Re: [Ntop] Question about ports

Wed, 02 Aug 2006 14:31:20 -0700 

Yes, that´s it.
I don´t have netflow enable in my router even thus when I access the "IP - Summary - Traffic" NTOP option I can see the Kazaa, eDonkey and others traffics like that. However I cannot see the ports information. 




Sterling Jacobson wrote:


My router does statefull packet inspection to identify Bittorrent and other P2P 
traffic. The netflow information I'm sending from this router to NTOP does not 
appear to contain this data.

Am I right? Does NTOP figure out itself what these packets are I guess?
Can NTOP be configured to recognize these packets (which may be on any port), 
or the netflow configured for that from the router that CAN determine what is 
P2P regardless of port?



-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Lunde
Sent: Wednesday, August 02, 2006 9:26 AM
To: [email protected]
Subject: Re: [Ntop] Question about ports


The protocol list is embedded in the ntop code.  The best solution is  
to create your own list and start ntop with the -p option. (i.e. ntop  
-p /etc/ntop/protocol.list).  I started with ntop's list and added a  
bunch more based on the services I run.



To find what ports a particular service runs on, you can check /etc/ 
services, the services configuration file, or netstat -a to see what  
ports are listening.  Sorry, I'm no windows guy, so linux is all I  
can help with.  Google is your best friend otherwise.


Daniel

Here's my list:

HTTP=http|www|https|3128
DNS=name|domain
Mail=pop-2|pop-3|pop3|kpop|smtp|imap|imap2
NFS=mount|pcnfs|bwnfs|nfsd|nfs|nfsd-status|7000-7009
AFP=afpovertcp
Windows=netbios-ns|netbios-dgm|netbios-ssn
FTP=ftp|ftp-data
TFTP=69
LDAP=ldap|ldapssl
SSH=ssh
Telnet=telnet|login
iTunes=3689
Radmind=6662
Amanda=10080-10083
Xgrid=4111
Keysvr=19283
Filemkr=5003|50003|50006
FlexLM=7111
ARD=3238
QTSS=554|8000-8001
mDNS=5353
sFlow=6343
DHCP=67-68
RPC=111
SNMP=snmp|snmp-trap
SLP=427
LPR=515|631
NNTP=nntp
VoIP=5060|2000|54045
X11=6000-6010
Gnutella=6346|6347|6348
Kazaa=1214
WinMX=6699|7730
DirectConnect=-1
eDonkey=4661-4665
BitTorrent=6881-6999|6969
Messenger=1863|5000|5001|5190-5193


On Aug 2, 2006, at 10:02 AM, Hugo Rebello wrote:


 


Guys,


I´d like to know how to ntop identify the kazaa, eDonkey,Messenger  
and others traffics ?

Where can I find the port information about this traffic ?

Thank you.

Cheers,
Hugo



_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

   



_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop


 


_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop






















					Reply via email to