I have a trace file from my network. I would like to identify the top 10 applications used by us . Does tcpdump provide any application based filtering options ? Any details regarding this would be very helpful. Thanks.
Asked
Active
Viewed 413 times
1 Answers
0
There is no simple way to find the application from a trace. Reading the ports may give an idea (25 = SMTP, 80 = HTTP, etc) but it is far from enough since some applications use a lot of varying ports (BitTorrent) and some applications run (cuckoo-style) on another port to pass through firewalls (for instance, it is quite common to have SSH servers on port 443, to be sure to reach them even from airport and hotel hotspots).
DPI (Deep Packet Inspection) may help but many applications are encrypted or use other DPI evasion techniques, since DPI is often used for nefarious reasons.
bortzmeyer
- 3,941
- 1
- 21
- 24