Re: [Ntop] protocols.list

Jan Speksnijder Wed, 16 Jan 2013 10:49:21 -0800

Stuart,

I also use Netflow and had the same question.

nDPI means package inspection, that's the answer, currently the -p optionhas no effect.

See mail:
Dec 11 from Alex Dekker
Dec 12 from Luca Deri
Dec 28 from Stefano Bianchi


Regards,
Jan

----- Original Message -----From: "Stuart Kendrick" <[email protected]>

To: <[email protected]>
Sent: Wednesday, January 16, 2013 1:25 AM
Subject: [Ntop] protocols.list

Hi folks,
According to the man pages, the default Application Protocols list isthis:
     FTP        ftp ftp-data
     HTTP       http www https 3128      /* 3128 is HTTP cache */
     DNS        name domain
     Telnet     telnet login
     NBios-IP   netbios-ns netbios-dgm netbios-ssn
     Mail       pop-2 pop-3 pop3 kpop smtp imap imap2
     DHCP/BOOTP 67-68
     SNMP       snmp snmp-trap
     NNTP       nntp
     NFS/AFS    mount pcnfs bwnfs nfsd nfsd-status 7000-7009
     X11        6000-6010
     SSH        22
     Gnutella   6346 6347 6348
     Morpheus   1214
     WinMX      6699 7730
     DirectConnect
     eDonkey    4661-4665
     BitTorrent 6881-6999 6969
     Messenger  1863 5000 5001 5190-5193
But I see protocols other than these appearing underneath the ApplicationProtocols tab in the Web interface.
Poking around, I see that nDPI/src/include/ipq_protocols_osdpi.h definesquite a few more protocols than the list in the man page, including onesdisplayed under the Application Protocols tab.
==> What is the relationship between the list in the man page and thecontents of ipq_protocols_ospdi.h?
==> I'm attempting to add a couple protocols ... but my protocols.listfile doesn't seem to have an effect on the pie chart displayed under theApplication Protocols tab ... can you see what I'm missing, in my effortsto add CAPWAP to this pie chart?
ps -ef | grep ntop
/opt/local/bin/ntop -u ntop -i eth8 -d -L -u ntop -P/opt/local/share/ntop -p /opt/local/etc/ntop/protocols.list --use-syslogdaemon
cat /opt/local/etc/ntop/protocols.list
CAPWAP=capwap-control|capwap-data
SKINNY=2000

or
cat /opt/local/etc/ntop/protocols.list
+CAPWAP=capwap-control|capwap-data
+SKINNY=2000

grep capwap /etc/services
capwap-control  5246/udp               # Control and Provisioning, WAP
capwap-data     5247/udp                # Control and Provisioning, WAP
#

--sk

Stuart Kendrick
FHCRC
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop


_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: [Ntop] protocols.list

Reply via email to