* [LARTC] Traffic classification.
@ 2002-09-11 13:43 George J. Jahchan
2002-09-13 13:02 ` R P Herrold
0 siblings, 1 reply; 2+ messages in thread
From: George J. Jahchan @ 2002-09-11 13:43 UTC (permalink / raw)
To: lartc
Are there any Linux tools to identify and report network traffic at the
application layer (sort of an application-layer protocol sniffer)? Layer
2-to-4 sniffers are next to useless at identifying apps that do not use
fixed and documented ports. Examples: Peer-to-peer apps or apps
utilizing well known ports defined for other apps like non-http traffic
to tcp/80, or non-ftp traffic to tcp/21, etc...
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [LARTC] Traffic classification.
2002-09-11 13:43 [LARTC] Traffic classification George J. Jahchan
@ 2002-09-13 13:02 ` R P Herrold
0 siblings, 0 replies; 2+ messages in thread
From: R P Herrold @ 2002-09-13 13:02 UTC (permalink / raw)
To: lartc
On Wed, 11 Sep 2002, George J. Jahchan wrote:
> Are there any Linux tools to identify and report network traffic at the
> application layer (sort of an application-layer protocol sniffer)? Layer
> 2-to-4 sniffers are next to useless at identifying apps that do not use
> fixed and documented ports. Examples: Peer-to-peer apps or apps
> utilizing well known ports defined for other apps like non-http traffic
> to tcp/80, or non-ftp traffic to tcp/21, etc...
tcpflow --
packaged in RPMs, with underlying SRPM at: ftp.owlriver.com
in /pub/local/ORC/tcpflow/
comes to mind -- it allows line by line post-reconstruction
and reverse engineering of an arbitrary IP protocol. I forget
the reference site, but Google shjould reveal it.
-- Russ Herrold
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-09-13 13:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-09-11 13:43 [LARTC] Traffic classification George J. Jahchan
2002-09-13 13:02 ` R P Herrold
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.