Bytes exchange within endpoints for traffic identification
CS Lee
geek00l at gmail.com
Thu Jan 3 22:24:00 EST 2008
Hi Carter,
I have discussion with my colleague about the traffic identification by
looking at the exchange bytes between two endpoints, for example -
host A - 80 bytes -> host B
host B - 80 bytes -> host A
host A - 100 bytes -> host B
host B - 120 bytes -> host A
.....
And it can be classified as certain traffics that generated by certain
application. As modern application are not using standard port(port 80 as
web, port 25 as smtp) and so forth especially since p2p comes into the
arsenal, so the bytes exchange in each packets can be used to identify the
network traffic type(since argus has the meter for sbytes and dbytes
already). We found fl0p that doing this -
http://freshmeat.net/projects/fl0p/
Now the question is, where can we import this capability to argus if
possible and can you point us to it. Let us know if this is not something
feasible to do so.
Thanks
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20080104/b88402a6/attachment.html>
More information about the argus
mailing list