Currently, I use (protocol, port_number) as indicator
of application. Referring to rfc on wellknown protocol
and port allocation, I can only identity about 50% of
Is there a complete (protocol, port_number) list ? or
is there a better way to identify application type
based on netflow data?
Cisco's "Network Based Application Recognition" can recognise quite
a few things, particularly a fair few p2p applications. It looks
at the actual contents of packets, not just the port numbers.