Hi Fred, the port numbers are listed in a file tipically located at /etc/services , take a look at it. But as far as I can see, the ports that are not "converted" to names are not from standard apps. They might be dynamically allocated ports that clients use to connect to servers. You may wish to try format 7 from flow-stat.
Peter On Wed, 2004-12-22 at 23:38, Fred Jordan wrote: > I ran the following report and I am not sure how to identify > just what type of traffic all of these flows are. Is there a better > report to generate that would help to identify the type of traffic? > Where does flow-stat get the port numbers it does know how to identify? > > Thanks, > Fred > > flow-cat -p /usr/local/flow-tools | flow-stat -S2 -n -f5 | head -32 | tail > -30 > # Fields: Total > # Symbols: Enabled > # Sorting: Descending Field 2 > # Name: UDP/TCP destination port > # > # Args: flow-stat -S2 -n -f5 > # > # > # port flows octets packets > # > smtp 2551301 31022980747 39482912 > http 13687425 23891644644 217970777 > 1099 5249 13151650784 10497118 > 6881 108331 8285594335 8733093 > 1034 35697 5452674990 9766691 > 65293 1486 4416362187 3295679 > https 1794874 4279658603 27494340 > microsoft- 25749465 2745611597 54566737 > domain 5840647 2311620255 32003883 > ms-sql-m 5525074 2311422935 5625980 > 1024 33565 2043144216 1522753 > 6882 37654 1995891311 2134505 > Gnutella 587904 1832729664 12773477 > ftp-data 60533 1784652793 4093157 > 22331 244 1648258993 1630914 > 1026 611414 1402317295 1905047 > 8002 2591107 1380928755 13060382 > 6883 16427 1105394931 1119746 > 1027 583393 1002292746 1079930 > 4311 60347 916141585 1700520 > % > > _______________________________________________ > Flow-tools mailing list > [EMAIL PROTECTED] > http://mailman.splintered.net/mailman/listinfo/flow-tools _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
