nanog mailing list archives
Re: Tools classifying network traffic to applications
From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Fri, 23 Sep 2005 04:00:30 +0000 (GMT)
On Fri, 23 Sep 2005, Joe Shen wrote:
hi,Christopher L. Morrow wrote:which can't really tell bittorrent (or ssh or aimor...) over tcp/80 fromhttp over tcp/80... I think Joe's looking forsomething that knows whatprotocols look like below the port number and canspit out numbers forthat... these, it would seem to me, would allrequire in-line trafficcapture or mirrored port (mirrored traffic, notnecessarily an ethernetport mirror) to be effective.Yes, that's what I want-- Find out what application use what protocol and what number, then apply that result to netflow analysis system which could be used to get statistics of multiple sites.
It's not clear to me that you can easily correlate netflow and capture data, especially since you may not see the same data at each point... Most of the data capture/analysis boxes probably also do graphs and traffic info as well, why not rely on their data?
Current thread:
- Tools classifying network traffic to applications Joe Shen (Sep 22)
- Re: Tools classifying network traffic to applications Erik Haagsman (Sep 22)
- Re: Tools classifying network traffic to applications Christopher L. Morrow (Sep 22)
- Re: Tools classifying network traffic to applications Petri Helenius (Sep 22)
- Re: Tools classifying network traffic to applications Christopher L. Morrow (Sep 22)
- Re: Tools classifying network traffic to applications Joe Shen (Sep 22)
- Re: Tools classifying network traffic to applications Christopher L. Morrow (Sep 22)
- Re: Tools classifying network traffic to applications Petri Helenius (Sep 23)
- Re: Tools classifying network traffic to applications Christopher L. Morrow (Sep 22)
- Re: Tools classifying network traffic to applications Erik Haagsman (Sep 22)