Find the answer to your Linux question:
Results 1 to 2 of 2
so I have some custom stuff running on some custom ports and I've added them to the ntop protocol.list, but when the client is running, all the traffic is getting ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2008
    Location
    Seattle, WA
    Posts
    46

    ntop recording traffic as FTP


    so I have some custom stuff running on some custom ports and I've added them to the ntop protocol.list, but when the client is running, all the traffic is getting categorized as FTP traffic. I'm not sure whats going on because netstat shows the traffic as being on the 49xxx ports, external inspection shows the clients are connecting to the 49xxx ports, but ntop still says its FTP. iptables is even blocking FTP... anyone have any thoughts?

    additionally, ntop shows lots of NetBIOS and other random traffic (probably from other clients) but I should be dropping all that at the iptables level. I even have a few custom rules to suppress Windows-related broadcast traffic.

    thanks in advance,
    -rb

  2. #2
    Just Joined!
    Join Date
    Aug 2008
    Location
    Seattle, WA
    Posts
    46
    ok, so I figured out that the client sends on the 49xxx range, but the clients its connecting to can use any port. at least ntop is smart enough to realize that large amounts of data transfer deserve to be recorded SOMEWHERE and just clumps it into FTP.

    I'm still not sure why I'm picking up so much broadcast traffic (NetBIOS needs to be quiet) / other junk, but I've just clumped it all together under a 'Junk' category for now.

    my other issue is making ntop records persistent. it looses its data count every time I stop the daemon, which is irritating if I'm trying to track my own monthly usage. any ideas on that topic?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •