Mikrotik Layer7协议(97条)

/ip firewall layer7-protocol
add name=Tencent_QQ regexp="^.\?.\?[\\x02|\\x05]\\x22\\x27.+|^.\?.\?[\\x02|\\x\
    05]\\x22\\x27.+[\\x03|\\x09]\$|^.\?.\?\\x02.+\\x03\$|^/xFE/x42../x42/x02/x\
    0B/x7D/x98/x38/xE4.+"
add name=Tencent_QQGame regexp="^.\?.\?\\x2D.+[\\x25\\x62\\x0E\\xC1\\x5F\\x6C|\
    \\xFF\\xFF\\x20\\xCF\\x42\\x53|\\xFF\\xFF\\x10\\x17\\x87\\xA3|\\x3E\\x7F\\\
    x20\\xCF\\x42\\x53|\\x1F\\x43\\x10\\x17\\x87\\xA3]|^\\x05\\x22.+\\x03\$"
add name=PPStream regexp="^.\?.\?\\c.+\\c"
add name=QQMusic regexp=\
    "(^\\xFE.\?.\?.\?.\?\\xCF|^get.+\\qqmusic.\?\\qq.+\\qqmusic)"
add name=QQLive regexp="(^get.+\\video.\?\\qq.+\\flv|^\\xFE.\?.\?.\?.\?\\xD3|^\
    get.+\\video.\?\\qq.+\\mp4)"
add name=KuGou regexp=\
    "(^post.+\\x0D\\x0A\\x0D\\x0A|^http.+\\x0D\\x0A\\x0D\\x0A|^e)"
add name=HTTP regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*(con\
    nection:|content-type:|content-length:|date:)|post [\t-\r -~]* http/[01]\\\
    .[019]"
add name=HTTP-IMG regexp="\\.jpg|\\.png|\\.gif|\\.bmp|\\.jpeg"
add name=HTTP-WEB regexp=\
    "\\.jsp|\\.shtml|\\.html|\\.htm|\\.php|\\.asp|\\.aspx|\\.cgi"
add name=NetTV regexp=\
    "^.*get.+(\\.flv|\\.f4v|\\.hlv|\\.rm|\\.swf|\\.wma|\\.mp4|\\.mp3).*\$"
add name=HTTP-File-Download regexp="^.*get.+(\\.iso|\\.exe|\\.zip|\\.rar|\\.7z\
    |\\.gho|\\.pdf|\\.avi|\\.mkv|\\.wmv|\\.wav|\\.flac|\\.ape|\\.msi).*\$"
add name=QQSP regexp="(^\\x03.\?\\xE1\\x8D|^\\x02\\x02|^\\x04\\x1E)"
add name=DNS regexp="^.\?.\?.\?.\?[\\x01\\x02].\?.\?.\?.\?.\?.\?[\\x01-\?][a-z\
    0-9][\\x01-\?a-z]*[\\x02-\\x06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\\\
    x01-\\x10\\x1c][\\x01\\x03\\x04\\xFF]"
add name=HTTP-JPG regexp="^.*(post|POST|get|GET).+\\.jpg.+\\http"
add name=P2P-DNS regexp="^.+(torrent|thepiratebay|isohunt|entertane|demonoid|b\
    tjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|meg anova|ful\
    ldls|btbot|fenopy|gpirate|commonbits).*\$"
add name=HTTPS regexp=\
    "^(.\?.\?\\x16\\x03.*\\x16\\x03|.\?.\?\\x01\\x03\\x01\?.*\\x0b)"
add name=Telnet regexp=\
    "^\\xff[\\xfb-\\xfe].\\xff[\\xfb-\\xfe].\\xff[\\xfb-\\xfe]"
add name=SSH regexp="^ssh-[12]\\.[0-9]"
add name=STun regexp="^[\\x01\\x02]................\?\$"
add name=TFTP regexp="^(\\x01|\\x02)[ -~]*(netascii|octet|mail)"
add name=TOR regexp=TOR1.*<identity>
add name=Whois regexp="^[ !-~]+\\x0d\\x0a\$"
add name=XunLei regexp="^([()]|get)(...\?.\?.\?(reg|get|query)|.+User-Agent: (\
    Mozilla/4\\.0 \\(compatible; (MSIE 6\\.0; Windows NT 5\\.1;\? \?\\)|MSIE 5\
    \\.00; Windows 98\\))))|Keep-Alive\\x0d\\x0a\\x0d\\x0a[26]\r\
    \n"
add name=TSP regexp=\
    "^[\\x01-\\x13\\x16-\$]\\x01.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?[ -~]+"
add name=VNC regexp="^rfb 00[1-9]\\.00[0-9]\\x0a\$"
add name=Socks regexp="\\x05[\\x01-\\x08]*\\x05[\\x01-\\x08]\?.*\\x05[\\x01-\\\
    x03][\\x01\\x03].*\\x05[\\x01-\\x08]\?[\\x01\\x03]"
add name=SNMP regexp="^\\x02\\x01\\x04.+([\\xa0-\\xa3]\\x02[\\x01-\\x04].\?.\?\
    .\?.\?\\x02\\x01.\?\\x02\\x01.\?\\x30|\\xa4\\x06.+\\x40\\x04.\?.\?.\?.\?\\\
    x02\\x01.\?\\x02\\x01.\?\\x43)"
add name=SMTP regexp="^220[\\x09-\\x0d -~]* (e\?smtp|simple mail)\r\
    \nuserspace pattern=^220[\\x09-\\x0d -~]* (E\?SMTP|[Ss]imple [Mm]ail)\r\
    \nuserspace flags=REG_NOSUB REG_EXTENDED"
add name=SSDP regexp="^notify[\\x09-\\x0d ]\\*[\\x09-\\x0d ]http/1\\.1[\\x09-\
    \\x0d -~]*ssdp:(alive|byebye)|^m-search[\\x09-\\x0d ]\\*[\\x09-\\x0d ]http\
    /1\\.1[\\x09-\\x0d -~]*ssdp:discover\r\
    \n"
add name=SMB regexp="\\xffsmb[\\x72\\x25]"
add name=SIP regexp="^(invite|register|cancel|message|subscribe|notify) sip[\\\
    x09-\\x0d -~]*sip/[0-2]\\.[0-9]"
add comment="Skype to phone - UDP voice call (program to POTS phone)" name=\
    SkypeOutPhone regexp="^(\\x01.\?.\?.\?.\?.\?.\?.\?.\?\\x01|\\x02.\?.\?.\?.\
    \?.\?.\?.\?.\?\\x02|\\x03.\?.\?.\?.\?.\?.\?.\?.\?\\x03|\\x04.\?.\?.\?.\?.\
    \?.\?.\?.\?\\x04|\\x05.\?.\?.\?.\?.\?.\?.\?.\?\\x05|\\x06.\?.\?.\?.\?.\?.\
    \?.\?.\?\\x06|\\x07.\?.\?.\?.\?.\?.\?.\?.\?\\x07|\\x08.\?.\?.\?.\?.\?.\?.\
    \?.\?\\x08|\\x09.\?.\?.\?.\?.\?.\?.\?.\?\\x09|\\x0a.\?.\?.\?.\?.\?.\?.\?.\
    \?\\x0a|\\x0b.\?.\?.\?.\?.\?.\?.\?.\?\\x0b|\\x0c.\?.\?.\?.\?.\?.\?.\?.\?\\\
    x0c|\\x0d.\?.\?.\?.\?.\?.\?.\?.\?\\x0d|\\x0e.\?.\?.\?.\?.\?.\?.\?.\?\\x0e|\
    \\x0f.\?.\?.\?.\?.\?.\?.\?.\?\\x0f|\\x10.\?.\?.\?.\?.\?.\?.\?.\?\\x10|\\x1\
    1.\?.\?.\?.\?.\?.\?.\?.\?\\x11|\\x12.\?.\?.\?.\?.\?.\?.\?.\?\\x12|\\x13.\?\
    .\?.\?.\?.\?.\?.\?.\?\\x13|\\x14.\?.\?.\?.\?.\?.\?.\?.\?\\x14|\\x15.\?.\?.\
    \?.\?.\?.\?.\?.\?\\x15|\\x16.\?.\?.\?.\?.\?.\?.\?.\?\\x16|\\x17.\?.\?.\?.\
    \?.\?.\?.\?.\?\\x17|\\x18.\?.\?.\?.\?.\?.\?.\?.\?\\x18|\\x19.\?.\?.\?.\?.\
    \?.\?.\?.\?\\x19|\\x1a.\?.\?.\?.\?.\?.\?.\?.\?\\x1a|\\x1b.\?.\?.\?.\?.\?.\
    \?.\?.\?\\x1b|\\x1c.\?.\?.\?.\?.\?.\?.\?.\?\\x1c|\\x1d.\?.\?.\?.\?.\?.\?.\
    \?.\?\\x1d|\\x1e.\?.\?.\?.\?.\?.\?.\?.\?\\x1e|\\x1f.\?.\?.\?.\?.\?.\?.\?.\
