Hi Burton, On 6/18/07, Burton Strauss III <[EMAIL PROTECTED]> wrote:
There is one other trap here – ntop uses the lower #ed port to figure out traffic. This works ok for protocols which use reserved ports, such as 389 for ldap, since the tcp/ip session is from 389 <-> >1024. Once you get into protocols which use high numbered ports, this will mis-classify.
I have long wondered why updating protocol.list would not always classify traffic correctly, finally an explanation. Do you think it would be simple to change ntop so that it used protocol.listfor the classification of all traffic regardless of whether the port is < 1024 or not? Or if there are some potential implications to that change, might it be possible to add a switch so that optionally ntop could classify all traffic based on the contents of protocol.list rather than just traffic with ports < 1024? Vaughan
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
