Gary
Thanks for the help. But I still can read the file. It appears to be a pcap file and when I open it says there is a packet that is to large and won't open. I have tried using cat it is not intelligent. Has any one else program the -j extension and opened the file? Thanks in advance Terry Martin TimeData Corporation VP of Network Operation East Coast Number: 212-644-1600 X3 West Coast Number 503-678-2224 Cell: 503-318-8909 ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Gary Gatten Sent: Monday, February 02, 2009 4:13 PM To: [email protected] Subject: Re: [Ntop] Protocol list I haven't done this, so I'm not sure what format this file is in. Maybe it's just text? Try to cat / more it and see what it looks like. G ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Terry Martin Sent: Monday, February 02, 2009 1:47 PM To: [email protected] Subject: Re: [Ntop] Protocol list Gary I built the -j into protocollists. The file I have saved is a "ntop-other-pkts.etho.pcap. It is a 7 MB file. I tried to read it using Wireshark and I get an error saying the file is corrupt. Am I doing something wrong? Thanks in advance Terry Martin TimeData Corporation VP of Network Operation East Coast Number: 212-644-1600 X3 West Coast Number 503-678-2224 Cell: 503-318-8909 ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Gary Gatten Sent: Monday, February 02, 2009 9:01 AM To: [email protected] Subject: Re: [Ntop] Protocol list FTP uses dynamic port numbers > 1023. Good luck catching that accurately - you'd need something stateful, MAYBE netflow would do it - not sure. Maybe with NBAR Netwflow would do it - again, not sure. If you only have a few protocols maybe add them on the command line or @conf file. Specify your own path where you want the dump to go. H ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Terry Martin Sent: Monday, February 02, 2009 9:37 AM To: [email protected] Subject: Re: [Ntop] Protocol list Gary I looked it over and I want to build a protocol list can it look like this? <protocol name> <assigned number> HTTP 80 FTP 21 Telnet 23 I understand what the "- j" allows me to dump the file of the unknown protocols to a file. Is the correct syntacs for this "-j <file name>? Or do I just put the -j and it places it in a specific location? Where is that location? Terry Martin TimeData Corporation VP of Network Operation East Coast Number: 212-644-1600 X3 West Coast Number 503-678-2224 Cell: 503-318-8909 ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Gary Gatten Sent: Friday, January 30, 2009 6:11 PM To: [email protected] Subject: Re: [Ntop] Protocol list It's in the man page. -p and -j. ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Gary Gatten Sent: Friday, January 30, 2009 8:02 PM To: [email protected] Subject: Re: [Ntop] Protocol list Check the doc / faqs for -p , protocol list, and dump/create other packets. I've been here 12 hrs today or I'd give you the exact info - but I'm leaving now! ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Terry Martin Sent: Friday, January 30, 2009 6:39 PM To: [email protected] Subject: [Ntop] Protocol list To all When I look at the protocol distribution, most are in the "other" category. How do I look to see what the list of ports that are in the other category? And how do I update the protocol list to include most of the protocols. Can any one help me with that please? Thanks Terry Martin TimeData Corporation VP of Network Operation East Coast Number: 212-644-1600 X3 West Coast Number 503-678-2224 Cell: 503-318-8909 "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system."
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
