ntop recognizes traffic by port # (the smaller of the src
or dst). So a packet from :12345 -> :25 is seen as '25' or smtp.
Read docs/FAQ - there's an article in there on how ntop identifies
protocols (or maybe it's in the man page ...) anyway, it's the protocols
parameter, which gets preloaded with a default set unless you specify something
else.
Certain mail programs use other ports - so ntop doesn't see
their traffic as 'mail'. If it's totally random, there's not much you can
do. If it's an additional port, you can create a custom protocols
list.
-----Burton
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, July 13, 2005 7:33 PM
To: [email protected]
Subject: [Ntop] Ntop MAIL category does not match last minute view (orreality)
Hi
All,
The mail category on
both the Gloabal Traffic stats page, and the IP Traffic summary page, is not
correct. What am I doing wrong?
Basic Information:
ntop Version 3.1 Configured
on Jan 20 2005
16:40:29 Built on
Jan 20 2005
16:41:59 OS i386-pc-solaris2.9 This version
of ntop is the CURRENT
stable version Next version
recheck is Thu Jul 28
18:34:07 2005 libpcap
version libpcap
version 0.8.3 Process
Id 8673 Command
line Started
as.... /usr/local/bin/ntop -c -j -u nobody -W 203.34.63.22:30059 -w
203.34.63.22:30058 -m 203.34.63.0/24,152.147.128.0/17
Global TCP/UDP Protocol
Distribution
| TCP/UDP Protocol | Data | Percentage | |||
|---|---|---|---|---|---|
| FTP | 30.3 MB | 0% | |||
| HTTP | 6.7 GB | 60% |
| ||
| Telnet | 63.4 KB | 0% | |||
| NBios-IP | 408.5 KB | 0% | |||
| 73.8 KB | 0% | ||||
| SNMP | 142.2 KB | 0% | |||
| NFS/AFS | 198.2 KB | 0% | |||
| X11 | 2.3 KB | 0% | |||
| SSH | 31.5 MB | 0% | |||
| Kazaa | 32.6 KB | 0% | |||
| eDonkey | 196.8 KB | 0% | |||
| BitTorrent | 99.3 KB | 0% | |||
| Messenger | 77.3 KB | 0% | |||
| Other TCP/UDP-based Protocols | 4.3 GB | 38% |
| ||
TCP/UDP Traffic Port
Distribution:
Last Minute View
| TCP/UDP Port | Total | Sent | Rcvd | |
|---|---|---|---|---|
| http | 80 | 14.8 MB | 13.4 MB | 1.5 MB |
| Lotus | 1352 | 4.2 MB | 2.7 MB | 1.5 MB |
| https | 443 | 3.6 MB | 3.0 MB | 544.2 KB |
| 1123 | 1123 | 1.8 MB | 60.1 KB | 1.7 MB |
| 15669 | 15669 | 1.5 MB | 71.8 KB | 1.4 MB |
| 25 | 1.4 MB | 72.3 KB | 1.4 MB | |
David Callaghan
Senior Systems Engineer
Department of
Infrastructure
9655 8540
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
