> Yes, you can see the packet contents, but this is on
IP level, while most
> peer-to-peer protocols are layered on top of TCP. So
you need to (at least
> partially) implement the TCP protocol in the plugin to
do a good analysis,
> which is a large overhead, especially since it's
already done (partially) in
> ntop itself for listing the TCP sessions.
How much you really have to do depends on the protocol.
For many of them, simply skipping over the IP headers is
enough. It wouldn't be too hard to add structures to
the plugins calls, esp. if it's something that has
general value. After all, the existing five would just
ignore the extra data structures...
> While we're at it, maybe you can help me with another
problem. I've been
> analysing the icmpPlugin.c code a little and
apparantly it gets all of its
> informations through the "device" structure, however I
can not find any info
> on this. I think the main ntop database is stored in
there somewhere,
> however I can't find the code which actually initiates
this structure and
> the actual definition of this "device structure".
Heck, grep the code - it's all I do - or install
RedHat's source navigator...
Anyway, keying off one of the odd field names, looks
like it's in ntop.h (doh) - look for
typedef struct ntopInterface {
char *name;
int flags;
...
-----Burton
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop
