[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

nfsen and protocol analysing plugin

Subject: nfsen and protocol analysing plugin
From: streiner at cluebyfour.org (Justin M. Streiner)
Date: Fri, 16 Mar 2012 14:30:21 -0400 (EDT)
In-reply-to: <CAGqGmqYUVC8iTkYi7-ybtnSq7aSrHKwH0+a_0R079b=UWqX42A@mail.gmail.com>
References: <CAGqGmqbXqHxcEEjhO=7aJLRJhvtivzOWCQNdrwrWWf_S2P0g6g@mail.gmail.com> <[email protected]> <CAGqGmqYUVC8iTkYi7-ybtnSq7aSrHKwH0+a_0R079b=UWqX42A@mail.gmail.com>

On Fri, 16 Mar 2012, Shahab Vahabzadeh wrote:

> Its a port tracker and traffic analyser, the plugin I want can gather
> valuable data from netflow.
> For example "GTalk" is on port 80 and this plugin can not detect it ;)

You're not going to get that kind of detail from Netflow.  It doesn't 
have the visibility into application layer to tell you GTalk from 
straight HTTP, from any other traffic that might be riding on destination 
socket tcp/80.  You need something with visibility and intelligence 
higher up in the stack (sniffer, packet inspection engine, etc).

jms

References:
- nfsen and protocol analysing plugin
  - From: sh.vahabzadeh at gmail.com (Shahab Vahabzadeh)
- nfsen and protocol analysing plugin
  - From: streiner at cluebyfour.org (Justin M. Streiner)
- nfsen and protocol analysing plugin
  - From: sh.vahabzadeh at gmail.com (Shahab Vahabzadeh)

Prev by Date: Spamhaus - Re: Anyone have experience with Adconion Direct?
Next by Date: shared address space... a reality!
Previous by thread: nfsen and protocol analysing plugin
Next by thread: Spamhaus - Re: Anyone have experience with Adconion Direct?
Index(es):
- Date
- Thread