nfsen and protocol analysing plugin
Hi everybody, Does any body know any plugin for nfsen which can analyse protocols and give out report for us? ( using netflow ) By default nfsen only shows TCP, UDP and ICMP traffic not detail. For example I want to show me how much "YMessenger" traffic I have, or how much "IMAP" traffic I have. Thanks -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
On Fri, 16 Mar 2012, Shahab Vahabzadeh wrote:
Hi everybody, Does any body know any plugin for nfsen which can analyse protocols and give out report for us? ( using netflow ) By default nfsen only shows TCP, UDP and ICMP traffic not detail. For example I want to show me how much "YMessenger" traffic I have, or how much "IMAP" traffic I have.
I think you want the PortTracker plugin. Goog for "nfsen plugins" and you'll find it. jms
Its a port tracker and traffic analyser, the plugin I want can gather valuable data from netflow. For example "GTalk" is on port 80 and this plugin can not detect it ;) Thanks On Fri, Mar 16, 2012 at 9:36 PM, Justin M. Streiner <streiner@cluebyfour.org
wrote:
On Fri, 16 Mar 2012, Shahab Vahabzadeh wrote:
Hi everybody,
Does any body know any plugin for nfsen which can analyse protocols and give out report for us? ( using netflow ) By default nfsen only shows TCP, UDP and ICMP traffic not detail. For example I want to show me how much "YMessenger" traffic I have, or how much "IMAP" traffic I have.
I think you want the PortTracker plugin. Goog for "nfsen plugins" and you'll find it.
jms
-- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
On Fri, 16 Mar 2012, Shahab Vahabzadeh wrote:
Its a port tracker and traffic analyser, the plugin I want can gather valuable data from netflow. For example "GTalk" is on port 80 and this plugin can not detect it ;)
You're not going to get that kind of detail from Netflow. It doesn't have the visibility into application layer to tell you GTalk from straight HTTP, from any other traffic that might be riding on destination socket tcp/80. You need something with visibility and intelligence higher up in the stack (sniffer, packet inspection engine, etc). jms
participants (2)
-
Justin M. Streiner -
Shahab Vahabzadeh