I don't know that this will help - IPSEC, AFAIK, isn't a UDP or TCP protocol.
On Fri, 13 Jun 2003, Mike Tremaine wrote: > Date: Fri, 13 Jun 2003 09:14:49 -0700 > From: Mike Tremaine <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Re: [Ntop] Customize NTOP > > -p | --protocols > > It is used to specify the TCP/UDP protocols that ntop will monitor. The > format is <label>=<protocol list> [, <label>=<protocol list>], where label > is used to symbolically identify the <protocol list>. The format of > <protocol list> is <protocol>[|<protocol>], where <protocol> is either a > valid protocol specified inside the /etc/services file or a numeric port > range (e.g. 80, or 6000-6500). If the -p flag is omitted the following > default value is used: > > FTP=ftp|ftp-data HTTP=http|www|https|3128 3128 is Squid, the HTTP > cache DNS=name|domain Telnet=telnet|login > NBios-IP=netbios-ns|netbios-dgm|netbios-ssn > Mail=pop-2|pop-3|pop3|kpop|smtp|imap|imap2 DHCP-BOOTP=67-68 > SNMP=snmp|snmp-trap NNTP=nntp NFS=mount|pcnfs|bwnfs|nfsd|nfsd-status > X11=6000-6010 SSH=22 > > Peer-to-Peer Protocols ---------------------- Gnutella=6346|6347|6348 > Kazaa=1214 WinMX=6699|7730 DirectConnect=0 Dummy port as this is a pure P2P > protocol eDonkey=4661-4665 > > Instant Messenger ----------------- Messenger=1863|5000|5001|5190-5193 > > If the <protocol list> is very long you may store it in a file (for > instance protocol.list). To do so, specify the file name instead of the > <protocol list> on the command line. e.g. ntop -p protocol.list instead of > ntop -p FTP=ftp|ftp-data,HTTP=http|www|https|3128 ... > > > > The MAN page is your friend..... > > > > > Mike Tremaine > [EMAIL PROTECTED] > http://www.stellarcore.net > ----- Original Message ----- > From: "aaron" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, June 13, 2003 8:42 AM > Subject: [Ntop] Customize NTOP > > > > I am new to the use of NTOP and was wondering if there is a way to > identify > > some of the protocol's that are current listed as other. I have IPSEC > > traffic on the network and would like to break out the amount of traffic > as > > compared to unknown ports. > > > > Thanks, > > Aaron > > > > _______________________________________________ > > Ntop mailing list > > [EMAIL PROTECTED] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop > -- -------------------------------------------------------- Dave Lugo [EMAIL PROTECTED] LC Unit #260 TINLC Have you hugged your firewall today? No spam, thanks. -------------------------------------------------------- Are you the police? . . . . No ma'am, we're sysadmins. _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
