Traffic flow characterization

From: Tim Durack (tdurack@yahoo.com)
Date: 03/06/03

Next message: Sonia Panchen: "RE: Traffic flow characterization"

Previous message: Neil McKee: "Re: Announce: version 2.2.32 (KeepFreeMBytes bugfix and RedHat 8.0 install)"
Next in thread: Sonia Panchen: "RE: Traffic flow characterization"
Reply: Sonia Panchen: "RE: Traffic flow characterization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Has any consideration been given to characterizing traffic flows using
L5-7?

Given that traffic samples are 100 bytes in length, is this enough data
to use more than just L4 ports for identification?

I suppose this would be a lot more expensive computation wise, but L4
could be used to map a flow, and then payload could be used for
confirmation. This would be very useful for identifying p2p apps, and
anything that relies on >1024 ports.

Any thoughts?

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
//taxes.yahoo.com/

Next message: Sonia Panchen: "RE: Traffic flow characterization"
Previous message: Neil McKee: "Re: Announce: version 2.2.32 (KeepFreeMBytes bugfix and RedHat 8.0 install)"
Next in thread: Sonia Panchen: "RE: Traffic flow characterization"
Reply: Sonia Panchen: "RE: Traffic flow characterization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.4 : 03/06/03 PST