    \?\\x1f|\\x20.\?.\?.\?.\?.\?.\?.\?.\?\\x20|\\x21.\?.\?.\?.\?.\?.\?.\?.\?\\\
    x21|\\x22.\?.\?.\?.\?.\?.\?.\?.\?\\x22|\\x23.\?.\?.\?.\?.\?.\?.\?.\?\\x23|\
    \\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|\\x25.\?.\?.\?.\?.\?.\?.\?.\?\\x25|\\x26.\
    \?.\?.\?.\?.\?.\?.\?.\?\\x26|\\x27.\?.\?.\?.\?.\?.\?.\?.\?\\x27|\\(.\?.\?.\
    \?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?.\
    \?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|\\x2c.\?.\?.\?.\?.\?.\?.\?.\?\\x2c\
    |\\x2d.\?.\?.\?.\?.\?.\?.\?.\?\\x2d|\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|\\x2f.\
    \?.\?.\?.\?.\?.\?.\?.\?\\x2f|\\x30.\?.\?.\?.\?.\?.\?.\?.\?\\x30|\\x31.\?.\
    \?.\?.\?.\?.\?.\?.\?\\x31|\\x32.\?.\?.\?.\?.\?.\?.\?.\?\\x32|\\x33.\?.\?.\
    \?.\?.\?.\?.\?.\?\\x33|\\x34.\?.\?.\?.\?.\?.\?.\?.\?\\x34|\\x35.\?.\?.\?.\
    \?.\?.\?.\?.\?\\x35|\\x36.\?.\?.\?.\?.\?.\?.\?.\?\\x36|\\x37.\?.\?.\?.\?.\
    \?.\?.\?.\?\\x37|\\x38.\?.\?.\?.\?.\?.\?.\?.\?\\x38|\\x39.\?.\?.\?.\?.\?.\
    \?.\?.\?\\x39|\\x3a.\?.\?.\?.\?.\?.\?.\?.\?\\x3a|\\x3b.\?.\?.\?.\?.\?.\?.\
    \?.\?\\x3b|\\x3c.\?.\?.\?.\?.\?.\?.\?.\?\\x3c|\\x3d.\?.\?.\?.\?.\?.\?.\?.\
    \?\\x3d|\\x3e.\?.\?.\?.\?.\?.\?.\?.\?\\x3e|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\
    \?|\\x40.\?.\?.\?.\?.\?.\?.\?.\?\\x40|\\x41.\?.\?.\?.\?.\?.\?.\?.\?\\x41|\
    \\x42.\?.\?.\?.\?.\?.\?.\?.\?\\x42|\\x43.\?.\?.\?.\?.\?.\?.\?.\?\\x43|\\x4\
    4.\?.\?.\?.\?.\?.\?.\?.\?\\x44|\\x45.\?.\?.\?.\?.\?.\?.\?.\?\\x45|\\x46.\?\
    .\?.\?.\?.\?.\?.\?.\?\\x46|\\x47.\?.\?.\?.\?.\?.\?.\?.\?\\x47|\\x48.\?.\?.\
    \?.\?.\?.\?.\?.\?\\x48|\\x49.\?.\?.\?.\?.\?.\?.\?.\?\\x49|\\x4a.\?.\?.\?.\
    \?.\?.\?.\?.\?\\x4a|\\x4b.\?.\?.\?.\?.\?.\?.\?.\?\\x4b|\\x4c.\?.\?.\?.\?.\
    \?.\?.\?.\?\\x4c|\\x4d.\?.\?.\?.\?.\?.\?.\?.\?\\x4d|\\x4e.\?.\?.\?.\?.\?.\
    \?.\?.\?\\x4e|\\x4f.\?.\?.\?.\?.\?.\?.\?.\?\\x4f|\\x50.\?.\?.\?.\?.\?.\?.\
    \?.\?\\x50|\\x51.\?.\?.\?.\?.\?.\?.\?.\?\\x51|\\x52.\?.\?.\?.\?.\?.\?.\?.\
    \?\\x52|\\x53.\?.\?.\?.\?.\?.\?.\?.\?\\x53|\\x54.\?.\?.\?.\?.\?.\?.\?.\?\\\
    x54|\\x55.\?.\?.\?.\?.\?.\?.\?.\?\\x55|\\x56.\?.\?.\?.\?.\?.\?.\?.\?\\x56|\
    \\x57.\?.\?.\?.\?.\?.\?.\?.\?\\x57|\\x58.\?.\?.\?.\?.\?.\?.\?.\?\\x58|\\x5\
    9.\?.\?.\?.\?.\?.\?.\?.\?\\x59|\\x5a.\?.\?.\?.\?.\?.\?.\?.\?\\x5a|\\[.\?.\
    \?.\?.\?.\?.\?.\?.\?\\[|\\\\.\?.\?.\?.\?.\?.\?.\?.\?\\\\|\\].\?.\?.\?.\?.\
    \?.\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|\\x5f.\?.\?.\?.\?.\?.\?.\?.\
