Encapsulation within IP
  pirp                     pirp
  pkix-3-ca-ra             PKIX-3 CA/RA
  pkix-timestamp           pkix-timestamp
  pnni                     PNNI over IP
  poco                     P2P file sharing Software
  pop2                     Post Office Protocol - Version 2
  pop3                     Post Office Protocol 3
  postgresql               PostgreSQL database
  pov-ray                  pov-ray
  powerburst               Air Soft Power Burst
  pppoe                    PPP over Ethernet
  ppstream                 P2P video streaming application
  pptp                     Point-to-Point Tunneling Protocol
  print-srv                Network PostScript
  printer                  spooler
  prm                      Packet Radio Measurement
  prm-nm                   Prospero Resource Manager Node Man
  prm-sm                   Prospero Resource Manager Sys. Man
  profile                  PROFILE Naming System
  prospero                 Prospero Directory Service
  psrserver                Pharos psrserver
  ptcnameservice           PTC Name Service
  ptp                      Performance Transparency Protocol
  ptp-event                PTP Event
  ptp-general              PTP General
  pump                     pump
  pup                      PUP
  purenoise                purenoise
  pvp                      Packet Video Protocol
  pwdgen                   Password Generator Protocol
  qbikgdp                  qbikgdp
  qft                      Queued File Transport
  qllc                     qllc protocol
  qmqp                     qmqp
  qmtp                     The Quick Mail Transfer Protocol
  qnx                      QNX
  qotd                     Quote of the Day
  qrh                      qrh
  quotad                   quotad
  radius                   Remote Authentication Dial In User Service protocol
  radmin-port              Remote Admin
  rap                      Route Access Protocol
  rcp                      Radio Control Protocol
  rda                      rda
  rdb-dbs-disp             Oracle Remote Data Base
  rdp                      Reliable Data Protocol
  rdt                      Real Data Transport
  re-mail-ck               Remote Mail Checking Protocol
  realm-rusd               ApplianceWare managment protocol
  realmedia                RealMedia traffic
  remote-kis               remote-kis
  remotefs                 rfs server
  repcmd                   repcmd
  repscmd                  repscmd
  rescap                   rescap
  rhapsody                 Online Music Service
  rip                      Routing Information Protocol
  ripng                    Routing information protocol for IPV6 networks
  ris                      Intergraph
  ris-cm                   Russell Info Sci Calendar Manager
  rje                      Remote Job Entry
  rlp                      Resource Location Protocol
  rlzdbase                 rlzdbase
  rmc                      rmc
  rmiactivation            rmiactivation
  rmiregistry              rmiregistry
  rmonitor                 rmonitord
  rmt                      Remote MT Protocol
  rpc2portmap              rpc2portmap
  rrh                      rrh
  rrp                      Registry Registrar Protocol
  rsh-spx                  Berkeley rshd with SPX auth
  rsrb                     Remote Source-Route Bridging(Direct encapsulation
  rsvd                     rsvd
  rsvp                     Resource Reservation Protocol
  rsvp-e2e-ignore          RSVP-E2E-IGNORE
  rsvp-encap-1             Resource Reservation Protocol
  rsvp-encap-2             Resource Reservation Protocol
  rsvp_tunnel              rsvp_tunnel
  rsync                    rsync
  rtcp                     Real Time Control Protocol
  rtelnet                  Remote Telnet Service
  rtip                     rtip
  rtmp                     Real Time Messaging Protocol
  rtmpe                    Encrypted Real Time Messaging Protocol
  rtmpt                    Real Time Messaging Protocol tunneled over HTTP
  rtp                      Real Time Protocol
  rtsp                     Real Time Streaming Protocol
  rtsps                    RTSPS
  rushd                    rushd
  rvd                      MIT Remote Virtual Disk Protocol
  rxe                      rxe
  s-net                    Sirius Systems
  saft                     saft Simple Asynchronous File Transfer
  sanity                   sanity
  sap                      SAP Systems Applications Product in Data processing
  sat-expak                SATNET and Backroom EXPAK
  sat-mon                  SATNET Monitoring
  scc-security             scc-security
  scc-sp                   Semaphore Communications Sec. Pro.
