is there any way to do layer 7 reporting like some of the comercial filters/packet shapers?
proxy only shows about half of the traffic since so much is not running on port 80.
my goal is to see where all my traffic is going (flash video, rdp, ssh, etc)
btw i have a rb1000
thanks
tom
Depends.
A lot of that you do not need application inspection for. It is probably sufficient to recognize many protocols by their well known ports.
Also, the largest variable here is throughput. Can you write application layer patterns to recognize many protocols? Yes. Some of them are going to be awfully complex, some are downright impossible without proxying data (can’t inspect the inside of an SSL tunnel, for example). For anything approaching modern broadband speeds - particularly if you’re going faster than that, or are aggregating broadband circuits - you’re probably not going to get away with a stock processor and will require custom silicone or programmable hardware such as ASICs or FPGAs.