we complained about having to populate this info and i believe the netflow folks will release a fully populated protocols/ports file in v2.0 which is about 30 days away from release, i think. there will always be things like traceroute that use very high port numbers and increment them along the path, or custom aplications so you'll always have fairly large numbers of "other". at least that's been our experience. -brett

On Thu 20 Nov, steven hessing wrote:

...

The other day we started using Cisco netflow accounting software together with IP flow export feature of recent Cisco IOS versions.

What we found was that although we put a lot of protocols in the nfknown.protocols file of the accounting software (everywthing we could find in the /etc/services file of Solaris and Linux), there is still a lot of traffic under TCP-Other and UDP-Other. This indicated that traffic is going over our network using ports that the software doesn't know about.

This could for example be Real-audio, Cuseeme, Pointcast, Backweb etc traffic. Unfortunately, I don't have a list of these newer protocols together with their port numbers. Has anyone compiled such a list? There's the Assigned numbers RFC but the last version of it is RFC 1700 of October 1994.

Try,

ftp://ftp.isi.edu/in-notes/iana/assignments/port-numbers

It doesn't give a date it was last updated - but the list is bloody long so should do you ;-)

Cheers,

aid

-- Adrian J Bool | mailto:aid@u-net.net Network Operations | http://www.noc.u-net.net/ U-NET Ltd, UK | tel://44.1925.484461/