Hello, Trying to find out what traffic gets counted as "Other" in ntop reports is not easy. Until now, I was using a sniffer and tried to exclude all traffic that ntop would recognise using a pcap filter. Unfortunately there are now quite a lot of ports, and pcap starts complaining that the filter is getting too large.
I figured out that this would be a lot easier to have ntop dump all the packets it counts as "Others" to a pcap file, and feed this into my sniffer (so that I can identify those and add some entries to my protocols list file for ntop). The attached patch adds a [-j | --dump-other-packets] option to ntop which does just that. It is a lot inspired from the existing [-q | --dump-suspicious-packets] feature (mainly made with copy-paste-edit ;-) ) and works the same way. I chose -j just like I would have picked any other not-already-used letter : randomly. I know that the goal is eventually to get rid of command line options to replace them by a nice webpage, and that there is the 2.3 release comming soon. If you want to include this in the release, that's fine. If you prefer postponing it until a later release, that's fine too. Any feedback is welcome. Lo�c
dumpothers.diff
Description: application/unknown-content-type-diff_auto_file
