> I'm trying to track down network traffic on our > LAN. I'm seeing very frequent use of upper-level
> ports I don't recognize, like 4081. Does anyone
> know where you can go to get a comprehensive list
> of what ports are used by what
> systems/applications? Thanks for any help...
If you post the packet(s), chances are someone can tell you what it is
coming from.
I'd also like to pitch some great network tools - nstreams, iptraf and ntop.
nstreams gives a single line summary of 'who's' talking. I use nstreams when
I want to see 'when' new traffic happens. For instance 'who is this
particlar host talking to'?
iptraf is a slightly more graphical 'who's' talking. It shows total packets
to and from each address. When I want to solve a network traffic jam NOW and
I don't have ntop running, I use iptraf. Once the fire is out, I install
ntop.
I use ntop when I want some great charts and graphs on what's happening.
ntop outputs tons of stuff to a web page, including traffic matrices, top
talkers and overall traffic flow. ntop 2.xx rocks! You can do so much with
it. The downside: ntop uses lots of memory. I also had stability problems
with early 2.0x releases.