Re: Tools classifying network traffic to applications

["Christopher L. Morrow" <christopher.morrow () mci com>]

On Thu, 22 Sep 2005, Erik Haagsman wrote:

> Google for FlowScan and CUFlow

which can't really tell bittorrent (or ssh or aim or...) over tcp/80 from
http over tcp/80... I think Joe's looking for something that knows what
protocols look like below the port number and can spit out numbers for
that... these, it would seem to me, would all require in-line traffic
capture or mirrored port (mirrored traffic, not necessarily an ethernet
port mirror) to be effective.

> On Thu, 2005-09-22 at 18:11 +0800, Joe Shen wrote:
> > Hi,
> >
> > As I know there is tools designed to analyze VoIP
> > traffic, but for viewpoint of traffic management this
> > is not enough. Is there tool which could classify
> > network traffic to its applications?
> >
> > e.g. the tools catch network traffic and recognize its
> > application type automatically. If 80% of (80/tcp) is
> > web browsing (tcp/80) is recognized as WEB browsing;
> > if 80% of (1234/tcp) is Edonky, it is recognized as
> > Edonkey application.
> >
> > Joe
> >
> > Send instant messages to your online friends http://asia.messenger.yahoo.com
> --
> ---
> Erik Haagsman
> Network Architect
> We Dare BV
> Tel: +31(0)10-7507008
> Fax: +31(0)10-7507005
> http://www.we-dare.nl