    \?\\x5f|\\x60.\?.\?.\?.\?.\?.\?.\?.\?\\x60|\\x61.\?.\?.\?.\?.\?.\?.\?.\?\\\
    x61|\\x62.\?.\?.\?.\?.\?.\?.\?.\?\\x62|\\x63.\?.\?.\?.\?.\?.\?.\?.\?\\x63|\
    \\x64.\?.\?.\?.\?.\?.\?.\?.\?\\x64|\\x65.\?.\?.\?.\?.\?.\?.\?.\?\\x65|\\x6\
    6.\?.\?.\?.\?.\?.\?.\?.\?\\x66|\\x67.\?.\?.\?.\?.\?.\?.\?.\?\\x67|\\x68.\?\
    .\?.\?.\?.\?.\?.\?.\?\\x68|\\x69.\?.\?.\?.\?.\?.\?.\?.\?\\x69|\\x6a.\?.\?.\
    \?.\?.\?.\?.\?.\?\\x6a|\\x6b.\?.\?.\?.\?.\?.\?.\?.\?\\x6b|\\x6c.\?.\?.\?.\
    \?.\?.\?.\?.\?\\x6c|\\x6d.\?.\?.\?.\?.\?.\?.\?.\?\\x6d|\\x6e.\?.\?.\?.\?.\
    \?.\?.\?.\?\\x6e|\\x6f.\?.\?.\?.\?.\?.\?.\?.\?\\x6f|\\x70.\?.\?.\?.\?.\?.\
    \?.\?.\?\\x70|\\x71.\?.\?.\?.\?.\?.\?.\?.\?\\x71|\\x72.\?.\?.\?.\?.\?.\?.\
    \?.\?\\x72|\\x73.\?.\?.\?.\?.\?.\?.\?.\?\\x73|\\x74.\?.\?.\?.\?.\?.\?.\?.\
    \?\\x74|\\x75.\?.\?.\?.\?.\?.\?.\?.\?\\x75|\\x76.\?.\?.\?.\?.\?.\?.\?.\?\\\
    x76|\\x77.\?.\?.\?.\?.\?.\?.\?.\?\\x77|\\x78.\?.\?.\?.\?.\?.\?.\?.\?\\x78|\
    \\x79.\?.\?.\?.\?.\?.\?.\?.\?\\x79|\\x7a.\?.\?.\?.\?.\?.\?.\?.\?\\x7a|\\{.\
    \?.\?.\?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\
    \?.\?.\?.\?\\}|\\x7e.\?.\?.\?.\?.\?.\?.\?.\?\\x7e|\\x7f.\?.\?.\?.\?.\?.\?.\
    \?.\?\\x7f|\\x80.\?.\?.\?.\?.\?.\?.\?.\?\\x80|\\x81.\?.\?.\?.\?.\?.\?.\?.\
    \?\\x81|\\x82.\?.\?.\?.\?.\?.\?.\?.\?\\x82|\\x83.\?.\?.\?.\?.\?.\?.\?.\?\\\
    x83|\\x84.\?.\?.\?.\?.\?.\?.\?.\?\\x84|\\x85.\?.\?.\?.\?.\?.\?.\?.\?\\x85|\
    \\x86.\?.\?.\?.\?.\?.\?.\?.\?\\x86|\\x87.\?.\?.\?.\?.\?.\?.\?.\?\\x87|\\x8\
    8.\?.\?.\?.\?.\?.\?.\?.\?\\x88|\\x89.\?.\?.\?.\?.\?.\?.\?.\?\\x89|\\x8a.\?\
    .\?.\?.\?.\?.\?.\?.\?\\x8a|\\x8b.\?.\?.\?.\?.\?.\?.\?.\?\\x8b|\\x8c.\?.\?.\
    \?.\?.\?.\?.\?.\?\\x8c|\\x8d.\?.\?.\?.\?.\?.\?.\?.\?\\x8d|\\x8e.\?.\?.\?.\
    \?.\?.\?.\?.\?\\x8e|\\x8f.\?.\?.\?.\?.\?.\?.\?.\?\\x8f|\\x90.\?.\?.\?.\?.\
    \?.\?.\?.\?\\x90|\\x91.\?.\?.\?.\?.\?.\?.\?.\?\\x91|\\x92.\?.\?.\?.\?.\?.\
    \?.\?.\?\\x92|\\x93.\?.\?.\?.\?.\?.\?.\?.\?\\x93|\\x94.\?.\?.\?.\?.\?.\?.\
    \?.\?\\x94|\\x95.\?.\?.\?.\?.\?.\?.\?.\?\\x95|\\x96.\?.\?.\?.\?.\?.\?.\?.\
    \?\\x96|\\x97.\?.\?.\?.\?.\?.\?.\?.\?\\x97|\\x98.\?.\?.\?.\?.\?.\?.\?.\?\\\
    x98|\\x99.\?.\?.\?.\?.\?.\?.\?.\?\\x99|\\x9a.\?.\?.\?.\?.\?.\?.\?.\?\\x9a|\
    \\x9b.\?.\?.\?.\?.\?.\?.\?.\?\\x9b|\\x9c.\?.\?.\?.\?.\?.\?.\?.\?\\x9c|\\x9\
    d.\?.\?.\?.\?.\?.\?.\?.\?\\x9d|\\x9e.\?.\?.\?.\?.\?.\?.\?.\?\\x9e|\\x9f.\?\
    .\?.\?.\?.\?.\?.\?.\?\\x9f|\\xa0.\?.\?.\?.\?.\?.\?.\?.\?\\xa0|\\xa1.\?.\?.\
