[ale] Text Processing Happiness - I'm no longer lost

Bruce callmebruce2002 at yahoo.com
Sat Aug 18 18:20:16 EDT 2007


Done! Thanks (and somebody responded earlier today -
thank you as well!)

Doing that, and doing a uniq to get down to single
instances of applications brought some very basic
communications stuff into perspective:

The client issues a request to the server over the
specified port (say port 80). So - I can classify
destination port 80 as HTTP traffic. All well and
good. Netflow Collector lets me have different
application names for source and destination - but the
commercial application I use doesn't make that
distinction.

What that means is I'm seeing a bunch of goofy
high-numbered apps running around if I use the IANA
port names. And I know that isn't the case - I know it
is application servers sending responses back over
higher TCP ports. Urgh. I need to use a tool that is
conversation-based, not port based with no distinction
between source and destination.

It was interesting anyway. I'm not sure if I'll leave
it with all apps defined, or just go back to using
ranges for everything above TCP and UDP ports 1023.
That would still give me traffic volume per device,
but not really by application.

If y'all were doing a Netflow thing for a customer,
what would you use? Would flow-tools do the trick?

> 
> | cut -f 5 -d ","
> 



       
____________________________________________________________________________________
Got a little couch potato? 
Check out fun summer activities for kids.
http://search.yahoo.com/search?fr=oni_on_mail&p=summer+activities+for+kids&cs=bz 



More information about the Ale mailing list