Read the FAQ - the algo is disclosed. Essentially it's the lowest # recognized - so that should ntop see the conversation starting from the middle it makes the most likely correct guess.
So a packet from a.b.c.d:32541 to d.e.f.g:80 is assumed to be http (port 80). -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugo Rebello Sent: Wednesday, August 02, 2006 4:30 PM To: ntop@unipi.it Subject: Re: [Ntop] Question about ports Yes, that´s it. I don´t have netflow enable in my router even thus when I access the "IP - Summary - Traffic" NTOP option I can see the Kazaa, eDonkey and others traffics like that. However I cannot see the ports information. Sterling Jacobson wrote: >My router does statefull packet inspection to identify Bittorrent and other P2P traffic. The netflow information I'm sending from this router to NTOP does not appear to contain this data. > >Am I right? Does NTOP figure out itself what these packets are I guess? >Can NTOP be configured to recognize these packets (which may be on any port), or the netflow configured for that from the router that CAN determine what is P2P regardless of port? > > > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of >Daniel Lunde >Sent: Wednesday, August 02, 2006 9:26 AM >To: ntop@unipi.it >Subject: Re: [Ntop] Question about ports > >The protocol list is embedded in the ntop code. The best solution is >to create your own list and start ntop with the -p option. (i.e. ntop >-p /etc/ntop/protocol.list). I started with ntop's list and added a >bunch more based on the services I run. > >To find what ports a particular service runs on, you can check /etc/ >services, the services configuration file, or netstat -a to see what >ports are listening. Sorry, I'm no windows guy, so linux is all I can >help with. Google is your best friend otherwise. > >Daniel > >Here's my list: > >HTTP=http|www|https|3128 >DNS=name|domain >Mail=pop-2|pop-3|pop3|kpop|smtp|imap|imap2 >NFS=mount|pcnfs|bwnfs|nfsd|nfs|nfsd-status|7000-7009 >AFP=afpovertcp >Windows=netbios-ns|netbios-dgm|netbios-ssn >FTP=ftp|ftp-data >TFTP=69 >LDAP=ldap|ldapssl >SSH=ssh >Telnet=telnet|login >iTunes=3689 >Radmind=6662 >Amanda=10080-10083 >Xgrid=4111 >Keysvr=19283 >Filemkr=5003|50003|50006 >FlexLM=7111 >ARD=3238 >QTSS=554|8000-8001 >mDNS=5353 >sFlow=6343 >DHCP=67-68 >RPC=111 >SNMP=snmp|snmp-trap >SLP=427 >LPR=515|631 >NNTP=nntp >VoIP=5060|2000|54045 >X11=6000-6010 >Gnutella=6346|6347|6348 >Kazaa=1214 >WinMX=6699|7730 >DirectConnect=-1 >eDonkey=4661-4665 >BitTorrent=6881-6999|6969 >Messenger=1863|5000|5001|5190-5193 > > >On Aug 2, 2006, at 10:02 AM, Hugo Rebello wrote: > > > >>Guys, >> >>I´d like to know how to ntop identify the kazaa, eDonkey,Messenger and >>others traffics ? >>Where can I find the port information about this traffic ? >> >>Thank you. >> >>Cheers, >>Hugo >> >> >> >>_______________________________________________ >>Ntop mailing list >>Ntop@unipi.it >>http://listgateway.unipi.it/mailman/listinfo/ntop >> >> > >_______________________________________________ >Ntop mailing list >Ntop@unipi.it >http://listgateway.unipi.it/mailman/listinfo/ntop > > > _______________________________________________ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