    \?.\?.\?.\?.\?.\?\\xa1|\\xa2.\?.\?.\?.\?.\?.\?.\?.\?\\xa2|\\xa3.\?.\?.\?.\
    \?.\?.\?.\?.\?\\xa3|\\xa4.\?.\?.\?.\?.\?.\?.\?.\?\\xa4|\\xa5.\?.\?.\?.\?.\
    \?.\?.\?.\?\\xa5|\\xa6.\?.\?.\?.\?.\?.\?.\?.\?\\xa6|\\xa7.\?.\?.\?.\?.\?.\
    \?.\?.\?\\xa7|\\xa8.\?.\?.\?.\?.\?.\?.\?.\?\\xa8|\\xa9.\?.\?.\?.\?.\?.\?.\
    \?.\?\\xa9|\\xaa.\?.\?.\?.\?.\?.\?.\?.\?\\xaa|\\xab.\?.\?.\?.\?.\?.\?.\?.\
    \?\\xab|\\xac.\?.\?.\?.\?.\?.\?.\?.\?\\xac|\\xad.\?.\?.\?.\?.\?.\?.\?.\?\\\
    xad|\\xae.\?.\?.\?.\?.\?.\?.\?.\?\\xae|\\xaf.\?.\?.\?.\?.\?.\?.\?.\?\\xaf|\
    \\xb0.\?.\?.\?.\?.\?.\?.\?.\?\\xb0|\\xb1.\?.\?.\?.\?.\?.\?.\?.\?\\xb1|\\xb\
    2.\?.\?.\?.\?.\?.\?.\?.\?\\xb2|\\xb3.\?.\?.\?.\?.\?.\?.\?.\?\\xb3|\\xb4.\?\
    .\?.\?.\?.\?.\?.\?.\?\\xb4|\\xb5.\?.\?.\?.\?.\?.\?.\?.\?\\xb5|\\xb6.\?.\?.\
    \?.\?.\?.\?.\?.\?\\xb6|\\xb7.\?.\?.\?.\?.\?.\?.\?.\?\\xb7|\\xb8.\?.\?.\?.\
    \?.\?.\?.\?.\?\\xb8|\\xb9.\?.\?.\?.\?.\?.\?.\?.\?\\xb9|\\xba.\?.\?.\?.\?.\
    \?.\?.\?.\?\\xba|\\xbb.\?.\?.\?.\?.\?.\?.\?.\?\\xbb|\\xbc.\?.\?.\?.\?.\?.\
    \?.\?.\?\\xbc|\\xbd.\?.\?.\?.\?.\?.\?.\?.\?\\xbd|\\xbe.\?.\?.\?.\?.\?.\?.\
    \?.\?\\xbe|\\xbf.\?.\?.\?.\?.\?.\?.\?.\?\\xbf|\\xc0.\?.\?.\?.\?.\?.\?.\?.\
    \?\\xc0|\\xc1.\?.\?.\?.\?.\?.\?.\?.\?\\xc1|\\xc2.\?.\?.\?.\?.\?.\?.\?.\?\\\
    xc2|\\xc3.\?.\?.\?.\?.\?.\?.\?.\?\\xc3|\\xc4.\?.\?.\?.\?.\?.\?.\?.\?\\xc4|\
    \\xc5.\?.\?.\?.\?.\?.\?.\?.\?\\xc5|\\xc6.\?.\?.\?.\?.\?.\?.\?.\?\\xc6|\\xc\
    7.\?.\?.\?.\?.\?.\?.\?.\?\\xc7|\\xc8.\?.\?.\?.\?.\?.\?.\?.\?\\xc8|\\xc9.\?\
    .\?.\?.\?.\?.\?.\?.\?\\xc9|\\xca.\?.\?.\?.\?.\?.\?.\?.\?\\xca|\\xcb.\?.\?.\
    \?.\?.\?.\?.\?.\?\\xcb|\\xcc.\?.\?.\?.\?.\?.\?.\?.\?\\xcc|\\xcd.\?.\?.\?.\
    \?.\?.\?.\?.\?\\xcd|\\xce.\?.\?.\?.\?.\?.\?.\?.\?\\xce|\\xcf.\?.\?.\?.\?.\
    \?.\?.\?.\?\\xcf|\\xd0.\?.\?.\?.\?.\?.\?.\?.\?\\xd0|\\xd1.\?.\?.\?.\?.\?.\
    \?.\?.\?\\xd1|\\xd2.\?.\?.\?.\?.\?.\?.\?.\?\\xd2|\\xd3.\?.\?.\?.\?.\?.\?.\
    \?.\?\\xd3|\\xd4.\?.\?.\?.\?.\?.\?.\?.\?\\xd4|\\xd5.\?.\?.\?.\?.\?.\?.\?.\
    \?\\xd5|\\xd6.\?.\?.\?.\?.\?.\?.\?.\?\\xd6|\\xd7.\?.\?.\?.\?.\?.\?.\?.\?\\\
    xd7|\\xd8.\?.\?.\?.\?.\?.\?.\?.\?\\xd8|\\xd9.\?.\?.\?.\?.\?.\?.\?.\?\\xd9|\
    \\xda.\?.\?.\?.\?.\?.\?.\?.\?\\xda|\\xdb.\?.\?.\?.\?.\?.\?.\?.\?\\xdb|\\xd\
    c.\?.\?.\?.\?.\?.\?.\?.\?\\xdc|\\xdd.\?.\?.\?.\?.\?.\?.\?.\?\\xdd|\\xde.\?\
    .\?.\?.\?.\?.\?.\?.\?\\xde|\\xdf.\?.\?.\?.\?.\?.\?.\?.\?\\xdf|\\xe0.\?.\?.\
    \?.\?.\?.\?.\?.\?\\xe0|\\xe1.\?.\?.\?.\?.\?.\?.\?.\?\\xe1|\\xe2.\?.\?.\?.\
    \?.\?.\?.\?.\?\\xe2|\\xe3.\?.\?.\?.\?.\?.\?.\?.\?\\xe3|\\xe4.\?.\?.\?.\?.\
    \?.\?.\?.\?\\xe4|\\xe5.\?.\?.\?.\?.\?.\?.\?.\?\\xe5|\\xe6.\?.\?.\?.\?.\?.\
    \?.\?.\?\\xe6|\\xe7.\?.\?.\?.\?.\?.\?.\?.\?\\xe7|\\xe8.\?.\?.\?.\?.\?.\?.\
    \?.\?\\xe8|\\xe9.\?.\?.\?.\?.\?.\?.\?.\?\\xe9|\\xea.\?.\?.\?.\?.\?.\?.\?.\
    \?\\xea|\\xeb.\?.\?.\?.\?.\?.\?.\?.\?\\xeb|\\xec.\?.\?.\?.\?.\?.\?.\?.\?\\\
    xec|\\xed.\?.\?.\?.\?.\?.\?.\?.\?\\xed|\\xee.\?.\?.\?.\?.\?.\?.\?.\?\\xee|\
    \\xef.\?.\?.\?.\?.\?.\?.\?.\?\\xef|\\xf0.\?.\?.\?.\?.\?.\?.\?.\?\\xf0|\\xf\
    1.\?.\?.\?.\?.\?.\?.\?.\?\\xf1|\\xf2.\?.\?.\?.\?.\?.\?.\?.\?\\xf2|\\xf3.\?\
    .\?.\?.\?.\?.\?.\?.\?\\xf3|\\xf4.\?.\?.\?.\?.\?.\?.\?.\?\\xf4|\\xf5.\?.\?.\
    \?.\?.\?.\?.\?.\?\\xf5|\\xf6.\?.\?.\?.\?.\?.\?.\?.\?\\xf6|\\xf7.\?.\?.\?.\
    \?.\?.\?.\?.\?\\xf7|\\xf8.\?.\?.\?.\?.\?.\?.\?.\?\\xf8|\\xf9.\?.\?.\?.\?.\
    \?.\?.\?.\?\\xf9|\\xfa.\?.\?.\?.\?.\?.\?.\?.\?\\xfa|\\xfb.\?.\?.\?.\?.\?.\
    \?.\?.\?\\xfb|\\xfc.\?.\?.\?.\?.\?.\?.\?.\?\\xfc|\\xfd.\?.\?.\?.\?.\?.\?.\
    \?.\?\\xfd|\\xfe.\?.\?.\?.\?.\?.\?.\?.\?\\xfe|\\xff.\?.\?.\?.\?.\?.\?.\?.\
    \?\\xff)"
add comment="Skype to Skype - UDP voice call (program to program)" name=\
    SkypeToSkype regexp="^..\\x02............."
add comment="Valid certificate SSL" name=ValidCertSSL regexp="^(.\?.\?\\x16\\x\
    03.*\\x16\\x03|.\?.\?\\x01\\x03\\x01\?.*\\x0b).*(thawte|equifax secure|rsa\
    \_data security, inc|verisign, inc|gte cybertrust root|entrust\\.net limit\
    ed)"
add comment="X Windows Version 11 - Networked GUI system used in most Unices" \
    name=X11 regexp="^[lb].\?\\x0b\r\
    \nuserspace pattern=^[lB].\?\\x0b\r\
    \nuserspace flags=REG_NOSUB"
add comment="Yahoo messenger - an instant messenger protocol" name=\
    YahooMessager regexp=\
    "^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\\xc0\\x80"
add name=HTTP-Audio regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0\
    -9][\\x09-\\x0d -~]*(content-type: audio)"
add name=SNMP-Mon regexp="^\\x02\\x01\\x04.+[\\xa0-\\xa3]\\x02[\\x01-\\x04].\?\
    .\?.\?.\?\\x02\\x01.\?\\x02\\x01.\?\\x30"
add name=HTTP-iTunes regexp=\
    "http/(0\\.9|1\\.0|1\\.1).*(user-agent: itunes)\r\
    \n"
add name=HTTP-Video regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0\
    -9][\\x09-\\x0d -~]*(content-type: video)"
add name=Gtalk regexp="^<stream:stream to=\"gmail\\.com\""
add name="HTTP-Fresh Download" regexp=\
    "User-Agent: FreshDownload/[456](\\.[0-9][0-9]\?)\?"
add name="HTTP Download Accelerator Plus" regexp=\
    "User-Agent: DA [678]\\.[0-9]"
add name="HTTP Cache Hit" regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][\
    0-9][0-9][\\x09-\\x0d -~]*(x-cache: hit)"
add name="HTTP Cache Miss" regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5]\
    [0-9][0-9][\\x09-\\x0d -~]*(x-cache: miss)"
add name="SNMP Trap" regexp="^\\x02\\x01\\x04.+\\xa4\\x06.+\\x40\\x04.\?.\?.\?\
    .\?\\x02\\x01.\?\\x02\\x01.\?\\x43"
add name="Xbox Live" regexp="^\\x58\\x80........\\xf3|^\\x06\\x58\\x4e"
add name=RTSP regexp="rtsp/1.0 200 ok"
add name=RTP regexp=\
    "^\\x80[\\x01-\"`-\\x7f\\x80-\\xa2\\xe0-\\xff]\?..........*\\x80"
add name=ShoutCast regexp="^get /.*icy-metadata:1|icy [1-5][0-9][0-9] [\\x09-\
    \\x0d -~]*(content-type:audio|icy-)"
add name=RDP regexp=rdpdr.*cliprdr.*rdpsnd
add name="Tencent QQ With Mikrotik" regexp="^.\?.\?\\x02.+\\x03\$"
add name=PPLive regexp="\\x01...\\xd3.+\\x0c.\$"
add name=NCP regexp="^(dmdt.*\\x01.*(\"\"|\\x11\\x11|uu)|tncp.*33)"
add name=NTP regexp="^([\\x13\\x1b\\x23\\xd3\\xdb\\xe3]|[\\x14\\x1c\$].......\
    \?.\?.\?.\?.\?.\?.\?.\?.\?[\\xc6-\\xff])"
add name=NetBios regexp="\\x81.\?.\?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][\
    A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P]\
    [A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P\
    ][A-P][A-P]"
add name=NNTP regexp=\
    "^(20[01][\\x09-\\x0d -~]*AUTHINFO USER|20[01][\\x09-\\x0d -~]*news)"
add comment="P2P File Share" name=NapSter regexp="^(.[\\x02\\x06][!-~]+ [!-~]+\
    \_[0-9][0-9]\?[0-9]\?[0-9]\?[0-9]\? \"[\\x09-\\x0d -~]+\" ([0-9]|10)|1(sen\
    d|get)[!-~]+ \"[\\x09-\\x0d -~]+\")"
add comment="Open P2P" name=OpenFT regexp="x-openftalias: [-)(0-9a-z ~.]"
add comment="NetBIOS name service" name=NBns regexp=\
    "\\x01\\x10\\x01|\\)\\x10\\x01\\x01|0\\x10\\x01"
add name="MUTE P2P" regexp=\
    "^(Public|AES)Key: [0-9a-f]*\\x0aEnd(Public|AES)Key\\x0a\$"
add name=POP3 regexp="^(\\+ok |-err )"
add comment="Famatech Remote Administrator - remote desktop for MS Windows" \
    name=RAdmin regexp="^\\x01\\x01(\\x08\\x08|\\x1b\\x1b)\$"
add comment="MSN Messenger - Microsoft Network chat client" name=\
    "MSN Messenger" regexp="ver [0-9]+ msnp[1-9][0-9]\? [\\x09-\\x0d -~]*cvr0\
    \\x0d\\x0a\$|usr 1 [!-~]+ [0-9. ]+\\x0d\\x0a\$|ans 1 [!-~]+ [0-9. ]+\\x0d\
    \\x0a\$\r\
    \n"
add comment=\
    "MSN (Micosoft Network) Messenger file transfers (MSNFTP and MSNSLP)" \
    name="MSN File Transfer" regexp=\
    "^(ver [ -~]*msnftp\\x0d\\x0aver msnftp\\x0d\\x0ausr|method msnmsgr:)"
add name=Live365 regexp="membername.*session.*player\r\
    \n"
add comment="Jabber (XMPP) - open instant messenger protocol - RFC 3920 - http\
    ://jabber.org" name=Jabber regexp=\
    "<stream:stream[\\x09-\\x0d ][ -~]*[\\x09-\\x0d ]xmlns=['\"]jabber"
add name=IRC regexp="^(nick[\\x09-\\x0d -~]*user[\\x09-\\x0d -~]*:|user[\\x09-\
    \\x0d -~]*:[\\x02-\\x0d -~]*nick[\\x09-\\x0d -~]*\\x0d\\x0a)"
add name=IMAP regexp="^(\\* ok|a[0-9]+ noop)"
add comment="iMesh - the native protocol of iMesh, a P2P application - http://\
    imesh.com" name=iMesh regexp="^(post[\\x09-\\x0d -~]*<PasswordHash>.......\
    .........................</PasswordHash><ClientVer>|\\x34\\x80\?\\x0d\?\\x\
    fc\\xff\\x04|get[\\x09-\\x0d -~]*Host: imsh\\.download-prod\\.musicnet\\.c\
    om|\\x02[\\x01\\x02]\\x83.*\\x02[\\x01\\x02]\\x83)"
add name="HTTP RTSP" regexp="^(get[\\x09-\\x0d -~]* Accept: application/x-rtsp\
    -tunnelled|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\\x09-\\x0d -~]*a=con\
