[76577] in North American Network Operators' Group
RE: identifying application type of network traffic
daemon@ATHENA.MIT.EDU (Cheung, Rick)
Thu Dec 16 15:57:27 2004
From: "Cheung, Rick" <Rick.Cheung@nextelpartners.com>
To: Adam Atkinson <Adam.Atkinson@damovo.com>, NANGO <nanog@merit.edu>
Date: Thu, 16 Dec 2004 14:55:41 -0600
Errors-To: owner-nanog-outgoing@merit.edu
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C4E3B1.9B8D38EF
Content-Type: text/plain;
charset="iso-8859-1"
I believe NBAR stats are accessible via SNMP, so you can use MRTG to
graph application utilization.
http://vermeer.org/display_doc.php?doc_id=6
___________________________________________________________________
Thanks,
Rick Cheung
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
Adam Atkinson
Sent: Thursday, December 16, 2004 11:17 AM
To: NANGO
Subject: RE: identifying application type of network traffic
> Currently, I use (protocol, port_number) as indicator
> of application. Referring to rfc on wellknown protocol
> and port allocation, I can only identity about 50% of
> traffic type.
>
> Is there a complete (protocol, port_number) list ? or
> is there a better way to identify application type
> based on netflow data?
Cisco's "Network Based Application Recognition" can recognise quite
a few things, particularly a fair few p2p applications. It looks
at the actual contents of packets, not just the port numbers.
This message, including any attachments, contains confidential information intended for a specific
individual and purpose and is protected by law. If you are not the intended recipient, please contact
sender immediately by reply e-mail and destroy all copies.
You are hereby notified that any disclosure, copying, or distribution of this message, or the taking
of any action based on it, is strictly prohibited.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email
and any attachments for the presence of viruses. The sender accepts no liability for any damage
caused by any virus transmitted by this email. E-mail transmission cannot be guaranteed
to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors
or omissions in the contents of this message, which arise as a result of e-mail transmission.
------_=_NextPart_001_01C4E3B1.9B8D38EF
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=
=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version=
5.5.2653.12">
<TITLE>RE: identifying application type of network traffic</TITLE>
</HEAD>
<BODY>
<P> <FONT SIZE=3D2>I believe NBAR=
stats are accessible via SNMP, so you can use MRTG to graph application=
utilization.</FONT>
</P>
<P><FONT SIZE=3D2><A HREF=3D"http://vermeer.org/display_doc.php?doc_id=3D6"=
TARGET=3D"_blank">http://vermeer.org/display_doc.php?doc_id=3D6</A></FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=
=3D2>___________________________________________________________________</F=
ONT>
</P>
<P><FONT SIZE=3D2>Thanks,</FONT>
<BR><FONT SIZE=3D2>Rick Cheung</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: owner-nanog@merit.edu [<A HREF=
=3D"mailto:owner-nanog@merit.edu">mailto:owner-nanog@merit.edu</A>]On=
Behalf Of</FONT>
<BR><FONT SIZE=3D2>Adam Atkinson</FONT>
<BR><FONT SIZE=3D2>Sent: Thursday, December 16, 2004 11:17 AM</FONT>
<BR><FONT SIZE=3D2>To: NANGO</FONT>
<BR><FONT SIZE=3D2>Subject: RE: identifying application type of network=
traffic</FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=3D2>> Currently, I use (protocol, port_number) as=
indicator</FONT>
<BR><FONT SIZE=3D2>> of application. Referring to rfc on wellknown=
protocol</FONT>
<BR><FONT SIZE=3D2>> and port allocation, I can only identity about 50%=
of</FONT>
<BR><FONT SIZE=3D2>> traffic type.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Is there a complete (protocol, port_number)=
list ? or</FONT>
<BR><FONT SIZE=3D2>> is there a better way to identify application=
type</FONT>
<BR><FONT SIZE=3D2>> based on netflow data?</FONT>
</P>
<P><FONT SIZE=3D2>Cisco's "Network Based Application Recognition"=
can recognise quite</FONT>
<BR><FONT SIZE=3D2>a few things, particularly a fair few p2p applications.=
It looks</FONT>
<BR><FONT SIZE=3D2>at the actual contents of packets, not just the port=
numbers.</FONT>
</P>
</BODY>
</HTML>
<table><tr><td bgcolor=3D#ffffff><font color=3D#000000>This message,=
including any attachments, contains confidential information intended for=
a specific<br>
individual and purpose and is protected by law. If you are not the intended=
recipient, please contact<br>
sender immediately by reply e-mail and destroy all copies. <br>
You are hereby notified that any disclosure, copying, or distribution of=
this message, or the taking <br>
of any action based on it, is strictly prohibited.<br>
<br>
WARNING: Computer viruses can be transmitted via email. The recipient=
should check this email<br>
and any attachments for the presence of viruses. The sender accepts no=
liability for any damage <br>
caused by any virus transmitted by this email. E-mail transmission cannot=
be guaranteed <br>
to be secure or error-free as information could be intercepted, corrupted,=
lost, destroyed, arrive <br>
late or incomplete, or contain viruses. The sender therefore does not=
accept liability for any errors <br>
or omissions in the contents of this message, which arise as a result of=
e-mail transmission.<br>
</font></td></tr></table>
------_=_NextPart_001_01C4E3B1.9B8D38EF--