  schedule-transfer        Schedule Transfer Protocol
  sco-dtmgr                SCO Desktop Administration Server
  sco-inetmgr              Internet Configuration Manager
  sco-sysmgr               SCO System Administration Server
  sco-websrvrmg3           SCO Web Server Manager 3
  sco-websrvrmgr           SCO WebServer Manager
  scohelp                  scohelp
  scoi2odialog             scoi2odialog
  scps                     SCPS
  sctp                     Stream Control Transmission Protocol
  scx-proxy                scx-proxy
  sdnskmp                  SDNSKMP
  sdrp                     Source Demand Routing Protocol
  secondlife               SecondLife traffic
  secure-ftp               ftp protocol, control, over TLS/SSL
  secure-http              Secured HTTP or SSL
  secure-imap              Internet Message Access Protocol over TLS/SSL
  secure-irc               irc protocol over TLS
  secure-ldap              ldap protocol over TLS
  secure-nntp              nntp protocol over TLS
  secure-pop3              pop3 protocol over TLS
  secure-telnet            telnet protocol over TLS
  secure-vmtp              SECURE-VMTP
  semantix                 semantix
  send                     SEND
  server-ipx               Internetwork Packet Exchange Protocol
  servstat                 Service Status update
  set                      Secure Electronic Transaction
  sflow                    Sflow traffic monitoring
  sfs-config               Cray SFS config server
  sfs-smp-net              Cray Network Semaphore server
  sftp                     Simple File Transfer Protocol
  sgcp                     sgcp
  sgmp                     sgmp
  sgmp-traps               sgmp-traps
  share-point              SharePoint web application protocol
  shell                    Execute a program on remote shell
  shockwave                Shockwave
  shrinkwrap               shrinkwrap
  siam                     siam
  sift-uft                 Sender-Initiated/Unsolicited File Transfer
  silc                     silc
  sip                      Session Initiation Protocol
  sip-tls                  Secure Session Initiation Protocol tunneled in SSL
                           or TLS
  sitaradir                sitaradir
  sitaramgmt               sitaramgmt
  sitaraserver             sitaraserver
  sixtofour-ipv6-tunneled  Sixtofour  IPv6 over IPv4 tunneling protocol
  skinny                   Skinny Call Control Protocol
  skip                     SKIP
  skronk                   skronk
  skype                    Skype Peer-to-Peer Internet Telephony Protocol
  sling                    SlingBox Internet TV
  sm                       SM
  smakynet                 smakynet
  smartpackets             EMC SmartPackets
  smartsdp                 smartsdp
  smp                      Simple Message Protocol
  smpnameres               smpnameres
  smsd                     smsd
  smsp                     Storage Management Services Protocol
  smtp                     Simple Mail Transfer Protocol
  smux                     SMUX
  snagas                   SNA Gateway Access Server
  snapshot                 Snapshot routing support
  snare                    snare
  snmp                     Simple Network Messaging Protocol
  snp                      Sitara Networks Protocol
  snpp                     Simple Network Paging Protocol
  sntp-heartbeat           SNTP HEARTBEAT
  socks                    generic proxy protocol for TCP/IP-based networking
  softpc                   Insignia Solutions
  softros-messenger-ft     Softros LAN Messenger and File Transfer
  sonar                    sonar
  songsari                 Commercial Media Distribution
  sopcast                  Free P2P internet TV
  soribada                 a Korean P2P music sharing protocol
  soulseek                 P2P file sharing application
  spmp                     spmp
  sprite-rpc               Sprite RPC Protocol
  sps                      Secure Packet Shield
  spsc                     spsc
  sql-net                  SQL-NET
  sqlexec                  SQL Informix
  sqlnet                   DEPRECATED,traffic will not match
  sqlserv                  SQL Services
  sqlserver                Microsoft-SQL-Server
  sqlsrv                   SQL Service
  src                      IBM System Resource Controller
  srmp                     Spider Remote Monitoring Protocol
  srp                      SpectraLink Radio Protocol
  srssend                  srssend
  ss7ns                    ss7ns
  sscopmce                 SSCOPMCE
  ssh                      Secure Shell Protocol
  sshell                   SSLshell
  ssl                      Secure Socket Layer Protocol
  sst                      SCSI on ST
  st                       Stream
  statsrv                  Statistics Service
  steam                    Online game platform
  stmf                     stmf
  streamwork               Xing Technology StreamWorks player
  streettalk               streettalk
  stun                     Serial Tunnel(Direct encapsulation only)
  stun-nat                 Session Traversal Utilities for NAT (STUN)
  stuns                    STUN over TLS
  stx                      Stock IXChange
  su-mit-tg                SU/MIT Telnet Gateway
  submission               submission
  submit                   Submit Protocol
  subntbcst_tftp           subntbcst_tftp
  sun-dr                   sun-dr
  sun-nd                   SUN ND PROTOCOL-Temporary
  sunrpc                   SUN Remote Procedure Call
  supdup                   SUPDUP
  sur-meas                 Survey Measurement
  surf                     surf
  svn                      Apache subversion software revision control
  svrloc                   Server Location
  swift-rvf                Swift Remote Virtural File Protocol
  swipe                    IP with Encryption
  sybase                   Database management system
  synergy                  Computer resources sharing application
  synoptics-trap           Trap Convention Port
  synotics-broker          SynOptics Port Broker Port
  synotics-relay           SynOptics SNMP Relay Port
  syslog                   System Logging Utility
  systat                   Active Users
  tacacs                   Login Host Protocol
  tacnews                  TAC News
  talk                     talk
  tapeware                 Yosemite tech tapeware
  tcf                      TCF
  tcpoverdns               TCP over DNS traffic
  td-replica               Tobit David Replica
  td-service               Tobit David Service Layer
  teamsound                Voice conferencing software for online game
  teamspeak                Voice communication protocol
  teamviewer               free remote access and desktop sharing
  teedtap                  teedtap
  telepresence-control     Cisco Telepresence-control
  telepresence-media       Cisco Telepresence-media
  tell                     send
  telnet                   Telnet
  tempo                    newdate
  tenfold                  tenfold
  teredo-ipv6-tunneled     Teredo IPv6 over IPv4 tunneling protocol
  tesla-sys-msg            TESLA System Messaging
  texar                    Texar Security Port
  tftp                     Trivial File Transfer Protocol
  ticf-1                   Transport Independent Convergence for FNA
  ticf-2                   Transport Independent Convergence for FNA
  timbuktu                 Timbuktu
  time                     Time
  timed                    timeserver
  tinc                     tinc
  tlisrv                   oracle
  tlsp                     Transport Layer Security Protocol
  tn-tl-fd1                tn-tl-fd1
  tnETOS                   NEC Corporation
  tns-cml                  tns-cml
  tomatopang               Tomatopang Peer-to-Peer File Sharing
  tor                      DEPRECATED,traffic will not match
  tp++                     TP++ Transport Protocol
  tpip                     tpip
  tradestation             Technical analysis software
  trinoo                   Set of computer programs to conduct a DDoS attack
  trunk-1                  Trunk-1
  trunk-2                  Trunk-2
  tserver                  Computer Supported Telecomunication Applications
  ttp                      TTP
  tunnel-http              HTTP Tunneling
  uaac                     UAAC Protocol
  uarps                    Unisys ARPs
  udplite                  UDPLite, Lightweight connectionless User Datagram
  uis                      uis
  ulistproc                List Processor
  ulp                      ulp
  ulpnet                   ulpnet
  unidata-ldm              Unidata LDM
  unify                    Unify
  ups                      Uninterruptible Power Supply
  urm                      Cray Unified Resource Manager
  uti                      UTI
