Thanks, Filippo. Where is the default defined protocol list in ntopng? I cant change the port used by my application, may need change the default protocol list.
Your meaning is that this warning is the root cause of my problem? and if I avoid such warning, this issue can be fixed? Thanks! John 2013/12/9 Filippo Fontanelli <[email protected]> > John, > > Within nDPI we have defined some default protocol (port based) and then in > your case: > > if you use the port 5355, nDPI report a warning because you are redefining > the port 5355 for you protocol but this port is already defined for the > Link local Multicast Name Resolution ( > http://en.wikipedia.org/wiki/Link-local_Multicast_Name_Resolution). > > A simply solution to your problem would be to use a different port. > > I'm planning to add to the guide a list of ports that are currently > defined so as to avoid problems like this > > Best Regards, > Filippo > > On 09 Dec 2013, at 10:18, John Zhang <[email protected]> wrote: > > Thank you, Filippo. > > i did follow the quick start guide you mentioned to add new custom > protocol, but cant detect new traffic by ntopng and pcapreader. > > Here paste my config files and log below, FYI. Hope they are useful. > 1.ntopng.conf > cat /etc/ntopng/ntopng.conf > -r=localhost:6379 > -w=3000 > -m="172.0.0.1/8" > -G=/var/tmp/ntopng.pid > -i=eth0 > -i=tcp://0.0.0.0:5556 > -p=/etc/ntopng/custome.protos > > 2. protocol file: custome.protos > cat /etc/ntopng/custome.protos > # host:"<value>",host:"<value>",.....@<subproto> > host:"googlesyndacation.com"@Google > host:"venere.com"@Veneer > host:"172.20.102.29"@hehe > # <tcp|udp>:,<tcp|udp>:,.....@ > #tcp:81,tcp:8181@HTTP > #udp:5061-5062@SIP > #tcp:860,udp:860,tcp:3260,udp:3260@iSCSI > tcp:3000@ntop > udp:5355@T1 > udp:3702@T2 > udp:8612@T3 > tcp:8888@T4 > > 3. ntopng start up log > ntopng /etc/ntopng/ntopng.conf > 08/Dec/2013 11:02:29 [Ntop.cpp:457] Setting local networks to 172.0.0.1/8 > 08/Dec/2013 11:02:29 [AddressResolution.cpp:131] Rule '172.0.0.1'/'8' > [NDPI] addDefaultPort(): found duplicate for port 5355 # Maybe here? > 08/Dec/2013 11:02:29 [PF_RINGInterface.cpp:42] Reading packets from > PF_RING v.5.6.1 interface eth0... > 08/Dec/2013 11:02:29 [Ntop.cpp:564] Registered interface eth0 [id: 0] > [NDPI] addDefaultPort(): found duplicate for port 5355 # Maybe here? > 08/Dec/2013 11:02:29 [Ntop.cpp:564] Registered interface > [email protected]:5556 [id: 1] > 08/Dec/2013 11:02:29 [Utils.cpp:238] User changed to nobody > 08/Dec/2013 11:02:29 [main.cpp:147] PID stored in file /var/tmp/ntopng.pid > 08/Dec/2013 11:02:29 [HTTPserver.cpp:363] HTTP server listening on port > 3000 [/usr/local/share/ntopng/httpdocs][/usr/local/share/ntopng/scripts] > 08/Dec/2013 11:02:29 [main.cpp:179] Using RRD version 1.4.7 > 08/Dec/2013 11:02:29 [main.cpp:188] Working directory: /var/tmp/ntopng > 08/Dec/2013 11:02:29 [main.cpp:190] Scripts/HTML pages directory: > /usr/local/share/ntopng > 08/Dec/2013 11:02:29 [Ntop.cpp:161] Welcome to ntopng x86_64 v.1.1.1 > (r7071) - (C) 1998-13 ntop.org > 08/Dec/2013 11:02:29 [Redis.cpp:46] Successfully connected to Redis > localhost:6379 > 08/Dec/2013 11:02:29 [PeriodicActivities.cpp:53] Started periodic > activities loop... > 08/Dec/2013 11:02:29 [NetworkInterface.cpp:629] Started packet polling on > interface eth0... > 08/Dec/2013 11:02:29 [NetworkInterface.cpp:629] Started packet polling on > interface [email protected]:5556... > 08/Dec/2013 11:02:29 [CollectorInterface.cpp:100] Collecting flows... > 08/Dec/2013 11:02:29 [PeriodicActivities.cpp:91] Starting script > /usr/local/share/ntopng/scripts/callbacks/second.lua > > > Thanks! > > Best regards, > John > > 2013/12/7 Filippo Fontanelli <[email protected]> > >> Hi John >> >> You can find the nDPI quick start in >> >> nDPI/doc/ >> >> That explain how you can add custom protocol to nDPI. >> >> >> Il giorno 06/dic/2013, alle ore 16:29, John Zhang <[email protected]> >> ha scritto: >> >> Hi everyone, >> >> >> I want to add custom protocol detection to mdpi, I found the below great >> guide, and followed >> http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/ >> >> To add port-based protocol detection, I added the below line to the >> protocol file: >> >> tcp:29000,tcp:29001@MYAP >> >> >> This is correct >> >> >> >> But ntopng cant detect any traffic of new protocol,and also testing by >> pcapReader could not find. >> >> >> Try to use the pcapreader command line with the parameter -p your.protos >> and the parameter -v 2 to active the verbose mode and check the flow stack >> >> >> Filippo >> >> On 06 Dec 2013, at 16:29, John Zhang <[email protected]> wrote: >> >> Hi everyone, >> >> >> I want to add custom protocol detection to mdpi, I found the below great >> guide, and followed >> http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/ >> >> To add port-based protocol detection, I added the below line to the >> protocol file: >> >> tcp:29000,tcp:29001@MYAPP >> >> >> But ntopng cant detect any traffic of new protocol,and also testing by >> pcapReader could not find. >> >> >> >> >> Anything I missed, or made wrong? Please help me. >> >> >> >> >> Thank you in advance! >> >> >> >> >> Best regards, >> >> John >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
