Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Port Numbers Configured 1

Status
Not open for further replies.
DTMan

DTMan

MIS
Feb 15, 2001
48
US
I'm currently working on an initative to track down more of the Nimda virus and the Peer Sharing programs. Knowing this, capturing the data is only one piece of the puzzle. Management usually wants to see those nice, pretty graphs to better present what are the Top Talkers are and Top Talker Protocols. In order to accomplish this effectively, the Ports need to be added so the reporting system will be able to positively identify the ports captured. (Tools, Options, and Protocols)
Here's my question. If you need to put in a range of ports for a protocol such as Timbuktu, how do you do this? I've tried to enter 1416-1420, but this doesn't work. The only way I have been able to get this to work is by entering Timbuktu (1), Timbuktu (2), and so. This is a pain and eventually you will run out of entries. I believe I hear there was a 99 record limit.
Second question. Is there any way to create these entries on one DSS Sniffer and then copy the file to all the other Sniffers in a fleet?
Thanks in advance!
 
Sort by date Sort by votes
Hi DTMan,
There isn't a 99 limit on adding protocols, I recently added 200+TCP and 50+ udp protocols to 1 DS unit. You can only add 10 protocols at a time though for each category (TCP, UDP, IPX).
With reference to duplicating these changes across multiple units; the protocols (when added) are stored within the registry on each agent machine. I'm in the process of finding out all the registry changes that need to made for protocols, application threshold and some expert duplication. Obviously this is not supported by NAI. NAI "Ghost" a configured machine and use this image for duplication.
Yours,Alf
 
Upvote 0 Downvote
Thanks Alf! Another question or two back at ya.

1) When an entry is made (say for example Gnutella port 6346) and you want to also record port 6347. Is there a way to map port ranges for other programs such as NetMeeting (applications that use port ranges) or do you need to add in each port number for that application in order to properly identify that protocol?

2) Also, does the name need to be unique or do you need to make an entry such as Gnutella (1) and Gnutella (2) and so?
 
Upvote 0 Downvote
Hi DTMan,
Unforunatley you need to manualy add in every port no, which in it's self is awkward, but finding out the range of port numbers and wether they are TCP or UDP is generaly the harder part.
The port names do need to be unique as do the actual port numbers. If you try to duplicate a name or port number, Sniffer will say you have a duplication and will allow you to change it/them.
Alf
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jromlop
  • Locked
  • Question
ports SniffView
Replies
0
Views
59
jromlop
jromlop
arvindai
  • Locked
  • Question
ports question
Replies
2
Views
85
NFI
NFI
Zandor435
  • Locked
  • Question
Netmeeting port forwarding...
Replies
0
Views
40
Zandor435
Zandor435
it1968
  • Locked
  • Question
Port Utilization
Replies
7
Views
49
jdeisenm
jdeisenm
ir1shm1ike
  • Locked
  • Question
Mirror 2 Ports for Traffic??
Replies
1
Views
69
jdeisenm
jdeisenm

Part and Inventory Search

Sponsor

Back
Top