Hi Jan,
OK, I've read through the December threads ... I think I'm splashing in
a different pond ... I am not using NetFlow ... I'm relying on packet
capture to feed data into nTop.
Which suggests to me that -p {protocol.list} would indeed have an effect
on what I see.
Or are you suggesting that -p {protocol list} isn't functional generally
in the 5.0.x train?
--sk
On 1/16/2013 10:49 AM, Jan Speksnijder wrote:
Stuart,
I also use Netflow and had the same question.
nDPI means package inspection, that's the answer, currently the -p
option has no effect.
See mail:
Dec 11 from Alex Dekker
Dec 12 from Luca Deri
Dec 28 from Stefano Bianchi
Regards,
Jan
----- Original Message ----- From: "Stuart Kendrick" <[email protected]>
To: <[email protected]>
Sent: Wednesday, January 16, 2013 1:25 AM
Subject: [Ntop] protocols.list
Hi folks,
According to the man pages, the default Application Protocols list is
this:
FTP ftp ftp-data
HTTP http www https 3128 /* 3128 is HTTP cache */
DNS name domain
Telnet telnet login
NBios-IP netbios-ns netbios-dgm netbios-ssn
Mail pop-2 pop-3 pop3 kpop smtp imap imap2
DHCP/BOOTP 67-68
SNMP snmp snmp-trap
NNTP nntp
NFS/AFS mount pcnfs bwnfs nfsd nfsd-status 7000-7009
X11 6000-6010
SSH 22
Gnutella 6346 6347 6348
Morpheus 1214
WinMX 6699 7730
DirectConnect
eDonkey 4661-4665
BitTorrent 6881-6999 6969
Messenger 1863 5000 5001 5190-5193
But I see protocols other than these appearing underneath the
Application Protocols tab in the Web interface.
Poking around, I see that nDPI/src/include/ipq_protocols_osdpi.h
defines quite a few more protocols than the list in the man page,
including ones displayed under the Application Protocols tab.
==> What is the relationship between the list in the man page and the
contents of ipq_protocols_ospdi.h?
==> I'm attempting to add a couple protocols ... but my
protocols.list file doesn't seem to have an effect on the pie chart
displayed under the Application Protocols tab ... can you see what
I'm missing, in my efforts to add CAPWAP to this pie chart?
ps -ef | grep ntop
/opt/local/bin/ntop -u ntop -i eth8 -d -L -u ntop -P
/opt/local/share/ntop -p /opt/local/etc/ntop/protocols.list
--use-syslog daemon
cat /opt/local/etc/ntop/protocols.list
CAPWAP=capwap-control|capwap-data
SKINNY=2000
or
cat /opt/local/etc/ntop/protocols.list
+CAPWAP=capwap-control|capwap-data
+SKINNY=2000
grep capwap /etc/services
capwap-control 5246/udp # Control and Provisioning, WAP
capwap-data 5247/udp # Control and Provisioning, WAP
#
--sk
Stuart Kendrick
FHCRC
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