  utime                    unixtime
  utmpcd                   utmpcd
  utmpsd                   utmpsd
  uucp                     uucpd
  uucp-path                UUCP Path Service
  uucp-rlogin              uucp-rlogin
  uuidgen                  UUIDGEN
  vacdsm-app               VACDSM-APP
  vacdsm-sws               VACDSM-SWS
  vatp                     Velazquez Application Transfer Protocol
  vdolive                  VDOLive streaming video
  vemmi                    vemmi
  ventrilo                 Ventrilo VOIP and chat protocol
  viber                    Viber VoIP is a mobile voice communication
  vid                      vid
  video-over-http          Video traffic over HTTP
  videotex                 videotex
  vines                    Banyan VINES
  virtual-places           Virtual places software
  visa                     VISA Protocol
  vmnet                    vmnet
  vmpwscs                  vmpwscs
  vmtp                     VMTP
  vmware-fdm               VMware Fault Domain Manager
  vmware-view              VMware virtual desktops
  vmware-vmotion           VMware live  Migration of Virtual Machines
  vnas                     vnas
  vnc                      Virtual Network Computing
  vnc-http                 VNC-HTTP is a graphical desktop sharing system that
                           runs over HTTP
  vofr                     voice over Frame Relay packets
  vpp                      Virtual Presence Protocol
  vpps-qua                 vpps-qua
  vpps-via                 vpps-via
  vrrp                     Virtual Router Redundancy Protocol
  vsinet                   vsinet
  vslmp                    vslmp
  wap-push                 WAP PUSH
  wap-push-http            WAP Push OTA-HTTP port
  wap-push-https           WAP Push OTA-HTTP secure
  wap-pushsecure           WAP PUSH SECURE
  wap-vcal                 WAP vCal
  wap-vcal-s               WAP vCal Secure
  wap-vcard                WAP vCard
  wap-vcard-s              WAP vCard Secure
  wap-wsp                  WAP connectionless session service
  wap-wsp-s                WAP secure connectionless session service
  wap-wsp-wtp              WAP session service
  wap-wsp-wtp-s            WAP secure session service
  war-rock                 War-rock online gaming
  waste                    encrypted file sharing client
  wb-expak                 WIDEBAND EXPAK
  wb-mon                   WIDEBAND Monitoring
  wccp                     Web Cache Communication Protocol
  webex-meeting            Online conferencing application
  websense                 Web filtering software
  webster                  webster
  webthunder               Peer-to-Peer File-Sharing
  whoami                   whoami
  whois++                  whois++ Service
  windows-update           DEPRECATED,traffic will not match
  winmx                    WinMx file-sharing application
  winny                    winny2 and winnyP traffic, peer-to-peer file sharing
  wlccp                    Wireless LAN Context Control Protocol
  worldfusion              World Fusion
  wpgs                     wpgs
  wsn                      Wang Span Network
  x-bone-ctl               Xbone CTL
  xact-backup              xact-backup
  xdmcp                    X Display Manager Control Protocol
  xdtp                     eXtensible Data Transfer Protocol
  xfer                     XFER Utility
  xfire                    Freeware instant messaging service
  xmpp-client              Extensible Messaging and Presence Protocol (XMPP)
                           Client Connection
  xnet                     Cross Net Debugger
  xns                      Xerox Network Services
  xns-auth                 XNS Authentication
  xns-ch                   XNS Clearinghouse
  xns-courier              Xerox
  xns-idp                  XEROX NS IDP
  xns-mail                 XNS mail
  xns-time                 XNS Time Protocol
  xtp                      XTP
  xvttp                    xvttp
  xwindows                 X-Windows remote access
  xyplex-mux               Xyplex
  yahoo-messenger          Yahoo Messenger, Instant Messaging Client
  yahoo-voip-messenger     Free P2P calls
  yahoo-voip-over-sip      Yahoo VoIP over SIP
  youtube                  Youtube, video streaming
  z39.50                   ANSI Z39.50
  zannet                   zannet
  zattoo                   Peer-to-Peer Internet Video Protocol
  zserv                    Zebra server