I will be out of the office until Monday 8/9. If this is an emergency, please contact Retze Santos or Tim Grant.
Thanks! Gary >>> ntop 08/05/06 07:50 >>> Read the FAQ - the algo is disclosed. Essentially it's the lowest # recognized - so that should ntop see the conversation starting from the middle it makes the most likely correct guess. So a packet from a.b.c.d:32541 to d.e.f.g:80 is assumed to be http (port 80). -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugo Rebello Sent: Wednesday, August 02, 2006 4:30 PM To: [email protected] Subject: Re: [Ntop] Question about ports Yes, that´s it. I don´t have netflow enable in my router even thus when I access the "IP - Summary - Traffic" NTOP option I can see the Kazaa, eDonkey and others traffics like that. However I cannot see the ports information. Sterling Jacobson wrote: >My router does statefull packet inspection to identify Bittorrent and other P2P traffic. The netflow information I'm sending from this router to NTOP does not appear to contain this data. > >Am I right? Does NTOP figure out itself what these packets are I guess? >Can NTOP be configured to recognize these packets (which may be on any port), or the netflow configured for that from the router that CAN determine what is P2P regardless of port? > > > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of >Daniel Lunde >Sent: Wednesday, August 02, 2006 9:26 AM >To: [email protected] >Subject: Re: [Ntop] Question about ports > >The protocol list is embedded in the ntop code. The best solution is >to create your own list and start ntop with the -p option. (i.e. ntop >-p /etc/ntop/protocol.list). I started with ntop's list and added a >bunch more based on the services I run. > >To find what ports a particular service runs on, you can check /etc/ >services, the services configuration file, or netstat -a to see what >ports are listening. Sorry, I'm no windows guy, so linux is all I can >help with. Google is your best friend otherwise. > >Daniel > >Here's my list: > >HTTP=http|www|https|3128 >DNS=name|domain >Mail=pop-2|pop-3|pop3|kpop|smtp|imap|imap2 >NFS=mount|pcnfs|bwnfs|nfsd|nfs|nfsd-status|7000-7009 >AFP=afpovertcp >Windows=netbios-ns|netbios-dgm|netbios-ssn >FTP=ftp|ftp-data >TFTP=69 >LDAP=ldap|ldapssl >SSH=ssh >Telnet=telnet|login >iTunes=3689 >Radmind=6662 >Amanda=10080-10083 >Xgrid=4111 >Keysvr=19283 >Filemkr=5003|50003|50006 >FlexLM=7111 >ARD=3238 >QTSS=554|8000-8001 >mDNS=5353 >sFlow=6343 >DHCP=67-68 >RPC=111 >SNMP=snmp|snmp-trap >SLP=427 >LPR=515|631 >NNTP=nntp >VoIP=5060|2000|54045 >X11=6000-6010 >Gnutella=6346|6347|6348 >Kazaa=1214 >WinMX=6699|7730 >DirectConnect=-1 >eDonkey=4661-4665 >BitTorrent=6881-6999|6969 >Messenger=1863|5000|5001|5190-5193 > > >On Aug 2, 2006, at 10:02 AM, Hugo Rebello wrote: > > > >>Guys, >> >>I´d like to know how to ntop identify the kazaa, eDonkey,Messenger and >>others traffics ? >>Where can I find the port information about this traffic ? >> >>Thank you. >> >>Cheers, >>Hugo >> >> >> >>_______________________________________________ >>Ntop mailing list >>[email protected] >>http://listgateway.unipi.it/mailman/listinfo/ntop >> >> > >_______________________________________________ >Ntop mailing list >[email protected] >http://listgateway.unipi.it/mailman/listinfo/ntop > > > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
