[151355] in North American Network Operators' Group
Re: nfsen and protocol analysing plugin
daemon@ATHENA.MIT.EDU (Justin M. Streiner)
Fri Mar 16 14:31:58 2012
Date: Fri, 16 Mar 2012 14:30:21 -0400 (EDT)
From: "Justin M. Streiner" <streiner@cluebyfour.org>
To: Shahab Vahabzadeh <sh.vahabzadeh@gmail.com>
In-Reply-To: <CAGqGmqYUVC8iTkYi7-ybtnSq7aSrHKwH0+a_0R079b=UWqX42A@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, 16 Mar 2012, Shahab Vahabzadeh wrote:
> Its a port tracker and traffic analyser, the plugin I want can gather
> valuable data from netflow.
> For example "GTalk" is on port 80 and this plugin can not detect it ;)
You're not going to get that kind of detail from Netflow. It doesn't
have the visibility into application layer to tell you GTalk from
straight HTTP, from any other traffic that might be riding on destination
socket tcp/80. You need something with visibility and intelligence
higher up in the stack (sniffer, packet inspection engine, etc).
jms
