[Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ?
Dear Sir, I am having a problem with ntop and I hope that you could tell me the reason for it. I work in a major ISP in Egypt and I was interested in discovering the amount of bandwidth consumed by P2P application in the internet traffic of the users in my network using ntop. I am deploying the windows version of ntop (ntop-3.1-demo) on a Dell machine, as a sample I configured port mirroring on an interface on a juniper router that carries the Internet traffic of some of my customers. I used port mirroring on the interface of the juniper M5 router to mirror the internet traffic of the customers and send it to the server that hosts the ntop application. The problem is that the ntop has indicated that almost 80 % of the traffic was http traffic and almost no P2P traffic that belongs to any application was detected. Theses results were very strange as I did that test at the very early morning where most of the customers are asleep so I expected to see most of the traffic as a P2P download sessions. So I have 2 possibilities, either my idea about the traffic types on my network was greatly mistaken (in this case our network will be the first network in the world that has no problems with the P2P trafficJ), or that something went wrong that prevented the ntop application from identifying the traffic of the P2P applications like kazaa and bit torrentetc. I hope that you can provide me with an advice about the reason why didnt the ntop detect the P2P traffic, and if I can do something about that or not. Thanks Regards Ramy mohsen Motawei Planning and Designing Engineer Data communication dep. LINKdotNET 3 mussadak st. Dokki, Giza, Egypt E-mail:[EMAIL PROTECTED] Web: www.link.net Tel.: +202 336 77 11 - Ext:1410 Fax: +202 336 49 10 Confidentiality: This e-mail communication and any attachments thereto contain information which is confidential and are intended only for the use of the individuals or entities named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking any action in reliance on the contents of these documents is strictly prohibited and may be illegal. Please notify us of your receipt of this e-mail in error and delete the e-mail and any copies of it. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ?
Dear Sir, Thank you for your fast reply, so is there is a site that I can download a version of ntop for windows that is not restricted to this small number of packets? Please advice. Best Regards Ramy mohsen Motawei Planning and Designing Engineer Data communication dep. LINKdotNET 3 mussadak st. Dokki, Giza, Egypt E-mail:[EMAIL PROTECTED] Web: www.link.net Tel.: +202 336 77 11 - Ext:1410 Fax: +202 336 49 10 Confidentiality: This e-mail communication and any attachments thereto contain information which is confidential and are intended only for the use of the individuals or entities named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking any action in reliance on the contents of these documents is strictly prohibited and may be illegal. Please notify us of your receipt of this e-mail in error and delete the e-mail and any copies of it. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss Sent: Thursday, December 29, 2005 4:29 PM To: ntop@Unipi.IT Subject: RE: [Ntop] I am having a problem,ntop doesn't detect P2P traffic. could you advice me what to do ? The demo version records only 1000 packets - I think drawing ANY conclusion from that small a sample is unreliable. -Burton From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramy Motawei Sent: Thursday, December 29, 2005 2:54 AM To: ntop@Unipi.IT Cc: Mohamed Gamal Subject: [Ntop] I am having a problem,ntop doesn't detect P2P traffic. could you advice me what to do ? Dear Sir, I am having a problem with ntop and I hope that you could tell me the reason for it. I work in a major ISP in Egypt and I was interested in discovering the amount of bandwidth consumed by P2P application in the internet traffic of the users in my network using ntop. I am deploying the windows version of ntop (ntop-3.1-demo) on a Dell machine, as a sample I configured port mirroring on an interface on a juniper router that carries the Internet traffic of some of my customers. I used port mirroring on the interface of the juniper M5 router to mirror the internet traffic of the customers and send it to the server that hosts the ntop application. The problem is that the ntop has indicated that almost 80 % of the traffic was http traffic and almost no P2P traffic that belongs to any application was detected. Theses results were very strange as I did that test at the very early morning where most of the customers are asleep so I expected to see most of the traffic as a P2P download sessions. So I have 2 possibilities, either my idea about the traffic types on my network was greatly mistaken (in this case our network will be the first network in the world that has no problems with the P2P trafficJ), or that something went wrong that prevented the ntop application from identifying the traffic of the P2P applications like kazaa and bit torrentetc. I hope that you can provide me with an advice about the reason why didnt the ntop detect the P2P traffic, and if I can do something about that or not. Thanks Regards Ramy mohsen Motawei Planning and Designing Engineer Data communication dep. LINKdotNET 3 mussadak st. Dokki, Giza, Egypt E-mail:[EMAIL PROTECTED] Web: www.link.net Tel.: +202 336 77 11 - Ext:1410 Fax: +202 336 49 10 Confidentiality: This e-mail communication and any attachments thereto contain information which is confidential and are intended only for the use of the individuals or entities named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking any action in reliance on the contents of these documents is strictly prohibited and may be illegal. Please notify us of your receipt of this e-mail in error and delete the e-mail and any copies of it. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ?
The demo version records only 1000 packets - I think drawing ANY conclusion from that small a sample is unreliable. -Burton From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramy MotaweiSent: Thursday, December 29, 2005 2:54 AMTo: ntop@Unipi.ITCc: Mohamed GamalSubject: [Ntop] I am having a problem,ntop doesn't detect P2P traffic. could you advice me what to do ? Dear Sir, I am having a problem with ntop and I hope that you could tell me the reason for it. I work in a major ISP in Egypt and I was interested in discovering the amount of bandwidth consumed by P2P application in the internet traffic of the users in my network using ntop. I am deploying the windows version of ntop (ntop-3.1-demo) on a Dell machine, as a sample I configured port mirroring on an interface on a juniper router that carries the Internet traffic of some of my customers. I used port mirroring on the interface of the juniper M5 router to mirror the internet traffic of the customers and send it to the server that hosts the ntop application. The problem is that the ntop has indicated that almost 80 % of the traffic was http traffic and almost no P2P traffic that belongs to any application was detected. Theses results were very strange as I did that test at the very early morning where most of the customers are asleep so I expected to see most of the traffic as a P2P download sessions. So I have 2 possibilities, either my idea about the traffic types on my network was greatly mistaken (in this case our network will be the first network in the world that has no problems with the P2P trafficJ), or that something went wrong that prevented the ntop application from identifying the traffic of the P2P applications like kazaa and bit torrentetc. I hope that you can provide me with an advice about the reason why didnt the ntop detect the P2P traffic, and if I can do something about that or not. Thanks Regards Ramy mohsen Motawei Planning and Designing Engineer Data communication dep. LINKdotNET 3 mussadak st. Dokki, Giza, Egypt E-mail:[EMAIL PROTECTED] Web: www.link.net Tel.: +202 336 77 11 - Ext:1410 Fax: +202 336 49 10 Confidentiality: This e-mail communication and any attachments thereto contain information which is confidential and are intended only for the use of the individuals or entities named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking any action in reliance on the contents of these documents is strictly prohibited and may be illegal. Please notify us of your receipt of this e-mail in error and delete the e-mail and any copies of it. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic . could you advice me what to do ?
I'm pretty sure the Windows version isn't free. Andrew -Original Message- From: Ramy Motawei [mailto:[EMAIL PROTECTED] Sent: Thursday, December 29, 2005 7:31 AM To: ntop@Unipi.IT Cc: Mohamed Gamal Subject: RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ? Dear Sir, Thank you for your fast reply, so is there is a site that I can download a version of ntop for windows that is not restricted to this small number of packets? Please advice. Best Regards Ramy mohsen Motawei Sent: Thursday, December 29, 2005 4:29 PM To: ntop@Unipi.IT Subject: RE: [Ntop] I am having a problem,ntop doesn't detect P2P traffic. could you advice me what to do ? The demo version records only 1000 packets - I think drawing ANY conclusion from that small a sample is unreliable. NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to [EMAIL PROTECTED] - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ?
What about the unix or linux versions, do you have an idea if the unix and linux sources available to download from the ntop site are full versions or just demos as well? Ramy mohsen Motawei Planning and Designing Engineer Data communication dep. LINKdotNET 3 mussadak st. Dokki, Giza, Egypt E-mail:[EMAIL PROTECTED] Web: www.link.net Tel.: +202 336 77 11 - Ext:1410 Fax: +202 336 49 10 Confidentiality: This e-mail communication and any attachments thereto contain information which is confidential and are intended only for the use of the individuals or entities named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking any action in reliance on the contents of these documents is strictly prohibited and may be illegal. Please notify us of your receipt of this e-mail in error and delete the e-mail and any copies of it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Willy, Andrew Sent: Thursday, December 29, 2005 5:33 PM To: 'ntop@unipi.it' Subject: RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ? I'm pretty sure the Windows version isn't free. Andrew -Original Message- From: Ramy Motawei [mailto:[EMAIL PROTECTED] Sent: Thursday, December 29, 2005 7:31 AM To: ntop@Unipi.IT Cc: Mohamed Gamal Subject: RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ? Dear Sir, Thank you for your fast reply, so is there is a site that I can download a version of ntop for windows that is not restricted to this small number of packets? Please advice. Best Regards Ramy mohsen Motawei Sent: Thursday, December 29, 2005 4:29 PM To: ntop@Unipi.IT Subject: RE: [Ntop] I am having a problem,ntop doesn't detect P2P traffic. could you advice me what to do ? The demo version records only 1000 packets - I think drawing ANY conclusion from that small a sample is unreliable. NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to [EMAIL PROTECTED] - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic . could you advice me what to do ?
They are full versions. Andrew -Original Message- From: Ramy Motawei [mailto:[EMAIL PROTECTED] Sent: Thursday, December 29, 2005 8:40 AM To: ntop@Unipi.IT Cc: Mohamed Gamal Subject: RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ? What about the unix or linux versions, do you have an idea if the unix and linux sources available to download from the ntop site are full versions or just demos as well? NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to [EMAIL PROTECTED] - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ?
Thank you Ramy mohsen Motawei Planning and Designing Engineer Data communication dep. LINKdotNET 3 mussadak st. Dokki, Giza, Egypt E-mail:[EMAIL PROTECTED] Web: www.link.net Tel.: +202 336 77 11 - Ext:1410 Fax: +202 336 49 10 Confidentiality: This e-mail communication and any attachments thereto contain information which is confidential and are intended only for the use of the individuals or entities named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking any action in reliance on the contents of these documents is strictly prohibited and may be illegal. Please notify us of your receipt of this e-mail in error and delete the e-mail and any copies of it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Willy, Andrew Sent: Thursday, December 29, 2005 5:44 PM To: 'ntop@unipi.it' Cc: Mohamed Gamal Subject: RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ? They are full versions. Andrew -Original Message- From: Ramy Motawei [mailto:[EMAIL PROTECTED] Sent: Thursday, December 29, 2005 8:40 AM To: ntop@Unipi.IT Cc: Mohamed Gamal Subject: RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ? What about the unix or linux versions, do you have an idea if the unix and linux sources available to download from the ntop site are full versions or just demos as well? NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to [EMAIL PROTECTED] - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ?
How about LOOKING at SourceForge? We don't mind helping people - but it's self help - and we DO expect you to have at least LOOKED at the resources that are already available first... docs/FAQ: Q. What's the scoop with ntop on Windows? A. Semi-officially, ntop for Windows 95/98/ME/NT/2K is also provided as a binary application with limited capture capability (1000 packets). This is intended to allow demonstration of ntop for people without access to a Unix system. We call this version Win32 after the old official name of the Windows library. If you want to use the full version with unlimited packet capture you can either: * Recompile ntop from the source by yourself (Luca says just open the files in MS Visual C++ 6.0 and press compile) * Register your ntop for Windows 95/98/NT/2K copy by paying a convenience fee to receive the prebuilt executable. If you decide to register your copy, Luca will send you an URL from which you can download the full version periodically. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramy Motawei Sent: Thursday, December 29, 2005 9:40 AM To: ntop@Unipi.IT Cc: Mohamed Gamal Subject: RE: [Ntop] I am having a problem,ntop doesn't detect P2P traffic. could you advice me what to do ? What about the unix or linux versions, do you have an idea if the unix and linux sources available to download from the ntop site are full versions or just demos as well? Ramy mohsen Motawei Planning and Designing Engineer Data communication dep. LINKdotNET 3 mussadak st. Dokki, Giza, Egypt E-mail:[EMAIL PROTECTED] Web: www.link.net Tel.: +202 336 77 11 - Ext:1410 Fax: +202 336 49 10 Confidentiality: This e-mail communication and any attachments thereto contain information which is confidential and are intended only for the use of the individuals or entities named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking any action in reliance on the contents of these documents is strictly prohibited and may be illegal. Please notify us of your receipt of this e-mail in error and delete the e-mail and any copies of it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Willy, Andrew Sent: Thursday, December 29, 2005 5:33 PM To: 'ntop@unipi.it' Subject: RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ? I'm pretty sure the Windows version isn't free. Andrew -Original Message- From: Ramy Motawei [mailto:[EMAIL PROTECTED] Sent: Thursday, December 29, 2005 7:31 AM To: ntop@Unipi.IT Cc: Mohamed Gamal Subject: RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ? Dear Sir, Thank you for your fast reply, so is there is a site that I can download a version of ntop for windows that is not restricted to this small number of packets? Please advice. Best Regards Ramy mohsen Motawei Sent: Thursday, December 29, 2005 4:29 PM To: ntop@Unipi.IT Subject: RE: [Ntop] I am having a problem,ntop doesn't detect P2P traffic. could you advice me what to do ? The demo version records only 1000 packets - I think drawing ANY conclusion from that small a sample is unreliable. NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to [EMAIL PROTECTED] - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ?
