nanog mailing list archives
Re: nfsen and protocol analysing plugin
From: "Justin M. Streiner" <streiner () cluebyfour org>
Date: Fri, 16 Mar 2012 14:30:21 -0400 (EDT)
On Fri, 16 Mar 2012, Shahab Vahabzadeh wrote:
Its a port tracker and traffic analyser, the plugin I want can gather valuable data from netflow. For example "GTalk" is on port 80 and this plugin can not detect it ;)
You're not going to get that kind of detail from Netflow. It doesn't have the visibility into application layer to tell you GTalk from straight HTTP, from any other traffic that might be riding on destination socket tcp/80. You need something with visibility and intelligence higher up in the stack (sniffer, packet inspection engine, etc).
jms
Current thread:
- nfsen and protocol analysing plugin Shahab Vahabzadeh (Mar 16)
- Re: nfsen and protocol analysing plugin Justin M. Streiner (Mar 16)
- Re: nfsen and protocol analysing plugin Shahab Vahabzadeh (Mar 16)
- Re: nfsen and protocol analysing plugin Justin M. Streiner (Mar 16)
- Re: nfsen and protocol analysing plugin Shahab Vahabzadeh (Mar 16)
- Re: nfsen and protocol analysing plugin Justin M. Streiner (Mar 16)