You are correct, ntop will read the .../services file (and
combine them) in all of the locations specified by myGlobals.configFileDirs[]
(see void initIPServices(void) {} in initialize.c).
The list of locations checked is in info.html /
textinfo.html -- look for "Config Files".
It's normally . (the starting directory), /etc/ntop and
/etc. You will notice that a basic list is loaded in initIPServices() anyway,
regardless of whether the file(s) are found.
However, as I said in another thread, this is irrelevant to
what protocols ntop processes. That's PURELY defined by -p |
--protocols. These lists are JUST used for
conversion of names in -p | --protocols into numbers.
You do want to be careful here, as duplicates (by name)
will be discarded with a warning message:
INIT: Protocol ''<name>' has been discarded (multiple
instances)
If the name can't be matched, you'll see an different
warning:
INIT: Unknown protocol '<name>' - it has been
ignored
Neither of these stop ntop, so it's possible to get
unexpected results if you are trying to be clever. Each name must be
unique.
-----Burton
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Monday, July 18, 2005 8:23 PM
To: [email protected]
Subject: RE: [Ntop] Ntop MAIL category does not matchlast minuteview (orreality)
Hi
Burton,
My
bad, I was using truss to see which files were opened, of course, it opens both,
but ignores one.
Also,
confused was I ( to paraphrase Yoda) as quite a few services NOT represented in
my NTOP copy of the services file were still ok (HTTP , FTP ,
etc)...
rgds
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss
Sent: 19 July 2005 12:40 AM
To: [email protected]
Subject: RE: [Ntop] Ntop MAIL category does not match last minuteview (orreality)Well ntop only reads one file of the type, and that is whichever it finds first during the search. Check info.html / textinfo.html and you'll see the search lists.-----Burton
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, July 14, 2005 11:46 PM
To: [email protected]
Subject: RE: [Ntop] Ntop MAIL category does not match last minuteview (orreality)Problem resolved (kind-a)looks like NTOP is ignoring /etc/services when local ntop services file is present.cheers-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss
Sent: 14 July 2005 11:01 AM
To: [email protected]
Subject: RE: [Ntop] Ntop MAIL category does not match last minute view (orreality)ntop recognizes traffic by port # (the smaller of the src or dst). So a packet from :12345 -> :25 is seen as '25' or smtp. Read docs/FAQ - there's an article in there on how ntop identifies protocols (or maybe it's in the man page ...) anyway, it's the protocols parameter, which gets preloaded with a default set unless you specify something else.Certain mail programs use other ports - so ntop doesn't see their traffic as 'mail'. If it's totally random, there's not much you can do. If it's an additional port, you can create a custom protocols list.-----Burton
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, July 13, 2005 7:33 PM
To: [email protected]
Subject: [Ntop] Ntop MAIL category does not match last minute view (orreality)Hi All,The mail category on both the Gloabal Traffic stats page, and the IP Traffic summary page, is not correct. What am I doing wrong?Basic Information:ntop Version 3.1 Configured on Jan 20 2005 16:40:29 Built on Jan 20 2005 16:41:59 OS i386-pc-solaris2.9 This version of ntop is the CURRENT stable version Next version recheck is Thu Jul 28 18:34:07 2005 libpcap version libpcap version 0.8.3 Process Id 8673 Command line Started as.... /usr/local/bin/ntop -c -j -u nobody -W 203.34.63.22:30059 -w 203.34.63.22:30058 -m 203.34.63.0/24,152.147.128.0/17 Global TCP/UDP Protocol Distribution
TCP/UDP Protocol Data Percentage FTP 30.3 MB 0% HTTP 6.7 GB 60%
Telnet 63.4 KB 0% NBios-IP 408.5 KB 0% 73.8 KB 0% SNMP 142.2 KB 0% NFS/AFS 198.2 KB 0% X11 2.3 KB 0% SSH 31.5 MB 0% Kazaa 32.6 KB 0% eDonkey 196.8 KB 0% BitTorrent 99.3 KB 0% Messenger 77.3 KB 0% Other TCP/UDP-based Protocols 4.3 GB 38%
TCP/UDP Traffic Port Distribution:
Last Minute View
TCP/UDP Port Total Sent Rcvd http 80 14.8 MB 13.4 MB 1.5 MB Lotus 1352 4.2 MB 2.7 MB 1.5 MB https 443 3.6 MB 3.0 MB 544.2 KB 1123 1123 1.8 MB 60.1 KB 1.7 MB 15669 15669 1.5 MB 71.8 KB 1.4 MB 25 1.4 MB 72.3 KB 1.4 MB
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
