Applications
GigaFin’s current list of supported P2P Signatures:
Bittorrent “0x13Bit” tcp port 6881-6889
(edonkey can result in lot of false positives, if enabled)
edonkeytcp1 0xe3 tcp port 4661-4665
edonkeytcp2 0xc5 tcp port 4661-4665
edonkeyudp1 0xe3 udp port 4661-4665
edonkeyudp2 0xc5 udp port 4661-4665
fasttracktcp 0x474554202F4668617358 tcp port 1214-1214
fasttrackudp 0x2700000029800000 udp port 1214-1214
gnutellatcp1 “GNUT” tcp port 6346-6347
gnutellatcp2 “GIV” tcp port 6346-6347
gnutellaudp “GND” tcp port 6346-6347
mp2pudp1 0x474F2121 udp port 41170-41350 flags 2
mp2pudp2 0x4D4435 udp port 41170-41350 flags 2
mp2pudp3 0x53495A20 udp port 41170-41350 flags 2
mp2ptcp1 patternhex 474F2121 tcp port 41170-41350
mp2ptcp2 patternhex 4D4435 tcp port 41170-41350
mp2ptcp3 patternhex 53495A20 tcp port 41170-41350
arestcp1 0x47455420486173683A tcp
arestcp2 0x47455420736861313A tcp
arestcp3 0x03005a060605 tcp
directconnecttcp1 0x244D794E tcp port 411-412
directconnecttcp2 0x24446972 tcp port 411-412
directconnectudp 0x245352 udp port 411-412
(Winny is matched after RC4 decryption)
winny 0x0100000061 tcp