Wrong. ntop itself is available without charge - it's simply a major PITA to build under Windows. If you want the convenience of a pre-built executable, Luca makes it available - for a convenience fee - at http://shop.ntop.org. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Willy, Andrew Sent: Thursday, December 29, 2005 9:33 AM To: 'ntop@unipi.it' Subject: RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ? I'm pretty sure the Windows version isn't free. Andrew -Original Message- From: Ramy Motawei [mailto:[EMAIL PROTECTED] Sent: Thursday, December 29, 2005 7:31 AM To: ntop@Unipi.IT Cc: Mohamed Gamal Subject: RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ? Dear Sir, Thank you for your fast reply, so is there is a site that I can download a version of ntop for windows that is not restricted to this small number of packets? Please advice. Best Regards Ramy mohsen Motawei Sent: Thursday, December 29, 2005 4:29 PM To: ntop@Unipi.IT Subject: RE: [Ntop] I am having a problem,ntop doesn't detect P2P traffic. could you advice me what to do ? The demo version records only 1000 packets - I think drawing ANY conclusion from that small a sample is unreliable. NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to [EMAIL PROTECTED] - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
RE: [Ntop] I am having a problem, ntop doesn't detect P2P traffic. could you advice me what to do ?
Nope ... you can build the Windows executableyourself, or - for a convenience fee - Luca makes a pre-built binary available through http://shop.ntop.org. -Burton From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramy MotaweiSent: Thursday, December 29, 2005 8:31 AMTo: ntop@Unipi.ITCc: Mohamed GamalSubject: RE: [Ntop] I am having a problem,ntop doesn't detect P2P traffic. could you advice me what to do ? Dear Sir, Thank you for your fast reply, so is there is a site that I can download a version of ntop for windows that is not restricted to this small number of packets? Please advice. Best Regards Ramy mohsen Motawei Planning and Designing Engineer Data communication dep. LINKdotNET 3 mussadak st. Dokki, Giza, Egypt E-mail:[EMAIL PROTECTED] Web: www.link.net Tel.: +202 336 77 11 - Ext:1410 Fax: +202 336 49 10 Confidentiality: This e-mail communication and any attachments thereto contain information which is confidential and are intended only for the use of the individuals or entities named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking any action in reliance on the contents of these documents is strictly prohibited and may be illegal. Please notify us of your receipt of this e-mail in error and delete the e-mail and any copies of it. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton StraussSent: Thursday, December 29, 2005 4:29 PMTo: ntop@Unipi.ITSubject: RE: [Ntop] I am having a problem,ntop doesn't detect P2P traffic. could you advice me what to do ? The demo version records only 1000 packets - I think drawing ANY conclusion from that small a sample is unreliable. -Burton From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramy MotaweiSent: Thursday, December 29, 2005 2:54 AMTo: ntop@Unipi.ITCc: Mohamed GamalSubject: [Ntop] I am having a problem,ntop doesn't detect P2P traffic. could you advice me what to do ? Dear Sir, I am having a problem with ntop and I hope that you could tell me the reason for it. I work in a major ISP in Egypt and I was interested in discovering the amount of bandwidth consumed by P2P application in the internet traffic of the users in my network using ntop. I am deploying the windows version of ntop (ntop-3.1-demo) on a Dell machine, as a sample I configured port mirroring on an interface on a juniper router that carries the Internet traffic of some of my customers. I used port mirroring on the interface of the juniper M5 router to mirror the internet traffic of the customers and send it to the server that hosts the ntop application. The problem is that the ntop has indicated that almost 80 % of the traffic was http traffic and almost no P2P traffic that belongs to any application was detected. Theses results were very strange as I did that test at the very early morning where most of the customers