Eric, Thanks, I kinda like the results from this setup.
Brock Henry At 10:17 PM 15/11/2001 -0500, you wrote: >My example is a touch over board, but with a recent CVS snapshot or >synchronization. the following is what I use: > >- Update your /etc/service file with all of the type of stuff you might >want to see. The enclosed one is a dump of all of the registered services >plus a bunch of known Trojans. > >- Create a protocol.txt file, find the enclosed sample. > >- start ntop with the following command line: > > >ntop -d -e 10000 -U http://<IP Address of your mapper >install>/cgi-bin/mapper.pl -P1 -m <Internal Network/mask length> -p >/root/protocols.txt -P /tmp ether host <firewall MAC address> and not net ><network to exclude/mask length> or ether host ff:ff:ff:ff:ff:ff > >In my case this give me all traffic to/from my firewall, plus broadcast >traffic, but excludes one of my subnets. > >Hope this helps. > > > > > > > > > >(See attached file: services) (See attached file: protocols.txt) > >-- > >J. Eric Josephson >Director of Network and System Operations >978-720-2159 >mailto:[EMAIL PROTECTED] > > > > > > Brock > Henry > > <[EMAIL PROTECTED] To: [EMAIL PROTECTED] > > sw.gov.au> cc: > > Sent by: Subject: [Ntop] local > to remote/remote to local by protocol. > [EMAIL PROTECTED] > > > > > > 11/15/2001 06:04 > PM > > Please respond > to > > ntop > > > > > > > > > >Hello, > >I have recently installed ntop again, after playing with it about a year >ago. It has some nice improvements :) > >What I was hoping for was a list of protocols that are being used from >remote to local, and from local to remote. I want to see what traffic is >happening through our firewall, in the hopes of fine tuning open ports in >the firewall rules. > >I can't see a way to do this with ntop, but I think it would be a nice >feature. > >Any idea's how I can accomplish this? > >Thanks > >Brock Henry > >** Brock Henry - [EMAIL PROTECTED] (H) - [EMAIL PROTECTED] >(W) ** >** Adventure? Excitement? A Jedi craves not these things.** > >_______________________________________________ >Ntop mailing list >[EMAIL PROTECTED] >http://listmanager.unipi.it/mailman/listinfo/ntop > > > ** Brock Henry - [EMAIL PROTECTED] (H) - [EMAIL PROTECTED] (W) ** ** Adventure? Excitement? A Jedi craves not these things.** _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop
