this doesn't address the question of the original poster - IPSEC is either ESP or AH, when used natively. These are layer 4 protocols on the same order as TCP or UDP (ie, TCP is IP protocol #6, ESP is IP protocol #50). How do you tell it what protocols to monitor at *that* level?
--- Mike Tremaine <[EMAIL PROTECTED]> wrote: > -p | --protocols > > It is used to specify the TCP/UDP protocols that ntop will > monitor. The > format is <label>=<protocol list> [, <label>=<protocol list>], where > label > is used to symbolically identify the <protocol list>. The format of > <protocol list> is <protocol>[|<protocol>], where <protocol> is > either a > valid protocol specified inside the /etc/services file or a numeric > port > range (e.g. 80, or 6000-6500). If the -p flag is omitted the > following > default value is used: > > FTP=ftp|ftp-data HTTP=http|www|https|3128 3128 is Squid, the > HTTP > cache DNS=name|domain Telnet=telnet|login > NBios-IP=netbios-ns|netbios-dgm|netbios-ssn > Mail=pop-2|pop-3|pop3|kpop|smtp|imap|imap2 DHCP-BOOTP=67-68 > SNMP=snmp|snmp-trap NNTP=nntp NFS=mount|pcnfs|bwnfs|nfsd|nfsd-status > X11=6000-6010 SSH=22 > > Peer-to-Peer Protocols ---------------------- > Gnutella=6346|6347|6348 > Kazaa=1214 WinMX=6699|7730 DirectConnect=0 Dummy port as this is a > pure P2P > protocol eDonkey=4661-4665 > > Instant Messenger ----------------- > Messenger=1863|5000|5001|5190-5193 > > If the <protocol list> is very long you may store it in a file > (for > instance protocol.list). To do so, specify the file name instead of > the > <protocol list> on the command line. e.g. ntop -p protocol.list > instead of > ntop -p FTP=ftp|ftp-data,HTTP=http|www|https|3128 ... > > > > The MAN page is your friend..... > > > > > Mike Tremaine > [EMAIL PROTECTED] > http://www.stellarcore.net > ----- Original Message ----- > From: "aaron" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, June 13, 2003 8:42 AM > Subject: [Ntop] Customize NTOP > > > > I am new to the use of NTOP and was wondering if there is a way to > identify > > some of the protocol's that are current listed as other. I have > IPSEC > > traffic on the network and would like to break out the amount of > traffic > as > > compared to unknown ports. > > > > Thanks, > > Aaron > > > > _______________________________________________ > > Ntop mailing list > > [EMAIL PROTECTED] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop ===== ------------------- Scott M. Stone <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Taos - The SysAdmin Company (http://www.taos.com) Cisco Certified Network Associate Sun Solaris Certified Systems Administrator _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