are asleep so I expected to see most of the traffic as a P2P download sessions. So I have 2 possibilities, either my idea about the traffic types on my network was greatly mistaken (in this case our network will be the first network in the world that has no problems with the P2P trafficJ), or that something went wrong that prevented the ntop application from identifying the traffic of the P2P applications like kazaa and bit torrentetc. I hope that you can provide me with an advice about the reason why didnt the ntop detect the P2P traffic, and if I can do something about that or not. Thanks Regards Ramy mohsen Motawei Planning and Designing Engineer Data communication dep. LINKdotNET 3 mussadak st. Dokki, Giza, Egypt E-mail:[EMAIL PROTECTED] Web: www.link.net Tel.: +202 336 77 11 - Ext:1410 Fax: +202 336 49 10 Confidentiality: This e-mail communication and any attachments thereto contain information which is confidential and are intended only for the use of the individuals or entities named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking any action in reliance on the contents of these documents is strictly prohibited and may be illegal. Please notify us of your receipt of this e-mail in error and delete the e-mail and any copies of it. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
[Ntop] Packet Capture
Hello, Im having problems capturing packets with my Linux box. The LB runs Fedora Core 4 and its connected to the main switch with a network card. It has another network card used to capture packets. The switch permits to configure port mirrors, but one per time: I mean, I can set a port to be mirrored to another, but not 10 ports to be mirrored to the same port. Im capturing traffic, but it seems all the traffic is generated by the LB except some Rarp packets. Moreover, some traffic isnt detected at all (ex. MSN). Any advice? Thank you. Alessandro ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
Re: [Ntop] Packet Capture
Are there any vlans? Or could you create them? I'm pretty sure on a cisco switch you can mirror (span) a port to monitor a whole vlan. On 12/29/05, Colombo Alessandro [EMAIL PROTECTED] wrote: Hello, I'm having problems capturing packets with my Linux box. The LB runs Fedora Core 4 and it's connected to the main switch with a network card. It has another network card used to capture packets. The switch permits to configure port mirrors, but one per time: I mean, I can set a port to be mirrored to another, but not 10 ports to be mirrored to the same port. I'm capturing traffic, but it seems all the traffic is generated by the LB except some Rarp packets. Moreover, some traffic isn't detected at all (ex. MSN). Any advice? Thank you. Alessandro ___Ntop mailing listNtop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
RE: [Ntop] Packet Capture
Read the article in docs/FAQ on switched networks. Also read up on the -m | --local-hosts switch. But off-hand, sounds like you need either to invest in a better switch or re-think your layout. -Burton From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colombo AlessandroSent: Thursday, December 29, 2005 10:20 AMTo: Ntop@Unipi.ITSubject: [Ntop] Packet Capture Hello, Im having problems capturing packets with my Linux box. The LB runs Fedora Core 4 and its connected to the main switch with a network card. It has another network card used to capture packets. The switch permits to configure port mirrors, but one per time: I mean, I can set a port to be mirrored to another, but not 10 ports to be mirrored to the same port. Im capturing traffic, but it seems all the traffic is generated by the LB except some Rarp packets. Moreover, some traffic isnt detected at all (ex. MSN). Any advice? Thank you. Alessandro ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
[Ntop-dev] [patch] fix broken configure option handling
all of the AC_ARG_ENABLE() macros used in configure.in set the 3rd option incorrectly ... find attached a patch to fix the issue -mike Index: configure.in === RCS file: /export/home/ntop/ntop/configure.in,v retrieving revision 2.246 diff -u -p -r2.246 configure.in --- configure.in 30 Nov 2005 20:53:13 - 2.246 +++ configure.in 30 Dec 2005 01:44:55 - @@ -665,63 +665,63 @@ AC_ARG_WITH(void, AC_ARG_WITH(ssl, [ --without-ssl disable HTPPS support [[default=enabled]]], - ac_disable_openssl=yes, + ac_disable_openssl=$enableval, ac_disable_openssl=no) AC_ARG_WITH(zlib, [ --without-zlib disable zlib [[default=enabled]]], - ac_disable_zlib=yes, + ac_disable_zlib=$enableval, ac_disable_zlib=no) AC_ARG_ENABLE(sslv3, [ --enable-sslv3 enable ssl v3 support [[default=disabled]]], - ac_enable_sslv3=yes, + ac_enable_sslv3=$enableval, ac_enable_sslv3=no) AC_ARG_ENABLE(sslwatchdog, [ --enable-sslwatchdogenable Watchdog for ssl hangups [[default=disabled]]], - ac_enable_sslwatchdog=yes, + ac_enable_sslwatchdog=$enableval, ac_enable_sslwatchdog=no) AC_ARG_WITH(tcpwrap, [ --with-tcpwrap enable use of TCP Wrapper [[default=disabled]]], - ac_enable_tcpwrap=yes, + ac_enable_tcpwrap=$enableval, ac_enable_tcpwrap=no) AC_ARG_ENABLE(plugins, [ --disable-plugins disable compilation of plugins [[default=enabled]]], - ac_disable_plugins=yes, + ac_disable_plugins=$enableval, ac_disable_plugins=no) AC_ARG_ENABLE( static-plugins, [ --enable-static-plugins Enable static linked plugins [sntop, default=dynamic]]], - ac_enable_static_plugins=yes, - ac_enable_static_plugins=no) + ac_enable_static_plugins=$enableval, + ac_enable_static_plugins=no) AC_ARG_ENABLE(ignoresigpipe, [ --enable-ignoresigpipe Ignore SIGPIPE errors [[default=do not ignore]]], - ac_enable_ignoresigpipe=yes, + ac_enable_ignoresigpipe=$enableval, ac_enable_ignoresigpipe=no) AC_ARG_ENABLE(snmp, [ --disable-snmp Disable SNMP support [[default=disable]]], - ac_disable_snmp=no, + ac_disable_snmp=$enableval, ac_disable_snmp=yes) AC_ARG_ENABLE(i18n, [ --enable-i18n Enable (limited) internationalization [[default=disabled]]], - ac_enable_i18n=yes, + ac_enable_i18n=$enableval, ac_enable_i18n=no) AC_ARG_ENABLE(jumbo-frames, [ --enable-jumbo-frames Enable Jumbo (9K) Ethernet frames [[default=disabled]]], - ac_enable_jumbo_frames=yes, + ac_enable_jumbo_frames=$enableval, ac_enable_jumbo_frames=no) AC_ARG_ENABLE(ipv6, [ --disable-ipv6 use IPv6 [[default=enabled]]], - ac_disable_ipv6=yes, - ac_disable_ipv6=no) + ac_disable_ipv6=$enableval, + ac_disable_ipv6=no) dnl dnl Define the WITHs for package root directories ... deal with these later... ___ Ntop-dev mailing list Ntop-dev@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-dev
Re: [Ntop-dev] [patch] fix broken configure option handling
On Thursday 29 December 2005 20:46, Mike Frysinger wrote: all of the AC_ARG_ENABLE() macros used in configure.in set the 3rd option incorrectly ... find attached a patch to fix the issue actually that patch is slightly broken as well ... at first glance i thought they were all AC_ARG_ENABLE() macros, but some are AC_ARG_WITH() macros, so need to use $withval instead of $enableval updated patch attached -mike Index: configure.in === RCS file: /export/home/ntop/ntop/configure.in,v retrieving revision 2.246 diff -u -p -r2.246 configure.in --- configure.in 30 Nov 2005 20:53:13 - 2.246 +++ configure.in 30 Dec 2005 02:04:57 - @@ -180,7 +180,7 @@ AC_ARG_ENABLE(showoses, dnl Test before we use it, below AC_ARG_ENABLE(iknowbetter, [ --enable-iknowbetterOverride WILLFAIL], - ac_willfailoverride=yes, + ac_willfailoverride=$enableval, ac_willfailoverride=no) AC_ARG_ENABLE(void, @@ -665,63 +665,63 @@ AC_ARG_WITH(void, AC_ARG_WITH(ssl, [ --without-ssl disable HTPPS support [[default=enabled]]], - ac_disable_openssl=yes, + ac_disable_openssl=$withval, ac_disable_openssl=no) AC_ARG_WITH(zlib, [ --without-zlib disable zlib [[default=enabled]]], - ac_disable_zlib=yes, + ac_disable_zlib=$withval, ac_disable_zlib=no) AC_ARG_ENABLE(sslv3, [ --enable-sslv3 enable ssl v3 support [[default=disabled]]], - ac_enable_sslv3=yes, + ac_enable_sslv3=$enableval, ac_enable_sslv3=no) AC_ARG_ENABLE(sslwatchdog, [ --enable-sslwatchdogenable Watchdog for ssl hangups [[default=disabled]]], - ac_enable_sslwatchdog=yes, + ac_enable_sslwatchdog=$enableval, ac_enable_sslwatchdog=no) AC_ARG_WITH(tcpwrap, [ --with-tcpwrap enable use of TCP Wrapper [[default=disabled]]], - ac_enable_tcpwrap=yes, + ac_enable_tcpwrap=$withval, ac_enable_tcpwrap=no) AC_ARG_ENABLE(plugins, [ --disable-plugins disable compilation of plugins [[default=enabled]]], - ac_disable_plugins=yes, + ac_disable_plugins=$enableval, ac_disable_plugins=no) AC_ARG_ENABLE( static-plugins, [ --enable-static-plugins Enable static linked plugins [sntop, default=dynamic]]], - ac_enable_static_plugins=yes, - ac_enable_static_plugins=no) + ac_enable_static_plugins=$enableval, + ac_enable_static_plugins=no) AC_ARG_ENABLE(ignoresigpipe, [ --enable-ignoresigpipe Ignore SIGPIPE errors [[default=do not ignore]]], - ac_enable_ignoresigpipe=yes, + ac_enable_ignoresigpipe=$enableval, ac_enable_ignoresigpipe=no) AC_ARG_ENABLE(snmp, [ --disable-snmp Disable SNMP support [[default=disable]]], - ac_disable_snmp=no, + ac_disable_snmp=$enableval, ac_disable_snmp=yes) AC_ARG_ENABLE(i18n, [ --enable-i18n Enable (limited) internationalization [[default=disabled]]], - ac_enable_i18n=yes, + ac_enable_i18n=$enableval, ac_enable_i18n=no) AC_ARG_ENABLE(jumbo-frames, [ --enable-jumbo-frames Enable Jumbo (9K) Ethernet frames [[default=disabled]]], - ac_enable_jumbo_frames=yes, + ac_enable_jumbo_frames=$enableval, ac_enable_jumbo_frames=no) AC_ARG_ENABLE(ipv6, [ --disable-ipv6 use IPv6 [[default=enabled]]], - ac_disable_ipv6=yes, - ac_disable_ipv6=no) + ac_disable_ipv6=$enableval, + ac_disable_ipv6=no) dnl dnl Define the WITHs for package root directories ... deal with these later... ___ Ntop-dev mailing list Ntop-dev@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-dev
[Ntop-dev] [rfc] cleaning up the makefile hacks in plugins/Makefile.am
can someone list the requirements for the plugins dir in terms of what is supposed to be installed ? all those hack rules can probably be cut out with proper autotool rules, i just need to know what exactly needs to be done ... also, the way the thing installs now is not safe ... the libraries in plugins/.libs/ may have ELF RPATH tags which point to the build directory, so installing them yourself without letting libtool santize them first may yield a library with insecure paths ive never used ntop before, but it looks like you guys want: - the plugins installed in $plugindir and no plugins installed in $libdir - symlinks generated in $(top_builddir)/plugins/ for each plugin to make quick testing a lot easier -mike ___ Ntop-dev mailing list Ntop-dev@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-dev
RE: [Ntop-dev] [patch] fix broken configure option handling
So that let's us use --enable-i18n, --disable-i18n and even --enable-i18n=no ? And have them work as expected?? Cool! -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Frysinger Sent: Thursday, December 29, 2005 8:07 PM To: ntop-dev@Unipi.IT Subject: Re: [Ntop-dev] [patch] fix broken configure option handling On Thursday 29 December 2005 20:46, Mike Frysinger wrote: all of the AC_ARG_ENABLE() macros used in configure.in set the 3rd option incorrectly ... find attached a patch to fix the issue actually that patch is slightly broken as well ... at first glance i thought they were all AC_ARG_ENABLE() macros, but some are AC_ARG_WITH() macros, so need to use $withval instead of $enableval updated patch attached -mike ___ Ntop-dev mailing list Ntop-dev@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-dev
Re: [Ntop-dev] [patch] fix broken configure option handling
On Thursday 29 December 2005 21:58, Burton Strauss wrote: So that let's us use --enable-i18n, --disable-i18n and even --enable-i18n=no ? And have them work as expected?? exactly -mike ___ Ntop-dev mailing list Ntop-dev@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-dev
Re: [Ntop-dev] [rfc] cleaning up the makefile hacks in plugins/Makefile.am
