Firewall Wizards mailing list archives

Re: Open Source Port Tracking

From: "Marcus J. Ranum" <mjr () ranum com>
Date: Tue, 04 Feb 2003 19:39:11 -0500

At 09:40 AM 2/4/2003 -0500, Small, Jim wrote:

I've been trying ntop, but it doesn't
track all ports.  I know IPFilter has a count option, but it would be
tedious to set up 65,535x2 rules for all TCP/UDP ports.  Could someone
recommend something else?


There's an ancient tool called nnstat that does what you're
looking for; I don't know if it runs on newer UNIXes - it's
kind of crufty but it's real good for producing network
statistics based on packet level stuff.  A lot of the concepts
of the first version Network Flight Recorder were extensions
and improvements on the ideas in nnstat.

mjr. 
---
Marcus J. Ranum                         http://www.ranum.com
Computer and Communications Security    mjr () ranum com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Open Source Port Tracking Small, Jim (Feb 04)
- Re: Open Source Port Tracking R. DuFresne (Feb 04)
- Re: Open Source Port Tracking Darren Reed (Feb 05)
- Re: Open Source Port Tracking Richard Gadsden (Feb 05)
- <Possible follow-ups>
- Re: Open Source Port Tracking Marcus J. Ranum (Feb 04)
- RE: Open Source Port Tracking Loomis, Rip (Feb 05)