I guess I didn't make myself entirely clear. Sorry. I'm already using "-p". In fact, the list I use to specify protocols ntop will monitor is quite long. BUT... I would like to find out what falls into the "Other TCP/UDP" catagory. I'm taking over the administration of our firewalls, so I'm using ntop to figure out what and how much is being transmitted or received. If I knew what all the "Other TCP/UDP" traffic was, I could research it, name it, and then include it the list of protocols ntop will monitor.
I hope I've made myself a little more understandable. Now, I could run a sniff listening for traffic OTHER THAN what was specified with the -p, but then I'd have to sort through it all and find the ports manually or parse it with something. I was hoping ntop could do this for me. I'm looking into intop, but I don't think it'll help. I'd have to filter as I mentioned in the previous paragraph. Thanks again for any help. Mike -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 16, 2001 11:49 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Ntop] Other TCP/UDP traffic >From the NTOP man page... -p It is used to specify the TCP/UDP protocols that ntop will monitor. The format is <label>=<protocol list> [, <label>=<protocol list>], where label is used to symbolically identify the <protocol list>. The format of <protocol list> is <protocol>[|<protocol>], where <protocol> is either a valid protocol specified inside the /etc/services file or a numeric port range (e.g. 80, or 6000-6500). If the -p flag is omitted the following default value is used: "FTP=ftp|ftp-data,HTTP=http|www|https,DNS=name|domain,Telnet=tel� net|login,NBios-IP=netbios-ns|netbios-dgm|netbios- ssn,Mail=pop-2|pop-3|kpop|smtp|imap|imap2,SNMP=snmp|snmp- trap,NEWS=nntp,NFS=mount|pcnfs|bwnfs|nfs|nfsd-status,X11=6000-6010,SSH=ssh". If the <pro� tocol list> is very long you may store in a file (for instance protocol.list) the value of the <protocol list> and specify the file name instead of the <protocol list> (in above example you will invoke 'ntop -p protocol.list'). -- J. Eric Josephson Director of Network and System Operations 978-720-2159 mailto:[EMAIL PROTECTED] "Gauthier, Michael, E C, Civ" To: [EMAIL PROTECTED] <[EMAIL PROTECTED] cc: ta.af.mil> Subject: [Ntop] Other TCP/UDP traffic Sent by: [EMAIL PROTECTED] 11/15/2001 08:34 PM Please respond to ntop Is there a way to find out what ports make up the "Other TCP/UDP" group on the Traffic and Protocol Distribution pages? I can see some protocols listed on the IP Proto Usage page, but I know it's not listing all of them. I'm seeing lots of "Other TCP/UDP" and would like to identify what ports are being used. Once identified, I can "name" them and configure ntop to track them. Thanks in advance for any help. ---------------------------------------------------------------------------- Mike Gauthier | "Yesterday it worked. Today it is Senior Systems Engineer, HQ USFJ/J641 | not working. Windows is like that." DSN: (315)225-2591 | -- Margaret Segall Com: +81-311-755-2591 | FAX - DSN: (315)225-6981 | Kaa's Law: In any sufficiently large FAX - Com: +81-311-755-6981 | group of people, most are idiots. ---------------------------------------------------------------------------- _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop
