Hi Luca,
Is there some reason this can't be identified from the fact it is UDP to well
know port 4500?
The whole ipsec nat-t specification is defined in an RFC.
http://tools.ietf.org/html/rfc3947
I can get a tcpdump but I don't control the endpoints so it will difficult to
get the
initiation part, would that help?
On 10/11/2013 09:48 AM, Luca Deri wrote:
Steve
all protocols in nDPI should be reliable with the exception of Skype and
Bittorrent that have some heuristic as you can see. Please provide me a trace
(full packet size) in pcap format and I will debug this problem
Luca
On Oct 11, 2013, at 2:30 PM, Steve Clark <[email protected]
<mailto:[email protected]>> wrote:
Hi Luca,
nDPI is mis- identifying ipsec nat-t traffic as skype - port 4500 is the
default port for ipsec nat-t.
https://supportforums.cisco.com/docs/DOC-16591
<ccacjghd.png>
--
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: [email protected]
http://www.netwolves.com
_______________________________________________
Ntop-dev mailing list
[email protected] <mailto:[email protected]>
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
_______________________________________________
Ntop-dev mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
--
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: [email protected]
http://www.netwolves.com
_______________________________________________
Ntop-dev mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
