[76558] in North American Network Operators' Group
Re: identifying application type of network traffic
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Wed Dec 15 21:58:41 2004
Date: Thu, 16 Dec 2004 08:28:14 +0530
From: Suresh Ramasubramanian <ops.lists@gmail.com>
Reply-To: Suresh Ramasubramanian <ops.lists@gmail.com>
To: Joe Shen <joe_hznm@yahoo.com.sg>
Cc: NANGO <nanog@merit.edu>
In-Reply-To: <20041216025233.70908.qmail@web53610.mail.yahoo.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 16 Dec 2004 10:52:33 +0800 (CST), Joe Shen
<joe_hznm@yahoo.com.sg> wrote:
>
> I'm trying to identify applications which generate
> those traffic on our border routers. I use sampled
> netflow as data source and some flow-tools as
> analizer.
>
You will find that quite a few generators of network traffic (p2p
apps, worms, at least some messenger clients) use more than one port -
or in several cases, use completely random ports.
Also - a whole lot of ports that are commonly used by p2p and
messenger clients (before they fall back to random ports) are not
listed in "well known ports" RFCs, or in /etc/services
--srs
--
Suresh Ramasubramanian (ops.lists@gmail.com)
