Hi
Burton,
Thankyou for responding so quickly. Don't think that's it
though.
I have
set SMTP in the /usr/local/etc/services file. It is also in the /etc/services
file.
The
preloaded defaults for the Mail category (from ntop.c) are
"pop-2|pop-3|pop3|kpop|smtp|imap|imap2|"
(Hmm
Can't find kpop in any list of current services.)
It all
looks OK, but, as you can see SMTP (25) in the last minute view is at 1.4 MB,
and in the protocol distribution (since 0) Mail = 73KB.
I know
the 1.4 is essentially correct from firewall logs. The Mail category seems to be
counting some other (unknown) set of protocols.
rgds
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss
Sent: 14 July 2005 11:01 AM
To: [email protected]
Subject: RE: [Ntop] Ntop MAIL category does not match last minute view (orreality)ntop recognizes traffic by port # (the smaller of the src or dst). So a packet from :12345 -> :25 is seen as '25' or smtp. Read docs/FAQ - there's an article in there on how ntop identifies protocols (or maybe it's in the man page ...) anyway, it's the protocols parameter, which gets preloaded with a default set unless you specify something else.Certain mail programs use other ports - so ntop doesn't see their traffic as 'mail'. If it's totally random, there's not much you can do. If it's an additional port, you can create a custom protocols list.-----Burton
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, July 13, 2005 7:33 PM
To: [email protected]
Subject: [Ntop] Ntop MAIL category does not match last minute view (orreality)Hi All,The mail category on both the Gloabal Traffic stats page, and the IP Traffic summary page, is not correct. What am I doing wrong?Basic Information:ntop Version 3.1 Configured on Jan 20 2005 16:40:29 Built on Jan 20 2005 16:41:59 OS i386-pc-solaris2.9 This version of ntop is the CURRENT stable version Next version recheck is Thu Jul 28 18:34:07 2005 libpcap version libpcap version 0.8.3 Process Id 8673 Command line Started as.... /usr/local/bin/ntop -c -j -u nobody -W 203.34.63.22:30059 -w 203.34.63.22:30058 -m 203.34.63.0/24,152.147.128.0/17 Global TCP/UDP Protocol Distribution
TCP/UDP Protocol Data Percentage FTP 30.3 MB 0% HTTP 6.7 GB 60%
Telnet 63.4 KB 0% NBios-IP 408.5 KB 0% 73.8 KB 0% SNMP 142.2 KB 0% NFS/AFS 198.2 KB 0% X11 2.3 KB 0% SSH 31.5 MB 0% Kazaa 32.6 KB 0% eDonkey 196.8 KB 0% BitTorrent 99.3 KB 0% Messenger 77.3 KB 0% Other TCP/UDP-based Protocols 4.3 GB 38%
TCP/UDP Traffic Port Distribution:
Last Minute View
TCP/UDP Port Total Sent Rcvd http 80 14.8 MB 13.4 MB 1.5 MB Lotus 1352 4.2 MB 2.7 MB 1.5 MB https 443 3.6 MB 3.0 MB 544.2 KB 1123 1123 1.8 MB 60.1 KB 1.7 MB 15669 15669 1.5 MB 71.8 KB 1.4 MB 25 1.4 MB 72.3 KB 1.4 MB
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
