Hello list, I am new to ntop, have recently installed ntop-3.2 on Debian 3.1 r5 i3, tried to install ntop-3.3rc1 but ran into errors with rrdtool that I notice a few others on the list are having as well, so decided would try 3.2 in the meantime and await developments.
Fortunately ntop-3.2 installed fine and I have been testing on my home network. Have to say that I am really impressed with the web reporting - it's excellent. I have one minor issue with the reporting and that is that if I run Emule locally on my laptop (different host to ntop), the Emule traffic appears to be classified as FTP by ntop rather than eDonkey. I am using a custom protocol.list which I call with "-p" (Note: I have included line breaks in the protocol.list to make it easier to read - the real protocol.list has no line breaks): FTP=ftp|ftp-data|2111|2101|22000-22049|21000-21049, PROXY=3128|8080, HTTP=http|www|https, DNS=name|domain, Telnet=telnet|login, NBios-IP=netbios-ns|netbios-dgm|netbios-ssn, Mail=pop-2|pop-3|kpop|smtp|imap|imap2, SNMP=snmp|snmp-trap, NEWS=nntp, DHCP-BOOTP=67-68, NFS=mount|pcnfs|bwnfs|nfs|nfsd-status, X11=6000-6010, SSH=ssh, Gnutella=6346|6347|6348, Kazaa=1214, eDonkey=4661-4665|4672|6346|6347, Messenger=1863|5000|5001|5190-5193, VNC=5900-5902|5631|5632, ntop=3000, RDP=3388-3389 I believe ntop is classifying the Emule traffic as FTP because no eDonkey traffic is being reported by ntop and the amount of traffic being reported as FTP correlates with the Emule downloads. I have read some past threads that have commented on the difficulty of classifying P2P traffic, particularly when ports above 1024 are being used, however I thought that in this instance because I knew which ports were being used by Emule and updated the protocol.list accordingly that should have meant that ntop could recognise the Emule traffic. Also, have tried to figure out a way to "dig down" into the reported FTP traffic for the laptop to see if it is the Emule traffic or if there is something happening with my laptop that I don't about. But have not worked out how to do this. Would appreciate advice on how to troubleshoot. Thanks Vaughan
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
