North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: identifying application type of network traffic
On Thu, 16 Dec 2004 10:52:33 +0800 (CST), Joe Shen <[email protected]> wrote: > > I'm trying to identify applications which generate > those traffic on our border routers. I use sampled > netflow as data source and some flow-tools as > analizer. > You will find that quite a few generators of network traffic (p2p apps, worms, at least some messenger clients) use more than one port - or in several cases, use completely random ports. Also - a whole lot of ports that are commonly used by p2p and messenger clients (before they fall back to random ports) are not listed in "well known ports" RFCs, or in /etc/services --srs -- Suresh Ramasubramanian ([email protected])
|