Dear Luca,
these are very good ideas. Within our company there is a large pressure to
recognize the gnutella protocol.You may want to include it in your design.
I question: I need to measure a special IP application. It is using port
number 5151. Is there any way to set a special column in the NT IP reports
table for this application? Like: FTP, NETBIOS, TELNET, Cust1, Cust2...
Thanks for your great tool, thanks for your answer in advance,
Bela
Bela Mucs
Alcoa Europe
Data Networking, European Technical Lead
Land Line: +36 22 532060
Mobile: +36 30 267 4004
-----Original Message-----
From: Luca Deri [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 26, 2001 6:37 PM
To: ntop Mailing List
Subject: New ntop extensions
Hi all,
although you don't hear from me quite often (busy as usual) the
development is not over (remember ntop 2 is on the way): I still have to
fix a few problems (core dumps on some systems with high traffic).
In the meantime I've added a new check (it's inside CVS already).
Basically for a few known protocols (SSH, FTP, HTTP for the moment) ntop
checks if the protocol being used is the correct one. For instance if
ntop sees traffic on port 80 it checks if the request (the first few
bytes) are a valid HTTP request (some apps are using port 80 for
transfering anything but HTTP!). In addition, for each new connection,
ntop checks if this connection is using a known protocol at a wrong
port. For instance if you see SSH traffic at a port != 22 then somebody
might have installed a trojan on your host! Of course there are some
exceptions (ntop is sending HTTP at port 3000 and not 80), and they need
to be properly handled. Hovewer this is let to future work.
What do you think? What other protocols (easy to detect of course
otherwise it slows down ntop too much) could I add?
Cheers, Luca
--
Luca Deri Telecom Italia IT
Via Matteucci 34/B 56124 Pisa, Italy.
Ph. +39/050/968.639 Fax. +39/050/968.626
Email: [EMAIL PROTECTED] WWW: http://luca.ntop.org/
ICQ: 68183632
Software is about stuff, about getting hands dirty - Jim Coplien
