(1) The fee is a convenience fee for a pre-built binary. You can’t ‘buy’ free software.
(2) If your traffic is really VoIP then you won’t see much ‘SIP’ traffic as that port is used only to setup the call between the end-points. Once they agree, traffic will move across two random ports > 1024. There really is no way to figure out this traffic since port ‘3389’ say could be an RDP session, or it could be half of a sip call. There is one other trap here – ntop uses the lower #ed port to figure out traffic. This works ok for protocols which use reserved ports, such as 389 for ldap, since the tcp/ip session is from 389 <-> >1024. Once you get into protocols which use high numbered ports, this will mis-classify. One thought – install something like ethereal and figure out what really IS in that traffic, then maybe we can help you classify it. -----Burton _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlo De Bernardo Sent: Monday, June 11, 2007 3:28 PM To: [email protected] Subject: [Ntop] 85% of Other Tcp/Udp traffic - is there a way to tell ntophow to decode it? Hi there, I got (and paid for) the Windows version of ntop. After a first watch and a quick analysis of my Internet traffic I've seen that most of the traffic fall under the "other tcp/udp" category. After reading the user's guides / faq, and after some searches on google I found the way to customize my services file (not the one under windows folder but the one on ntop "root" folder) and I've modified the startup "-p" parameter to tell ntop to use a custom file containing the protocols categories I'd like to classify. Ntop's behabiour is still the same. Still 85% of other traffic. Just to make a test I've added RDP (tcp 3389) on the services file and added a reference to my protocol.list file. Obviously I've restarted the service but rdp traffic do not appear on IP stats (and nowhere else). Any help would be very appreciated. Thanks in advace Carlo Here is my protocols.list file: ---------------------------------------------- FTP=ftp|ftp-data,HTTP=http|www|https|3128,DNS=name|domain,Telnet=telnet|logi n,NBios-IP=netbios-ns|netbios-dgm|netbios-ssn,Mail=pop-2|pop-3|pop3|kpop|smt p|imap|imap2,DHCP-BOOTP=67-68,SNMP=snmp|snmp-trap,NNTP=nntp,NFS=mount|pcnfs| bwnfs|nfsd|nfsd-status,RDP=rdp,SIP=sip ---------------------------------------------- And this is the portion of the services file where I've added rdp (and sip) ---------------------------------------------- # # CDB - 09.06.2007 # rdp 3389/tcp # Microsoft Terminal Services sip 5060/udp # SIP ---------------------------------------------- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.472 / Virus Database: 269.9.0/852 - Release Date: 6/17/2007 8:23 AM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.472 / Virus Database: 269.9.0/852 - Release Date: 6/17/2007 8:23 AM
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
