You can define the protocols using startup args" -p|--protocols. Check man page for details.
One way or another you have to tell nTop what protocols/apps use what ports. If it's truly random/dynamic - such as RPC apps - you're SOL. I have a lot of IPSec traffic that doesn't use TCP or UDP. Accounting for this traffic is interesting. Haven't worked on it much, but am going to try network flows. Gary -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Miguel Rozsas Sent: Monday, November 03, 2008 10:36 AM To: ntop@unipi.it Subject: [Ntop] Other TCP/UDP-based Protocols Hi ! I am using ntop *v.3.3.6 Fedora RPM [i686-redhat-linux-gnu]* on a fedora 8 system. It is fine. ntop is showing on "Summary/Traffic" page, in "Global TCP/UDP Protocol Distribution" section, in "Other TCP/UDP-based Protocols" a very high traffic. The next entry in table, "Accumulated View", is showing "Other" is responsible for more than 70% all traffic. The question is how to know more about this traffic ? What is it ? What ports/protocols are responsible for this traffic ? I guess it is coming from programs using ports> 1024 and not well known port number, so ntop don't known how to sort/rank this traffic and just use the generic "Other TCP/UDP-based Protocols", but it does not show what ports are. Is there a way to get this kind of information from ntop ? The table "TCP/UDP Traffic Port Distribution: Last Minute View" does not show this information either because it happens only in the early hours of day (1:00am to 5:00am). It is a busy server, running a lot of services and it is not easy to isolate a particular service/port, and maybe this "Other TCP/UDP-based Protocols" is a set of 3, 6 or more services. How to get more detail about "Other TCP/UDP-based Protocols" ? thanks in advanced for any comments and hints ! _________________________________________________________________ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline _______________________________________________ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop