If you have Cisco routers, you could use NBAR to classify the IM traffic and then use various policy based routing, NAT, etc. to manipulate the IM traffic to something consistent such that nTop can recongnize it. I've used NBAR to rate limit and block IM traffic, but haven't tried tying it to PBR and NAT. Should work though.
Gary >>> [EMAIL PROTECTED] 3/20/2006 9:58:28 AM >>> Yup ... AOL (which I've looked at specifically) uses 5190, but can also use 22 (SSH) 20/21 (FTP) 80 (HTML) and others. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Moore Sent: Monday, March 20, 2006 9:43 AM To: [email protected] Subject: RE: [Ntop] msn messenger traffic measurement IIRC, MSN uses port 80 when it can - which of course makes it hard to distinguish. These things (chat apps in general) are sneaky bastages. They are essentially designed like a virus to evade security systems. I have $$$$ IDS machines doing layer 5-7 deep packet inspection that has trouble catching them. Working at layer 4 and lower, NTOP doesn't have much of a chance. Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss Sent: Monday, March 20, 2006 7:19 AM To: [email protected] Subject: RE: [Ntop] msn messenger traffic measurement IF (and that's a big IF) you can identify the ports used by MSN messenger, you could add them to the monitored protocols list via the --protocols option. You can then enable RRD, which can be tuned to accumulate into whatever intervals you want (default is 5m, but it's configurable on the plugin's page). -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cevahir Pilpil Sent: Monday, March 20, 2006 5:45 AM To: [email protected] Subject: [Ntop] msn messenger traffic measurement Hi everybody, I am using ntop last version on Fedora Core 4. In my corporate network, I would like to collect all MSN Messenger traffic and report it daily basis by dividing into 30 minute parts. Is it possible to do it? Thanks for everybody. Cevahir -- _______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop ********************************************************************** Confidential/Proprietary Note The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. Thank you. Guardian Mtg Documents, Inc. 225 Union Boulevard, Suite 200 Lakewood, CO 80228. ********************************************************************** _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
