Hi People, I've been using Ntop for a number of years now and I love it (great work Luca/Burton!). In the last year or so I switched to using it's NetFlow support to monitor our WAN. But now it would appear that I've reached it's limits... (unless I've missed something)
We now appear to have two if not three applications on our network that use seemingly random ports, which makes classifying and tracking them a real pain. They are VoIP (http://www.mitel.com/DocController?documentId=9555&c=9511&sc=9514), MS Exchange2003 with Outlook 2003 (http://www.microsoft.com/exchange/default.mspx) and AfterMail (http://www.aftermail.com/). I need to do some more research, but even after building a protocols file based on port lists from IANA (http://www.iana.org/assignments/port-numbers) and Graffiti (http://www.graffiti.com/services), I still get more traffic assigned to "Other" than any other type. I think this means I've reached the point where I need packet inspection to assist in determining traffic type. Which counts out NetFlow... And I think will count out Ntop in general. Can anyone provide any hints or suggestions? Other than porting some other projects packet-inspection module (sorry, I just don't have the time). BTW My little monitoring box (P3 766MHz 384Meg, FedoraCore 2) does a remarkable job of coping with about 4000 protocols for our 10Mbit/s WAN, unless I hit the Summary | Traffic page too often. The box also uses MRTG and SmokePing. If anyone would like a copy of the huge (~64K) protocols file, just ask me off list. Later'ish Craig _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
