I am working with some large network captures. Most of the traffic is
http (actually http to a proxy server listening on TCP/8080).
I would like to find a way to classify the traffic - something like:
Plain vanilla http (web pages)
Tunneling protocols (SSL VPNs, IM, or anything else tunneling through
http/http proxy)
Large images
Video/Streaming Media
Etc.
I realize you can look by hand, but during a typical two minute capture,
I am getting around 100,000 packets so I need a pattern match. This
list has been great - for example after reading about dumpcap I used
that instead of Wireshark to do the capture and it worked fabulously. I
am hoping to glean some insight into how to deal with this!
This is for several reasons including security and especially for
bandwidth management. I would like to be able to see for example, what
percentage of my traffic/bandwidth is being eaten up by large
images/video/streaming media.
Any ideas, suggestions, links, references or advice would be greatly
appreciated.
Thank you,
--Jim
