|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Tools classifying network traffic to applications
On Fri, 23 Sep 2005, Joe Shen wrote: > > hi, > > > > > Christopher L. Morrow wrote: > > > > >>which can't really tell bittorrent (or ssh or aim > > or...) over tcp/80 from > > >>http over tcp/80... I think Joe's looking for > > something that knows what > > >>protocols look like below the port number and can > > spit out numbers for > > >>that... these, it would seem to me, would all > > require in-line traffic > > >>capture or mirrored port (mirrored traffic, not > > necessarily an ethernet > > >>port mirror) to be effective. > > >> > > Yes, that's what I want-- Find out what application > use what protocol and what number, then apply that > result to netflow analysis system which could be used > to get statistics of multiple sites. It's not clear to me that you can easily correlate netflow and capture data, especially since you may not see the same data at each point... Most of the data capture/analysis boxes probably also do graphs and traffic info as well, why not rely on their data?
|