Cedric, you are using nProbe in proxy mode, L7 info cannot be propagated by nProbe as it has not accessed the packet payload.
This said I have just made a change in nDPI+ntopng to guess protocol based on ports if L7 info is not available from the flows Cheers Luca On 30 Oct 2013, at 16:28, Cedric Perronnet <[email protected]> wrote: > Hello, > > I am trying to setup nprobe with ntop ng in a simple case scenario, > > Cisco 6500 Netflow V5/V9 ->> nprobe ->> ntopng > > My problem is that at the moment I don't get any application in ntopng, no > HTTP detection even if that is most of my traffic. > > I'm launching nprobe like that : > > nprobe --zmq "tcp://127.0.0.1:5556" -i none -n none --collector-port 2055:16 > -V10 -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP > %OUTPUT_SNMP %IN_PKTS %L4_DST_PORT %L4_SRC_PORT %IN_BYTES %FIRST_SWITCHED > %LAST_SWITCHED %PROTOCOL %IPV4_SRC_MASK %IPV4_DST_MASK %IN_SRC_MAC > %OUT_DST_MAC %L7_PROTO %L7_PROTONAME" > > > and ntopng ( same box ) : > > -m="192.168.1.0/24,0.0.0.0/32,224.0.0.0/8,239.0.0.0/8,255.255.255.255/32,127.0.0.0/8,194.XXXXXX.0/23,194.XXXXXX/22" > -G=/tmp/ntopng.pid > -n=1 > -i=tcp://127.0.0.1:5556 > -x=2000000 > -X=2000000 > > if someone could share a similar working setup, that would be really > appreciated, > > Best Regards > CP > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
