Tools classifying network traffic to applications
Hi, As I know there is tools designed to analyze VoIP traffic, but for viewpoint of traffic management this is not enough. Is there tool which could classify network traffic to its applications? e.g. the tools catch network traffic and recognize its application type automatically. If 80% of (80/tcp) is web browsing (tcp/80) is recognized as WEB browsing; if 80% of (1234/tcp) is Edonky, it is recognized as Edonkey application. Joe Send instant messages to your online friends http://asia.messenger.yahoo.com
Google for FlowScan and CUFlow On Thu, 2005-09-22 at 18:11 +0800, Joe Shen wrote:
Hi,
As I know there is tools designed to analyze VoIP traffic, but for viewpoint of traffic management this is not enough. Is there tool which could classify network traffic to its applications?
e.g. the tools catch network traffic and recognize its application type automatically. If 80% of (80/tcp) is web browsing (tcp/80) is recognized as WEB browsing; if 80% of (1234/tcp) is Edonky, it is recognized as Edonkey application.
Joe
Send instant messages to your online friends http://asia.messenger.yahoo.com --
Erik Haagsman Network Architect We Dare BV Tel: +31(0)10-7507008 Fax: +31(0)10-7507005 http://www.we-dare.nl
On Thu, 22 Sep 2005, Erik Haagsman wrote:
Google for FlowScan and CUFlow
which can't really tell bittorrent (or ssh or aim or...) over tcp/80 from http over tcp/80... I think Joe's looking for something that knows what protocols look like below the port number and can spit out numbers for that... these, it would seem to me, would all require in-line traffic capture or mirrored port (mirrored traffic, not necessarily an ethernet port mirror) to be effective.
On Thu, 2005-09-22 at 18:11 +0800, Joe Shen wrote:
Hi,
As I know there is tools designed to analyze VoIP traffic, but for viewpoint of traffic management this is not enough. Is there tool which could classify network traffic to its applications?
e.g. the tools catch network traffic and recognize its application type automatically. If 80% of (80/tcp) is web browsing (tcp/80) is recognized as WEB browsing; if 80% of (1234/tcp) is Edonky, it is recognized as Edonkey application.
Joe
Send instant messages to your online friends http://asia.messenger.yahoo.com --
Erik Haagsman Network Architect We Dare BV Tel: +31(0)10-7507008 Fax: +31(0)10-7507005 http://www.we-dare.nl
Christopher L. Morrow wrote:
which can't really tell bittorrent (or ssh or aim or...) over tcp/80 from http over tcp/80... I think Joe's looking for something that knows what protocols look like below the port number and can spit out numbers for that... these, it would seem to me, would all require in-line traffic capture or mirrored port (mirrored traffic, not necessarily an ethernet port mirror) to be effective.
We can do that up to 2Gbps; http://www.rommon.com/ , BitTorrent, KaZaa, eDonkey, HTTP, etc. supported.
Pete
On Thu, 22 Sep 2005, Petri Helenius wrote:
Christopher L. Morrow wrote:
which can't really tell bittorrent (or ssh or aim or...) over tcp/80 from http over tcp/80... I think Joe's looking for something that knows what protocols look like below the port number and can spit out numbers for that... these, it would seem to me, would all require in-line traffic capture or mirrored port (mirrored traffic, not necessarily an ethernet port mirror) to be effective.
We can do that up to 2Gbps; http://www.rommon.com/ , BitTorrent, KaZaa, eDonkey, HTTP, etc. supported.
Pete
hi,
Christopher L. Morrow wrote:
which can't really tell bittorrent (or ssh or aim or...) over tcp/80 from http over tcp/80... I think Joe's looking for something that knows what protocols look like below the port number and can spit out numbers for that... these, it would seem to me, would all require in-line traffic capture or mirrored port (mirrored traffic, not necessarily an ethernet port mirror) to be effective.
Yes, that's what I want-- Find out what application use what protocol and what number, then apply that result to netflow analysis system which could be used to get statistics of multiple sites.
We can do that up to 2Gbps; http://www.rommon.com/ , BitTorrent, KaZaa, eDonkey, HTTP, etc. supported.
It seems to focus on P2P application. Is there tool to support applications as more as possible( include p2p, voip, web, ftp, network game, etc. ) regards Joe Send instant messages to your online friends http://asia.messenger.yahoo.com
On Fri, 23 Sep 2005, Joe Shen wrote:
hi,
Christopher L. Morrow wrote:
which can't really tell bittorrent (or ssh or aim or...) over tcp/80 from http over tcp/80... I think Joe's looking for something that knows what protocols look like below the port number and can spit out numbers for that... these, it would seem to me, would all require in-line traffic capture or mirrored port (mirrored traffic, not necessarily an ethernet port mirror) to be effective.
Yes, that's what I want-- Find out what application use what protocol and what number, then apply that result to netflow analysis system which could be used to get statistics of multiple sites.
It's not clear to me that you can easily correlate netflow and capture data, especially since you may not see the same data at each point... Most of the data capture/analysis boxes probably also do graphs and traffic info as well, why not rely on their data?
It seems to focus on P2P application. Is there tool to support applications as more as possible( include p2p, voip, web, ftp, network game, etc. )
The emphasis on p2p is mainly due to the usual questions focusing on
Joe Shen wrote: them. Obviously the more "traditional" protocols like RTP, HTTP, FTP, etc. are supported also. (RTP with loss/jitter analysis has quite a few uses) Pete
Sure, Check out Intrusense nSight: http://www.intrusense.com/products Darren On 9/22/05, Joe Shen <joe_hznm@yahoo.com.sg> wrote:
Hi,
As I know there is tools designed to analyze VoIP traffic, but for viewpoint of traffic management this is not enough. Is there tool which could classify network traffic to its applications?
e.g. the tools catch network traffic and recognize its application type automatically. If 80% of (80/tcp) is web browsing (tcp/80) is recognized as WEB browsing; if 80% of (1234/tcp) is Edonky, it is recognized as Edonkey application.
Joe
Send instant messages to your online friends http://asia.messenger.yahoo.com
-- Thank you, Darren Bounds
not sure if this meets your requirements, but if you want an appliance there are: http://www.visualnetworks.com/ http://www.networkinstruments.com/ -r -- +++ATH 7MN; {{{
participants (6)
-
Christopher L. Morrow
-
Darren Bounds
-
Erik Haagsman
-
Joe Shen
-
Petri Helenius
-
ravi pina