    trol:rtsp://)"
add comment="Ident - Identification Protocol - RFC 1413" name=Ident regexp="^[\
    1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?[\\x09-\\x0d]*,[\\x09-\\x0d]*[1-9][0-9]\?[\
    0-9]\?[0-9]\?[0-9]\?(\\x0d\\x0a|[\\x0d\\x0a])\?\$"
add name="HotLine P2P" regexp="^....................TRTPHOTL\\x01\\x02"
add name="DNS With Mikrotik" regexp="(aero|arpa|biz|com|coop|edu|gov|info|int|\
    mil|museum|name|net|org|pro|arpa|ac|ad|ae|af|ag|ai|al|am|an|ao|aq|ar|as|at\
    |au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|c\
    d|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|ee|eg|\
    eh|er|es|et|fi|fj|fk|fm|fo|fr|ga|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt\
    |gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|k\
    g|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|mg|\
    mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no\
    |np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|ru|rw|s\
    a|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|sv|sy|sz|tc|td|tf|tg|th|tj|\
    tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf\
    |ws|ye|yt|yu|za|zm|zw)"
add name=FastTrack regexp="^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ \
    -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: \
    kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^g\
    ive [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\?[0-9]\?[0-9]\?"
add comment="Finger - User information server - RFC 1288" name=Finger regexp="\
    ^[a-z][a-z0-9\\-_]+|login: [\\x09-\\x0d -~]* name: [\\x09-\\x0d -~]* Direc\
    tory: "
add name="Edonkey P2P" regexp="^[\\xc5\\xd4\\xe3-\\xe5].\?.\?.\?.\?([\\x01\\x0\
    2\\x05\\x14\\x15\\x16\\x18\\x19\\x1a\\x1b\\x1c\\x20\\x21\\x32\\x33\\x34\\x\
    35\\x36\\x38\\x40\\x41\\x42\\x43\\x46\\x47\\x48\\x49\\x4a\\x4b\\x4c\\x4d\\\
    x4e\\x4f\\x50\\x51\\x52\\x53\\x54\\x55\\x56\\x57\\x58[\\x60\\x81\\x82\\x90\
    \\x91\\x93\\x96\\x97\\x98\\x99\\x9a\\x9b\\x9c\\x9e\\xa0\\xa1\\xa2\\xa3\\xa\
    4]|\\x59................\?[ -~]|\\x96....\$)"
add name=FreeNet regexp="^\\x01[\\x08\\x09][\\x03\\x04]"
add name=FTP regexp="^220[\\x09-\\x0d -~]*ftp"
add name=DCHP regexp="^[\\x01\\x02][\\x01- ]\\x06.*c\\x82sc"
add name="Direct Connect P2P" regexp="^(\\\$mynick |\\\$lock |\\\$key )"
add comment=\
    "Citrix ICA - proprietary remote desktop application - http://citrix.com" \
    name="Citrix ICA" regexp="\\x32\\x26\\x85\\x92\\x58"
add name="BitTorrent P2P" regexp="^(\\x13bittorrent protocol|azver\\x01\$|get \
    /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET\
    \_/data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
add comment="Mail Protocol" name=Biff regexp="^[a-z][a-z0-9]+@[1-9][0-9]+\$"
add name=BGP regexp="^\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\
    \\xff\\xff\\xff\\xff\\xff..\?\\x01[\\x03\\x04]"
add name="Apple Juice P2P" regexp="^ajprot\\x0d\\x0a"
add name="Ares P2P" regexp="^\\x03[]Z].\?.\?\\x05\$"
add name=Telegram regexp="^.+(telegram.com).*\$"
add name=Youtube regexp="^.+(youtube.com|googlevideo.com).*\$"
add name=WhatsApp regexp="^.+(whatsapp.com).*\$"
add name=Facebook regexp="^.+(facebook.com|fbcdn.net).*\$"
add name=Instagram regexp="^.+(instagram.com).*\$"
add name=Twitter regexp="^.+(twitter.com|twimg.com).*\$"
add name=Signal regexp="^.+(signal.com|whispersystems.com).*\$"
add name=Netflix regexp="^.+(netflix.com).*\$"
add name=Iflix regexp="^.+(iflix.com).*\$"
add name=Tiktok regexp="^.+(tiktok.com|musical.ly).*\$"


赞(1)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址