On Thursday 29 December 2005 22:01, Mike Frysinger wrote: can someone list the requirements for the plugins dir in terms of what is supposed to be installed ? all those hack rules can probably be cut out with proper autotool rules, i just need to know what exactly needs to be done ... also, the way the thing installs now is not safe ... here's my first pass at the cleanup ... this patch does not change (afaik) the way the plugins are currently installed ... by default, you end up with libXXXPlugin.{a,so} in $libdir (the .la is removed) and a symlink in $plugindir named XXXPlugin.so pointing to the correct libXXXPlugin.so in $libdir ... also, the XXXPlugin.so symlinks are generated in $top_builddir/plugins pointing to .libs/libXXXPlugin.so -mike Index: plugins/Makefile.am === RCS file: /export/home/ntop/ntop/plugins/Makefile.am,v retrieving revision 2.25 diff -u -p -r2.25 Makefile.am --- plugins/Makefile.am 12 Nov 2005 14:16:06 - 2.25 +++ plugins/Makefile.am 30 Dec 2005 07:56:22 - @@ -101,96 +101,31 @@ libxmldumpPlugin_la_CFLAGS = $(AM_CFLAGS # by default ntop looks for plugins in the plugins/ subdirectory # +%Plugin.so$(EXEEXT): .libs/lib%Plugin.so + $(LN_S) $ $@ -.libs/[EMAIL PROTECTED]@: - @if test -f libicmpPlugin_la-icmpPlugin.o; then \ - $(CC) @MAKE_SHARED_LIBRARY_PARM@ -o .libs/[EMAIL PROTECTED]@ libicmpPlugin_la-icmpPlugin.o; \ - else \ - $(CC) @MAKE_SHARED_LIBRARY_PARM@ -o .libs/[EMAIL PROTECTED]@ icmpPlugin.o; \ - fi - -icmpPlugin.so$(EXEEXT): .libs/[EMAIL PROTECTED]@ - @$(LN_S) .libs/libicmpPlugin.so icmpPlugin.so - -.libs/[EMAIL PROTECTED]@: - @if test -f liblastSeenPlugin_la-lastSeenPlugin.o; then \ - $(CC) @MAKE_SHARED_LIBRARY_PARM@ -o .libs/[EMAIL PROTECTED]@ liblastSeenPlugin_la-lastSeenPlugin.o; \ - else \ - $(CC) @MAKE_SHARED_LIBRARY_PARM@ -o .libs/[EMAIL PROTECTED]@ lastSeenPlugin.o; \ - fi - -lastSeenPlugin.so$(EXEEXT): .libs/[EMAIL PROTECTED]@ - @$(LN_S) .libs/liblastSeenPlugin.so lastSeenPlugin.so - -.libs/[EMAIL PROTECTED]@: - @if test -f libnetflowPlugin_la-netflowPlugin.o; then \ - $(CC) @MAKE_SHARED_LIBRARY_PARM@ -o .libs/[EMAIL PROTECTED]@ libnetflowPlugin_la-netflowPlugin.o; \ - else \ - $(CC) @MAKE_SHARED_LIBRARY_PARM@ -o .libs/[EMAIL PROTECTED]@ netflowPlugin.o; \ - fi - -netflowPlugin.so$(EXEEXT): .libs/[EMAIL PROTECTED]@ - @$(LN_S) .libs/libnetflowPlugin.so netflowPlugin.so - -.libs/[EMAIL PROTECTED]@: - @if test -f libpdaPlugin_la-pdaPlugin.o; then \ - $(CC) @MAKE_SHARED_LIBRARY_PARM@ -o .libs/[EMAIL PROTECTED]@ libpdaPlugin_la-pdaPlugin.o; \ - else \ - $(CC) @MAKE_SHARED_LIBRARY_PARM@ -o .libs/[EMAIL PROTECTED]@ pdaPlugin.o; \ - fi - -pdaPlugin.so$(EXEEXT): .libs/[EMAIL PROTECTED]@ - @$(LN_S) .libs/libpdaPlugin.so pdaPlugin.so - -.libs/[EMAIL PROTECTED]@: - @if test -f librrdPlugin_la-rrdPlugin.o; then \ - $(CC) @MAKE_SHARED_LIBRARY_PARM@ -o .libs/[EMAIL PROTECTED]@ librrdPlugin_la-rrdPlugin.o; \ - else \ - $(CC) @MAKE_SHARED_LIBRARY_PARM@ -o .libs/[EMAIL PROTECTED]@ rrdPlugin.o; \ - fi - -rrdPlugin.so$(EXEEXT): .libs/[EMAIL PROTECTED]@ - @$(LN_S) .libs/librrdPlugin.so rrdPlugin.so - -.libs/[EMAIL PROTECTED]@: - @if test -f libsnmpPlugin_la-snmpPlugin.o; then \ - $(CC) @MAKE_SHARED_LIBRARY_PARM@ -o .libs/[EMAIL PROTECTED]@ libsnmpPlugin_la-snmpPlugin.o; \ - else \ - $(CC) @MAKE_SHARED_LIBRARY_PARM@ -o .libs/[EMAIL PROTECTED]@ snmpPlugin.o; \ - fi - -snmpPlugin.so$(EXEEXT): .libs/[EMAIL PROTECTED]@ - @$(LN_S) .libs/libsnmpPlugin.so snmpPlugin.so - -.libs/[EMAIL PROTECTED]@: - @if test -f libsflowPlugin_la-sflowPlugin.o; then \ - $(CC) @MAKE_SHARED_LIBRARY_PARM@ -o .libs/[EMAIL PROTECTED]@ libsflowPlugin_la-sflowPlugin.o; \ - else \ - $(CC) @MAKE_SHARED_LIBRARY_PARM@ -o .libs/[EMAIL PROTECTED]@ sflowPlugin.o; \ - fi - -sflowPlugin.so$(EXEEXT): .libs/[EMAIL PROTECTED]@ - @$(LN_S) .libs/libsflowPlugin.so sflowPlugin.so - -.libs/[EMAIL PROTECTED]@: - @if test -f libxmldumpPlugin_la-xmldumpPlugin.o; then \ - $(CC) @MAKE_SHARED_LIBRARY_PARM@ -o .libs/[EMAIL PROTECTED]@ libxmldumpPlugin_la-xmldumpPlugin.o; \ - else \ - $(CC) @MAKE_SHARED_LIBRARY_PARM@ -o .libs/[EMAIL PROTECTED]@ xmldumpPlugin.o; \ - fi +# Need to make sure autotools doesn't insert rules for us +icmpPlugin.so$(EXEEXT): .libs/libicmpPlugin.so +lastSeenPlugin.so$(EXEEXT): .libs/liblastSeenPlugin.so +netflowPlugin.so$(EXEEXT): .libs/libnetflowPlugin.so +pdaPlugin.so$(EXEEXT): .libs/libpdaPlugin.so +rrdPlugin.so$(EXEEXT): .libs/librrdPlugin.so +snmpPlugin.so$(EXEEXT): .libs/libsnmpPlugin.so +sflowPlugin.so$(EXEEXT):.libs/libsflowPlugin.so +xmldumpPlugin.so$(EXEEXT): .libs/libxmldumpPlugin.so -xmldumpPlugin.so$(EXEEXT): .libs/[EMAIL PROTECTED]@ - @$(LN_S) .libs/libxmldumpPlugin.so xmldumpPlugin.so +# +# Create symlinks for the plugins +# install-data-local: - @$(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir); - @for file in $(noinst_PROGRAMS); do \ - cp -p $$file