I did read the manual, and found this (see below)
So if I list SSL for 5003, 3500, & 7735 in /etc/services, then I'd have
to specify it with the -p parameter in NTop? -p SSL=SSL? Not sure of
the syntax there.
We're not running SSL over anything else (except TCP), so I'm not sure
how to define it.
Also, I see other options Ntop can use in regards to SSL, not sure if
they're for the web server serving up Ntop or for protocol decoding (see
below).
Thanks for any help.
+--ntop-specific:-------------------------------------------------------
-----+
--enable-sslv3 enable ssl v3 support
[default=disabled]
--enable-sslwatchdog enable Watchdog for ssl hangups
[default=disabled]
+--external-packages:---------------------------------------------------
+
--without-ssl disable HTPPS support
[default=enabled]
--without-zlib disable zlib [default=enabled]
--with-tcpwrap enable use of TCP Wrapper
[default=disabled]
Q. What are the default protocols ntop monitors?
A. (These are the ones ntop monitors if the user does not supply a -p
parameter) Check addDefaultProtocols() in ntop.c around line 525. The
current list (December 2004) is
Protocol Ports
-------- -----
FTP ftp ftp-data
HTTP http www https 3128 /* 3128 is HTTP cache */
DNS name domain
Telnet telnet login
NBios-IP netbios-ns netbios-dgm netbios-ssn
Mail pop-2 pop-3 pop3 kpop smtp imap imap2
DHCP/BOOTP 67-68
SNMP snmp snmp-trap
NNTP nntp
NFS/AFS mount pcnfs bwnfs nfsd nfsd-status 7000-7009
X11 6000-6010
SSH 22
Gnutella 6346 6347 6348
Morpheus 1214
WinMX 6699 7730
DirectConnect
eDonkey 4661-4665
BitTorrent 6881-6999 6969
Messenger 1863 5000 5001 5190-5193
Note that the names come from /etc/services (or your system's
equivalent). If you add protocols to /etc/services, you can refer to
them by name on the -p parameter.
REMEMBER: You must define the list using the format illustrated in the
ntop man page. Don't try to read /etc/services. It will fail.
The list changes over time as P2P protocols appear and disappear. Check
the cvs and diff ntop.c (around line 550 in void addDefaultProtocols()
if you want the history.
Chandler Bing
------------------------------
Message: 4
Date: Thu, 31 Jul 2008 17:21:34 -0500
From: "Gary Gatten" <[EMAIL PROTECTED]>
Subject: Re: [Ntop] SSL on non-standard port
To: <[email protected]>
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
Dear Chandler Bing,
Doesn't ANYONE RTFM anymore!!! :-) j/k. Seriously though, it's in
the FAQ/man page/etc. Let me know if you need the EXACT location ;-)
G
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Chandler, Mel
Sent: Thursday, July 31, 2008 5:16 PM
To: [email protected]
Subject: [Ntop] SSL on non-standard port
We use SSL on a non-standard ports (5003, 5300, and others) Is there a
way to teach NTop to recognize these as SSL. Will these even show up on
NTop or just be displayed as "other"? Thanks
Chandler Bing
DISCLAIMER:
This communication is confidential and may be legally privileged. If you
are not the intended recipient, (i) please do not read or disclose to
others, (ii) please notify the sender by reply mail, and (iii) please
delete this communication from your system. Failure to follow this
process may be unlawful. Thank you for your cooperation.
<font size="1">
<div style='border:none;border-bottom:double windowtext
2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://listgateway.unipi.it/pipermail/ntop/attachments/20080731/d46e1bd4
/attachment-0001.html
------------------------------
Message: 5
Date: Fri, 1 Aug 2008 10:56:45 -0700 (PDT)
From: "Devon N." <[EMAIL PROTECTED]>
Subject: [Ntop] remotePlugin command format
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
Hi everyone,
I am new to ntop and am looking to use the remotePlugin. I have looked
through the code in remotePlugin.c but can't seem to figure out the
format of the commands. I am successful in making a connection to the
server, but it refuses my commands stating "error: invalid parameters
format;" If anyone could help with this, it would be greatly
appreciated.
Thank you,
Devon
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://listgateway.unipi.it/pipermail/ntop/attachments/20080801/5cf1fb46
/attachment-0001.html
------------------------------
Message: 6
Date: Fri, 1 Aug 2008 12:30:22 -0700
From: "Chandler, Mel" <[EMAIL PROTECTED]>
Subject: [Ntop] RRD error
To: <[email protected]>
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
Thu 31 Jul 2008 02:50:25 PM PDT **ERROR** RRD: rrd_graph() call failed,
rc -1,
Thu 31 Jul 2008 02:50:25 PM PDT RRD: Failing file in netflowSummary()
is
/usr/local/var/ntop/rrd/interfaces/TB_QA_Lab_-_HNS_DSL/NetFlow/24/NF_num
DiscardedFlows.rrd
Does anyone know what this error means and a possible resolution? I
searched the archives and can't find anything about it. I don't think
it's permissions as the other rrd files are fine. Any ideas?
Chandler Bing
This communication is confidential and may be legally privileged. If
you are not the intended recipient, (i) please do not read or disclose
to others, (ii) please notify the sender by reply mail, and (iii) please
delete this communication from your system. Failure to follow this
process may be unlawful. Thank you for your cooperation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://listgateway.unipi.it/pipermail/ntop/attachments/20080801/783d236f
/attachment.html
------------------------------
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
End of Ntop Digest, Vol 51, Issue 1
***********************************
This communication is confidential and may be legally privileged. If you are
not the intended recipient, (i) please do not read or disclose to others, (ii)
please notify the sender by reply mail, and (iii) please delete this
communication from your system. Failure to follow this process may be
unlawful. Thank you for your cooperation.
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
