Hi
Burton,
My
bad, I was using truss to see which files were opened, of course, it opens both,
but ignores one.
Also,
confused was I ( to paraphrase Yoda) as quite a few services NOT represented in
my NTOP copy of the services file were still ok (HTTP , FTP ,
etc)...
rgds
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss
Sent: 19 July 2005 12:40 AM
To: [email protected]
Subject: RE: [Ntop] Ntop MAIL category does not match last minuteview (orreality)Well ntop only reads one file of the type, and that is whichever it finds first during the search. Check info.html / textinfo.html and you'll see the search lists.-----Burton
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, July 14, 2005 11:46 PM
To: [email protected]
Subject: RE: [Ntop] Ntop MAIL category does not match last minuteview (orreality)Problem resolved (kind-a)looks like NTOP is ignoring /etc/services when local ntop services file is present.cheers-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss
Sent: 14 July 2005 11:01 AM
To: [email protected]
Subject: RE: [Ntop] Ntop MAIL category does not match last minute view (orreality)ntop recognizes traffic by port # (the smaller of the src or dst). So a packet from :12345 -> :25 is seen as '25' or smtp. Read docs/FAQ - there's an article in there on how ntop identifies protocols (or maybe it's in the man page ...) anyway, it's the protocols parameter, which gets preloaded with a default set unless you specify something else.Certain mail programs use other ports - so ntop doesn't see their traffic as 'mail'. If it's totally random, there's not much you can do. If it's an additional port, you can create a custom protocols list.-----Burton
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, July 13, 2005 7:33 PM
To: [email protected]
Subject: [Ntop] Ntop MAIL category does not match last minute view (orreality)Hi All,The mail category on both the Gloabal Traffic stats page, and the IP Traffic summary page, is not correct. What am I doing wrong?Basic Information:ntop Version 3.1 Configured on Jan 20 2005 16:40:29 Built on Jan 20 2005 16:41:59 OS i386-pc-solaris2.9 This version of ntop is the CURRENT stable version Next version recheck is Thu Jul 28 18:34:07 2005 libpcap version libpcap version 0.8.3 Process Id 8673 Command line Started as.... /usr/local/bin/ntop -c -j -u nobody -W 203.34.63.22:30059 -w 203.34.63.22:30058 -m 203.34.63.0/24,152.147.128.0/17 Global TCP/UDP Protocol Distribution
TCP/UDP Protocol Data Percentage FTP 30.3 MB 0% HTTP 6.7 GB 60%
Telnet 63.4 KB 0% NBios-IP 408.5 KB 0% 73.8 KB 0% SNMP 142.2 KB 0% NFS/AFS 198.2 KB 0% X11 2.3 KB 0% SSH 31.5 MB 0% Kazaa 32.6 KB 0% eDonkey 196.8 KB 0% BitTorrent 99.3 KB 0% Messenger 77.3 KB 0% Other TCP/UDP-based Protocols 4.3 GB 38%
TCP/UDP Traffic Port Distribution:
Last Minute View
TCP/UDP Port Total Sent Rcvd http 80 14.8 MB 13.4 MB 1.5 MB Lotus 1352 4.2 MB 2.7 MB 1.5 MB https 443 3.6 MB 3.0 MB 544.2 KB 1123 1123 1.8 MB 60.1 KB 1.7 MB 15669 15669 1.5 MB 71.8 KB 1.4 MB 25 1.4 MB 72.3 KB 1.4 MB
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
