1 Reply Latest reply on Apr 28, 2015 1:14 PM by bondbane

    What are the characteristics of Freenet that NPM looks for?

    bondbane

      The QoE monitor in our NPM found Freenet traffic. I'm looking at the server that it is pointing to, and not finding much that is interesting. What are the characteristics of Freenet traffic that NPM is looking for? Is there a wireshark filter that I could use to find the same traffic? This would help me determine if this is a false positive, and which process might be responsible for this traffic.

        • Re: What are the characteristics of Freenet that NPM looks for?
          bondbane

          I got some answers and it's complicated. "QoE is using “something like” wireshark (exactly pcap driver and 3rd party library that tries to classify traffic by rules to application/protocol name). In some cases (usually when there is only oneside communication) library is not able to classify it correctly because of missing handshake or active transaction so it assigns it to some application only by port used." Therefore, if the service is showing data but no transactions, there is a higher rate of false positives. If SolarWinds is seeing transactions and data, then "false positive classification is very uncommon."

           

          "The 8888 port is for the freenet proxy software where you access most freenet functionality from the browser. Port 8080 is for the Freenet Message System if you install that and 9481 is for the API interface that jSite uses." according to Using Freenet .

           

          Thank you SolarWinds support and devs for helping me with this.

          1 of 1 people found this helpful