identifying application type of network traffic

• Previous message (by thread): identifying application type of network traffic
• Next message (by thread): identifying application type of network traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 16 Dec 2004 10:52:33 +0800 (CST), Joe Shen
<joe_hznm at yahoo.com.sg> wrote:
> 
>  I'm trying to identify applications which generate
> those traffic on our border routers. I use sampled
> netflow as data source and some flow-tools as
> analizer.
> 

You will find that quite a few generators of network traffic (p2p
apps, worms, at least some messenger clients) use more than one port -
or in several cases, use completely random ports.

Also - a whole lot of ports that are commonly used by p2p and
messenger clients (before they fall back to random ports) are not
listed in "well known ports" RFCs, or in /etc/services

--srs
-- 
Suresh Ramasubramanian (ops.lists at gmail.com)

• Previous message (by thread): identifying application type of network traffic
• Next message (by thread): identifying application type of network traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]