[Ntop] Protocol list
Terry Martin
tmartin at timedatacorp.com
Tue Feb 3 17:18:09 CET 2009
Gary
Thanks for the help. But I still can read the file. It appears to be a
pcap file and when I open it says there is a packet that is to large and
won't open. I have tried using cat it is not intelligent.
Has any one else program the -j extension and opened the file?
Thanks in advance
Terry Martin
TimeData Corporation
VP of Network Operation
East Coast Number: 212-644-1600 X3
West Coast Number 503-678-2224
Cell: 503-318-8909
________________________________
From: ntop-bounces at unipi.it [mailto:ntop-bounces at unipi.it] On Behalf Of
Gary Gatten
Sent: Monday, February 02, 2009 4:13 PM
To: ntop at unipi.it
Subject: Re: [Ntop] Protocol list
I haven't done this, so I'm not sure what format this file is in. Maybe
it's just text? Try to cat / more it and see what it looks like.
G
________________________________
From: ntop-bounces at unipi.it [mailto:ntop-bounces at unipi.it] On Behalf Of
Terry Martin
Sent: Monday, February 02, 2009 1:47 PM
To: ntop at unipi.it
Subject: Re: [Ntop] Protocol list
Gary
I built the -j into protocollists. The file I have saved is a
"ntop-other-pkts.etho.pcap. It is a 7 MB file. I tried to read it
using Wireshark and I get an error saying the file is corrupt. Am I
doing something wrong?
Thanks in advance
Terry Martin
TimeData Corporation
VP of Network Operation
East Coast Number: 212-644-1600 X3
West Coast Number 503-678-2224
Cell: 503-318-8909
________________________________
From: ntop-bounces at unipi.it [mailto:ntop-bounces at unipi.it] On Behalf Of
Gary Gatten
Sent: Monday, February 02, 2009 9:01 AM
To: ntop at unipi.it
Subject: Re: [Ntop] Protocol list
FTP uses dynamic port numbers > 1023. Good luck catching that
accurately - you'd need something stateful, MAYBE netflow would do it -
not sure. Maybe with NBAR Netwflow would do it - again, not sure. If
you only have a few protocols maybe add them on the command line or
@conf file.
Specify your own path where you want the dump to go.
H
________________________________
From: ntop-bounces at unipi.it [mailto:ntop-bounces at unipi.it] On Behalf Of
Terry Martin
Sent: Monday, February 02, 2009 9:37 AM
To: ntop at unipi.it
Subject: Re: [Ntop] Protocol list
Gary
I looked it over and I want to build a protocol list can it look like
this?
<protocol name> <assigned number>
HTTP 80
FTP 21
Telnet 23
I understand what the "- j" allows me to dump the file of the unknown
protocols to a file. Is the correct syntacs for this "-j <file name>?
Or do I just put the -j and it places it in a specific location? Where
is that location?
Terry Martin
TimeData Corporation
VP of Network Operation
East Coast Number: 212-644-1600 X3
West Coast Number 503-678-2224
Cell: 503-318-8909
________________________________
From: ntop-bounces at unipi.it [mailto:ntop-bounces at unipi.it] On Behalf Of
Gary Gatten
Sent: Friday, January 30, 2009 6:11 PM
To: ntop at unipi.it
Subject: Re: [Ntop] Protocol list
It's in the man page. -p and -j.
________________________________
From: ntop-bounces at unipi.it [mailto:ntop-bounces at unipi.it] On Behalf Of
Gary Gatten
Sent: Friday, January 30, 2009 8:02 PM
To: ntop at unipi.it
Subject: Re: [Ntop] Protocol list
Check the doc / faqs for -p , protocol list, and dump/create other
packets. I've been here 12 hrs today or I'd give you the exact info -
but I'm leaving now!
________________________________
From: ntop-bounces at unipi.it [mailto:ntop-bounces at unipi.it] On Behalf Of
Terry Martin
Sent: Friday, January 30, 2009 6:39 PM
To: ntop at unipi.it
Subject: [Ntop] Protocol list
To all
When I look at the protocol distribution, most are in the "other"
category. How do I look to see what the list of ports that are in the
other category? And how do I update the protocol list to include most of
the protocols.
Can any one help me with that please?
Thanks
Terry Martin
TimeData Corporation
VP of Network Operation
East Coast Number: 212-644-1600 X3
West Coast Number 503-678-2224
Cell: 503-318-8909
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential. If
you are not the intended recipient, you are hereby notified that any
review, use, dissemination, disclosure or copying of this email and its
attachments, if any, is strictly prohibited. If you have received this
email in error, please immediately notify the sender by return email and
delete this email from your system."
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential. If
you are not the intended recipient, you are hereby notified that any
review, use, dissemination, disclosure or copying of this email and its
attachments, if any, is strictly prohibited. If you have received this
email in error, please immediately notify the sender by return email and
delete this email from your system."
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential. If
you are not the intended recipient, you are hereby notified that any
review, use, dissemination, disclosure or copying of this email and its
attachments, if any, is strictly prohibited. If you have received this
email in error, please immediately notify the sender by return email and
delete this email from your system."
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential. If
you are not the intended recipient, you are hereby notified that any
review, use, dissemination, disclosure or copying of this email and its
attachments, if any, is strictly prohibited. If you have received this
email in error, please immediately notify the sender by return email and
delete this email from your system."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listgateway.unipi.it/pipermail/ntop/attachments/20090203/6cccd7f6/attachment-0001.html
More information about the Ntop
mailing list