I ran the following report and I am not sure how to identify
just what type of traffic all of these flows are. Is there a better
report to generate that would help to identify the type of traffic?
Where does flow-stat get the port numbers it does know how to identify?
Thanks,
Fred
flow-cat -p /usr/local/flow-tools | flow-stat -S2 -n -f5 | head -32 | tail
-30
# Fields: Total
# Symbols: Enabled
# Sorting: Descending Field 2
# Name: UDP/TCP destination port
#
# Args: flow-stat -S2 -n -f5
#
#
# port flows octets packets
#
smtp 2551301 31022980747 39482912
http 13687425 23891644644 217970777
1099 5249 13151650784 10497118
6881 108331 8285594335 8733093
1034 35697 5452674990 9766691
65293 1486 4416362187 3295679
https 1794874 4279658603 27494340
microsoft- 25749465 2745611597 54566737
domain 5840647 2311620255 32003883
ms-sql-m 5525074 2311422935 5625980
1024 33565 2043144216 1522753
6882 37654 1995891311 2134505
Gnutella 587904 1832729664 12773477
ftp-data 60533 1784652793 4093157
22331 244 1648258993 1630914
1026 611414 1402317295 1905047
8002 2591107 1380928755 13060382
6883 16427 1105394931 1119746
1027 583393 1002292746 1079930
4311 60347 916141585 1700520
%
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
