NBAR ID Lookup

rhbirkelund
Kind of a big deal

NBAR ID Lookup

So, I was getting a lot of events in my eventlog on an NBAR ID being blocked, but with no classification. So I opened a case.

 

I'm sharing this for others to find, since I struggled to find out my self, but to lookup NBAR IDs, go to the protocol pack, and drill down the specific protocols to find out what ID it's using. I downloaded the PDF and searched through it for the ID.

 

The protocol pack can be found here; NBAR Protocol Pack.

 

Some IDs that Meraki uses are not listed in the pdf.

Some of these are;

  • ID 2572 - Google Advertising.
  • ID 2619 - AppNexus
  • ID 2836 - Miscellaneous Video
LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
6 REPLIES 6
PhilipDAth
Kind of a big deal
Kind of a big deal

Great info, thanks!

sebvasseur
Conversationalist

I have ID 2836 but unable to find why 

TCP 443 some internal website 

I've asked in my own case, as it was still open. Let's see what they get back with...

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

2836 is "Miscellaneous video" 

but i don't know how they decide a site is containing video 

Hm.. Odd.. Hope Meraki Support will give you the answers. 🙂

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
JohnEricAnderso
Just browsing

I realize this is almost a year old, but I am newer to the Meraki MX.
Would be GREAT if the Meraki NBAR Protocol Pack listed all of the protocol numbers.
Be even better to get a list by number with a short name after it.
Be even better if my Meraki Event Log for Layer 7 Alerts would simply use English words with the Protocol Number.

How did you find the answers to:

"Some IDs that Meraki uses are not listed in the pdf.

Some of these are;

  • ID 2572 - Google Advertising.
  • ID 2619 - AppNexus
  • ID 2836 - Miscellaneous Video"

Curious minds want to know.
THANKS in advance.
John

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels