Deep packet inspection into P2P protocols has to be hand-coded. As
protocols change, this needs to be fixed. You may need to capture the
packets and disassemble the contents for the specific protocol. Then make
the necessary mods in sessions.c, handleTCPSession(), specifically the block
beginning
} else {
/*
T. Karagiannis and others
File-sharing in the Internet: A characterization of
P2P traffic in the backbone
*/
/* Further decoders */
if((!theSession->isP2P)
&& (packetDataLength > 0)
&& ((theSession->bytesProtoSent.value > 0) &&
(theSession->bytesProtoSent.value < 1400))) {
rcStr = (u_char*)malloc(len+1);
memcpy(rcStr, packetData, len);
rcStr[len-1] = '\0';
/* See dcplusplus.sourceforge.net */
if(portRange(sport, dport, 411, 412)
...
Take THAT discussion to ntop-dev.
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan
LeBlanc
Sent: Tuesday, June 14, 2005 5:54 PM
To: [email protected]
Subject: [Ntop] P2P Recently Exchanged Files
I have Ntop running on a very active network, and am getting good results.
One host has transferred upwards of 800 megs, most of which is P2P.
However, the recently exchanged files list (for all hosts) only
has: "1. <unknown file>" both uploaded and downloaded. Is there something
special I have to do to get it to list the files?
--
Ryan
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
