Hi Burton, You are right , it is usually a small amount of traffic (less than few MBs )that is shown as Kazaa / edoney, so basically in layman terms it means that there is no actual Kazaa/Edoney traffic but rather a misinterpretation of port #
regards vivek --- Burton Strauss <[EMAIL PROTECTED]> wrote: > If you check the article in docs/FAQ, you will see that ntop uses the lower > port # of the packet for classification. > > Remember, part of the tcp/ip protocol involves a random port # - say you > connect to x.y.com on port 80 - the return path uses a random port #. > > This works great when one of the port #s (the lower #) is obvious. But many > protocols use two random port #s or have a high # as their 'well known #', > and so ntop CAN be confused. In some cases we do a deeper analysis on the > packets (e.g. ftp), but not all. > > Port #s are just #s. You CAN use a port for anything, as long as the two > sides (sender and receiver) agree. That can lead to unexpected > classification. Some protocols do this deliberately, i.e. AOL uses a > variety of port #s if the default, 5190, is blocked for any reason. > > And so on. This is usually a small amount of traffic. > > -----Burton > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Vivek Kedia > Sent: Wednesday, January 04, 2006 10:45 PM > To: [email protected] > Subject: Re: [Ntop] Why edonkey and Kazaa Traffic is coming > > Hi All, > > I am using NTOP to moniter around 50 PCs in my office and some of the days i > see edonkey and Kazaa traffic on few of the workstations even though dont > have any file sharing software installed on them , what can be the reason > that ntop is seeing some of the data trf. as being from kazaa / edonkey, > > can it be a virus / ntop misreading the data transfer. > > since the workstations keep on changing so i dont think that its a virus , > maybe ntop? > > regards > vivek > > > > __________________________________________ > Yahoo! DSL - Something to write home about. > Just $16.99/mo. or less. > dsl.yahoo.com > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > __________________________________________ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
