Well... Actually it works on our production applications that uses FTP
(passive mode). The problem is only visible when I've used Filezilla
Client for testing ntop...
That's strange. One day if I have time I will check where the difference
can be.
Thanks!
--
Erwan
Gary Gatten wrote:
Apps that use dynamically negotiated ports such as ftp (active or passive), RPC, etc are
difficult to account for - and IIRC nTop does not do it - it's "other" as you
noticed.
There's one option (I know of), a flag/arg to tell nTop that all traffic gt 1023 is ftp
traffic. This may or may not work for you depending on your environment. Check the man
page for this info. If the ftp hosts are static, you may be able to define a
"flow" - I *think* ntop still supports those. Generally they don't have much
use but in your case perhaps they would help.
HTH
G
----- Original Message -----
From: [email protected] <[email protected]>
To: [email protected] <[email protected]>
Sent: Wed May 26 05:24:02 2010
Subject: [Ntop] Unable to catch FTP passive trafic
Hello,
I've a linux server that run as network bridge between firewall and LAN,
I can capture all I/O from WAN and LAN.
I want to get statistics for FTP trafic. Only passive mode is used. On
the section "Global TCP/UDP Protocol Distribution" only FTP on port 21
is recognize as FTP protocol. The data is reference as "Other
TCP/UDP-based Protocols".
I use ntop-3.4-pre3 and libpcap 0.9.8-5 on debian lenny. I've launch
ntop with only protocol "FTP=ftp|ftp-data" (I've tested with default
values too).
Ntop is running with "ntop" user and ip_conntrack_ftp module is loaded
correctly.
Is anyone has an idea why FTP passive data is not recognize as FTP
trafic by ntop ???
Thanks!
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
