| Hi, I've enabled two new protocols for nDPI, Lotus Notes and SAP. I just copied the smb.c, changed all necessary files and changed also sap.c and notes.c to search only for the destination port first. Can i say something like if(packet->tcp->dest >= htons(3200) || packet->tcp->dest <= htons(3399)) instead of comparing all possibly ports? Can anyone tell me how to start with network packets from tcpdump to define a better rule for detecting these protocols? By the way, Lotus Notes seems to work, SAP not. Source code is attached. Another problem is one of the other protocols, nDPI is detecting SMB traffic (port 445) as FTP! What the hell? ntop says it is the port microsoft-ds but in the IP Traffic overview it is counted as FTP!? Any help? Thanks! Frank |
notes.c
Description: Binary data
sap.c
Description: Binary data
-- Frank Fiene / IT-Services Internet Services / IT-Security Fon: +49 2526 29-6200 Fax: +49 2526 29-16-6200 mailto: [email protected] http://www.veka.com PGP-ID: 20419C64 PGP-Fingerprint: 93FB 5525 88C0 8F40 E7FD EAB5 BBB4 435F 2041 9C64 VEKA AG Dieselstr. 8 48324 Sendenhorst Deutschland/Germany Vorstand/Executive Board: Andreas Hartleif (Vorsitzender/CEO), Dr. Andreas W. Hillebrand, Bonifatius Eichwald, Elke Hartleif, Dr. Werner Schuler, Vorsitzender des Aufsichtsrates/Chairman of Supervisory Board: Ulrich Weimer HRB 8282 AG Münster/District Court of Münster |
_______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
