16 Dec
2004
16 Dec
'04
11:16 a.m.
Currently, I use (protocol, port_number) as indicator of application. Referring to rfc on wellknown protocol and port allocation, I can only identity about 50% of traffic type.
Is there a complete (protocol, port_number) list ? or is there a better way to identify application type based on netflow data?
Cisco's "Network Based Application Recognition" can recognise quite a few things, particularly a fair few p2p applications. It looks at the actual contents of packets, not just the port numbers.