Application-layer protocols detected by PT NAD

This section contains a list of application-layer protocols that can be detected by PT NAD in traffic. For each protocol, the table indicates whether PT NAD can parse messages and extract files from traffic.

Detected application-layer protocols
Code	Protocol	Parsing	File extraction
`amqp`	Advanced Message Queuing Protocol (amqp.org)	—	—
`bgp`	Border Gateway Protocol (RFC 4271)	—	—
`bittorrent`	BitTorrent protocol (bittorrent.org)	—	—
`canon-bjnp`	LAN service discovery protocol used in Canon printers and scanners (canon.com)	—	—
`clickhouse`	ClickHouse database management system protocol (clickhouse.com)	—	—
`db2-drda`	DB2 Distributed Relational Database Architecture (ibm.com)	—	—
`dcerpc`	Distributed Computing Environment / Remote Procedure Call		—
`dhcp`	Dynamic Host Configuration Protocol (RFC 2131)		—
`dhcpv6`	Dynamic Host Configuration Protocol for IPv6 (RFC 3315)	—	—
`dns`	Domain Name System (RFC 1034)		—
`drweb`	Dr.Web Enterprise Security Suite protocol (drweb.com)	—	—
`dtls`	Datagram Transport Layer Security (RFC 6347)		—
`elasticsearch`	Elasticsearch system protocol (elastic.co)	—	—
`encrypted`	Unknown encrypted protocol	—	—
`facebook`	Facebook network protocol (developers.facebook.com)	—	—
`falcongaze`	Falcongaze SecureTower Agent protocol (falcongaze.com)	—	—
`fb-zero`	Facebook Zero network protocol (0.facebook.com)	—	—
`ftp`	File Transfer Protocol (RFC 959)		
`guardant`	Guardant Net protocol (guardant.com)	—	—
`http`	Hypertext Transfer Protocol		
`icap`	Internet Content Adaptation Protocol (RFC 3507)	—	—
`imap`	Internet Message Access Protocol (RFC 3501)		
`infowatch`	InfoWatch Device Monitor protocol (infowatch.com)	—	—
`isakmp`	Internet Security Association and Key Management Protocol (RFC 2408)	—	—
`jrmi`	Java Remote Method Invocation Protocol (oracle.com)	—	—
`kafka`	Apache Kafka protocol (kafka.apache.org)	—	—
`kerberos`	Kerberos authentication protocol (RFC 4120)		—
`ksn`	Kaspersky Security Network protocol (kaspersky.com/ksn)	—	—
`ldap`	Lightweight Directory Access Protocol (RFC 4510)		—
`llmnr`	Link-Local Multicast Name Resolution (RFC 4795)	—	—
`lotus`	HCL Notes protocol (former IBM Notes and Lotus Notes)	—	—
`mc-nmf`	Net.TCP Port Sharing (learn.microsoft.com)		—
`mdns`	Multicast DNS (RFC 6762)	—	—
`memcache`	Memcached protocol (memcached.org)	—	—
`mongodb`	MongoDB database management system protocol (docs.mongodb.com)	—	—
`ms-scom`	System Center Operations Manager protocol (docs.microsoft.com)	—	—
`ms-update`	Windows Update Delivery Optimization protocol (docs.microsoft.com)	—	—
`mysql`	MySQL database management system protocol (dev.mysql.com)		—
`nat-t`	NAT Traversal	—	—
`nbns`	NetBIOS Name Server (RFC 1001)	—	—
`nfs`	Network File System (RFC 1094)		
`ntlm`	NT LAN Manager (learn.microsoft.com)		—
`ntp`	Network Time Protocol (ntp.org)		—
`openvpn`	OpenVPN protocol (openvpn.net)	—	—
`oracle-tns`	Oracle TNS (Transparent Network Substrate by Oracle)		—
`p2p-dc`	Direct Connect protocol	—	—
`pop3`	Post Office Protocol 3 (RFC 1081)		
`postgresql`	PostgreSQL database management system protocol (postgresql.org)		—
`pptp`	Point-to-Point Tunneling Protocol (RFC 2637)	—	—
`printer-pjl`	Printer Job Language protocol (hp.com)	—	—
`printer-ps`	PostScript printer protocol (adobe.com)	—	—
`quic`	A UDP-Based Multiplexed and Secure Transport, Google's experimental protocol (tools.ietf.org/html/draft-ietf-quic-transport-27)		—
`radius`	Remote Authentication Dial In User Service (RFC 2865)	—	—
`rdp`	Remote Desktop Protocol (learn.microsoft.com)		—
`redis`	Redis database management system protocol (redis.io)	—	—
`rexec`	REXEC protocol (ibm.com)	—	—
`rfb`	Remote Framebuffer (RFC 6143)	—	—
`rlogin`	BSD Rlogin (RFC 1282)	—	—
`rsync`	Rsync utility protocol (rsync.samba.org)	—	—
`rtcp`	Real-Time Transport Protocol (RFC 3550)	—	—
`rtsp`	Real-Time Streaming Protocol (RFC 7826)	—	—
`sip`	Session Initiation Protocol (RFC 3261)		—
`skinny-voip`	Skinny Client Control Protocol (cisco.com)	—	—
`skype`	Skype protocol (skype.com)	—	—
`smb`	Server Message Block (learn.microsoft.com)		
`smb-mailslot`	Server Message Block Mailslot (docs.microsoft.com)	—	—
`smtp`	Simple Mail Transfer Protocol (RFC 5321)		
`snmp`	Simple Network Management Protocol		—
`socks5`	SOCKS 5 (RFC 1928)		—
`splunk`	Splunk protocol (splunk.com)	—	—
`ssdp`	Simple Service Discovery Protocol	—	—
`ssh`	Secure Shell (RFC 4251)		—
`stakhanovets`	Stakhanovets company's DLP system protocol (stakhanovets.com)	—	—
`stun`	Session Traversal Utilities for NAT (RFC 3489)	—	—
`stun-apple`
`stun-apple`
`syslog`	Syslog protocol (RFC 5424)	—	—
`tds`	Tabular Data Stream (learn.microsoft.com)		—
`teamviewer`	TeamViewer protocol (teamviewer.com)	—	—
`telnet`	Telnet (RFC 854)		—
`tftp`	Trivial File Transfer Protocol (RFC 1350)		
`thrift`	Apache Thrift framework protocol (thrift.apache.org)	—	—
`tls`	Transport Layer Security (RFC 8446)		—
`trueconf`	TrueConf protocol (trueconf.com)	—	—
`umeye-app`	UMEye protocol (umeye.com)	—	—
`viber`	Viber protocol (viber.com)	—	—
`vipaks-data`	Vipaks company's video transfer protocol (vipaks.ru)	—	—
`vipnet`	ViPNet VPN protocol (infotecs.ru)	—	—
`vipnet-mftp`
`vipnet-sync`
`vpn_kontinent`	Continent encryption appliance protocol (securitycode.net)	—	—
`vmware`	VMware protocol (vmware.com)	—	—
`whatsapp`	WhatsApp protocol (whatsapp.com)	—	—
`wireguard`	WireGuard (wireguard.com)	—	—
`ws-discovery`	Web Services Dynamic Discovery (specs.xmlsoap.org)	—	—
`xmpp`	Extensible Messaging and Presence Protocol (xmpp.org)	—	—
`zabbix`	Zabbix protocol (zabbix.com)	—	—
`zmtp`	ZeroMQ Message Transport Protocol (zeromq.org)	—	—
`zmtp_v2`	ZeroMQ Message Transport Protocol (zeromq.org)	—	—