Subject: "edonkey" peer-to-peer traffic
From: Dave Plonka (plonka@doit.wisc.edu)
Date: Wed Jan 02 2002 - 12:32:24 CST
FlowScan users,
I've recently discovered eDonkey ("http://www.edonkey2000.com") -
perhaps you already know about it. It's yet-another peer-to-peer app
for Windoze and Linux. (I think it's closed source.)
The edonkey default port numbers are documented here:
http://www.edonkey2000.com/faq.html#port
The port numbers are also documented in the ports database at
"http://www.snort.org".
Like many other peer-to-peer apps, the port numbers can apparenlty be
changed by the user. Still, if you want to track "edonkey" default
port traffic with FlowScan, add these ports to TCPServices and
UDPServices in "CampusIO.cf", e.g.:
TCPServices ..., 4661, 4662
UDPServices ..., 4665
(You'll need to stop and restart flowscan after modifying "CampusIO.cf".)
I created these symbolic link names for them as well:
$ cd graphs
$ ln -s 4662_dst.rrd edonkey-clients_dst.rrd
$ ln -s 4662_src.rrd edonkey-clients_src.rrd
$ ln -s udp_4665_dst.rrd edonkey-messages_dst.rrd
$ ln -s udp_4665_src.rrd edonkey-messages_src.rrd
$ ln -s 4661_dst.rrd edonkey-servers_dst.rrd
$ ln -s 4661_src.rrd edonkey-servers_src.rrd
I'll follow-up with an updated "graphs.mf" (using those symbolic names)
if and when I think the amount of edonkey traffic warrants adding it to
the "Well Known Services" graph. In the mean time, you can use
RRGrapher to view the edonkey traffic.
Dave
P.S. Currently I'm seeing peeks in "edonkey-clients" (TCP port 4662) of
about 2 megabits/sec, which is probably significant given that our
students are on holiday.
--
plonka@doit.wisc.edu http://net.doit.wisc.edu/~plonka ARS:N9HZF Madison, WI
--
Help mailto:majordomo@net.doit.wisc.edu and say "help" in message body
Unsubscribe mailto:majordomo@net.doit.wisc.edu and say
"unsubscribe flowscan" in message body
Archive http://net.doit.wisc.edu/~plonka/list/flowscan/archive/
This archive was generated by hypermail 2b25 : Wed Jan 02 2002 - 12:41:58 CST