![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: identifying application type of network traffic
From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Thu, 16 Dec 2004 08:28:14 +0530
On Thu, 16 Dec 2004 10:52:33 +0800 (CST), Joe Shen <joe_hznm () yahoo com sg> wrote:
I'm trying to identify applications which generate those traffic on our border routers. I use sampled netflow as data source and some flow-tools as analizer.
You will find that quite a few generators of network traffic (p2p apps, worms, at least some messenger clients) use more than one port - or in several cases, use completely random ports. Also - a whole lot of ports that are commonly used by p2p and messenger clients (before they fall back to random ports) are not listed in "well known ports" RFCs, or in /etc/services --srs -- Suresh Ramasubramanian (ops.lists () gmail com)
Current thread:
- identifying application type of network traffic Joe Shen (Dec 15)
- Re: identifying application type of network traffic Suresh Ramasubramanian (Dec 15)
- <Possible follow-ups>
- RE: identifying application type of network traffic Joe Shen (Dec 16)
- Re: identifying application type of network traffic Suresh Ramasubramanian (Dec 16)
- RE: identifying application type of network traffic Antonio Sanchez-Monge (Dec 16)
- RE: identifying application type of network traffic Adam Atkinson (Dec 16)
- RE: identifying application type of network traffic Cheung, Rick (Dec 16)