Hi Steve could you provide us a .pcap containing the unknown traffic? Alfredo
On Jun 12, 2013, at 4:06 PM, Steve Clark <[email protected]> wrote: > Hi Luca, > > Can't figure out why the below is being labeled as Unknown > instead of Citrix? Any tips for debugging? > > From nDPI/src/lib/ndpi_main.c > ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_CITRIX, "Citrix", > ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, > 0) /* TCP */ > > Active Flows > 10 > Info Application L4 Proto Client Server Duration Bytes > Info Unknown TCP whipcit44xa.local.intrasp.com:2598 > 10.254.57.135:60012 00:21:22 1.78 MB > DCE_RPC 1.34 KB 0 > Sent > Rcvd > 1.34 KB 0.05 % > DNS 832 0 > Sent > Rcvd > 832 0.03 % > HTTP 6.07 KB 13 KB > Sent > Rcvd > 19.07 KB 0.74 % > LDAP 11.4 KB 0 > Sent > Rcvd > 11.4 KB 0.45 % > SMB 248.62 KB 0 > Sent > Rcvd > 248.62 KB 9.71 % > Unknown 256.69 KB 1.98 MB > Sent > Rcvd > 2.23 MB 89.02 % > > > > -- > Stephen Clark > NetWolves > Director of Technology > Phone: 813-579-3200 > Fax: 813-882-0209 > Email: [email protected] > http://www.netwolves.com > _______________________________________________ > Ntop-dev mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-dev
_______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
