So even if the source port is known, it's categorized as other ? i.e. return flow of ssh session , while initiating flow of ssh is recorded as ssh ?
Any answer to adding gre and esp ? Tks /Andrew -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Blake Sent: 20 February 2003 17:47 To: [EMAIL PROTECTED] Subject: RE: [Ntop] add IP protocol definitions First, you do realize source ports are random and will be an "other"? ... you will always have other (destination is the only thing you will be able to add to you protocol list). If you feel there are some additional destination ports you are missing then use a sniffer to collect that information. You should be able to leave a sniffer on the network for a day .. or week (whatever) to track common destination ports. That may reduce your other but you will always have other. You could run Ethereal on the same server running your NTOP if you are spanning a port. --Blake --- Andrew White <[EMAIL PROTECTED]> wrote: > Thanks, worked a treat --- nearly, > > Still getting a lot of others, doing a show ip cache > flow on the router, > every flow is defined in the protocol list. > > Is there a 'simple' way to get ntop to tell me the > ports that are making > up other, so I can define them ? > > Also, is it possible to define additional ip > protocols like esp and gre > ? > > Tks > > /Andrew > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Burton M. Strauss III > Sent: 19 February 2003 23:06 > To: [EMAIL PROTECTED] > Subject: RE: [Ntop] add IP protocol definitions > > Read the docs/FAQ and the man page... > > -p <list> | --protocols <list> > List of IP protocols > to monitor (see man > page) > > -----Burton > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Andrew White > Sent: Wednesday, February 19, 2003 2:47 PM > To: [EMAIL PROTECTED] > Subject: [Ntop] add IP protocol definitions > > > Hi, > > Anyone got a mini howto for adding protocol > definitions to ntop ? > > Want to get the 'other' information reduced down by > adding known > protocols that we use, like lotus notes etc. > > Tks > > /Andrew > > > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
