On 26/10/2012 8:05 πμ, Peter Haag wrote: > So far nbar is not implemented, however can be done, if there is a user > demand. > I would need flow traces ( full pcap dumps of flow exports ) in order to > to implement this feature. So feel free to send me them off list. > > As for the predefined filters - I'd happily integrate them, but would need > user feedback, what they want to see going into the defaults.
Thank you Peter, I'll send you pcap flows which should include nbar data. That would be classic nbar (available from IOS 12.x), not Flexible Netflow nbar data, available (optionally) from IOS 15+ (we still don't have IOS 15+). As for the filters, below are some basic ones, drawn from a Cisco router. I would think that a plugin might be a convenient way to do aggregate analysis. In the simplest form, the user would just select an IP address and a time range, and it would output all known protocols "talked", together with the associated peers and the total traffic between the selected IP address and each one of them (inbound/outbound -separately) per protocol. #sh ip nbar port-map gnutella port-map gnutella udp 6346 6347 6348 port-map gnutella tcp 6346 6347 6348 6349 6355 5634 # #sh ip nbar port-map edonkey port-map edonkey tcp 4662 # #sh ip nbar port-map fasttrack port-map fasttrack tcp 1214 # #sh ip nbar port-map imap port-map imap udp 143 220 port-map imap tcp 143 220 # #sh ip nbar port-map pop3 port-map pop3 udp 110 port-map pop3 tcp 110 # #sh ip nbar port-map smtp port-map smtp tcp 25 # #sh ip nbar port-map ftp port-map ftp tcp 21 # #sh ip nbar port-map ssh port-map ssh tcp 22 # #sh ip nbar port-map h323 port-map h323 udp 1300 1718 1719 1720 11720 port-map h323 tcp 1300 1718 1719 1720 11000 - 11999 # #sh ip nbar port-map http port-map http tcp 80 # #sh ip nbar port-map sip port-map sip udp 5060 port-map sip tcp 5060 # #sh ip nbar port-map secure-http port-map secure-http tcp 443 # #sh ip nbar port-map secure-ftp port-map secure-ftp tcp 990 # #sh ip nbar port-map secure-imap port-map secure-imap udp 585 993 port-map secure-imap tcp 585 993 # #sh ip nbar port-map secure-pop3 port-map secure-pop3 udp 995 port-map secure-pop3 tcp 995 # #sh ip nbar port-map secure-ldap port-map secure-ldap udp 636 port-map secure-ldap tcp 636 # #sh ip nbar port-map ldap port-map ldap udp 389 port-map ldap tcp 389 # #sh ip nbar port-map sqlnet port-map sqlnet tcp 1521 Best regards, Nick ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
