Nope, nothing special. And as I indicated, there's no central repository for the P2P flavor of the month club.
But I do question using /etc/services - there is a lot there that you should never see and thus lead you to think you have oddball traffic which is really nothing more than random high ports... It also makes reports very wide - some judicious trimming makes things much more useful, IMHO. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Baird Sent: Wednesday, March 02, 2005 2:04 PM To: [email protected] Subject: RE: [Ntop] Protocol List Yes, I will continue using my current protocol list that I built from /etc/services, it seems to catch most of the tcp/udp ports. I just get sick of updating it with the new filesharing protocol of the day. <snip /> Regards Michael Baird > Define protocols -- do you mean layer 2 or layer 3 or layer 4? <laugh > type=nasty /> > > The canonical list for tcp/ip (tcp and udp) - which is probably what > you mean - below port 1024 is maintained by IANA. > > Theoretically, ports from 1024-49151 are also registered through IANA. > It is a custom more honour'd in the breach than the observance. > > And 49152-65535 are free for all. > > The list is here: http://www.iana.org/assignments/port-numbers. But > all of that only covers protocols for which there are RFCs. Not the > ad hoc protocols we've all come to know and "love". > > So, just about every security organization / mailing list / wannabe > maintains their own list. Some of which are truly useless in a > dangerous way - they list EVERY port as "Common service(s): client". Well, Duh! > > Oh, and at the end of the day, monitoring EVERY port is useless. You > are as likely to be mis-tagging as correctly tagging. Remember, when > setting up a connection between two hosts, say http, the requestor > picks a random port > > 1023 for the reply. If you have a list of every possible port that a > protocol ever might have used, you're likely to have hits and so > mis-classify traffic. > > Best bet is to build a list of the ports YOU need to monitor on YOUR > network. > > -----Burton > > [REF: Hamlet, Act 1, Scene 4 - > http://www-tech.mit.edu/Shakespeare/Tragedy/hamlet/hamlet.1.4.html] > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Michael Baird > Sent: Wednesday, March 02, 2005 9:38 AM > To: [email protected] > Subject: [Ntop] Protocol List > > Does anyone have a really extensive protocol list file, or know of a > place where I can go to keep my own list updated? > > Regards > Michael Baird > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
