On Wed, 11 Sep 2002, George J. Jahchan wrote: > Are there any Linux tools to identify and report network traffic at the > application layer (sort of an application-layer protocol sniffer)? Layer > 2-to-4 sniffers are next to useless at identifying apps that do not use > fixed and documented ports. Examples: Peer-to-peer apps or apps > utilizing well known ports defined for other apps like non-http traffic > to tcp/80, or non-ftp traffic to tcp/21, etc... tcpflow -- packaged in RPMs, with underlying SRPM at: ftp.owlriver.com in /pub/local/ORC/tcpflow/ comes to mind -- it allows line by line post-reconstruction and reverse engineering of an arbitrary IP protocol. I forget the reference site, but Google shjould reveal it. -- Russ Herrold _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
