John, On 09 Dec 2013, at 10:59, John Zhang <[email protected]> wrote:
> Thanks, Filippo. > > Where is the default defined protocol list in ntopng? I cant change the port > used by my application, may need change the default protocol list. A clarification, ntopng uses ndpi and nDPI allow ntopng to identify the protocols. nDPI can identify the protocols by 2 way: 1) Deep Packet Inspection 2) Default port of protocol For a complete list of detected protocol you can use the command line pcapReader -h However, if you want to know the complete list of protocols identified by default port, you have to read the file <nDPI source code>/src/lib/ndpi_main.c function => ndpi_init_protocol_defaults During the next days I will provide to include this list in the guide. > > Your meaning is that this warning is the root cause of my problem? and if I > avoid such warning, this issue can be fixed? Yeah, i think that if you can configure correctly nDPI this issue will be solved. > > Thanks! Filippo > > John > > > 2013/12/9 Filippo Fontanelli <[email protected]> > John, > > Within nDPI we have defined some default protocol (port based) and then in > your case: > > if you use the port 5355, nDPI report a warning because you are redefining > the port 5355 for you protocol but this port is already defined for the Link > local Multicast Name Resolution > (http://en.wikipedia.org/wiki/Link-local_Multicast_Name_Resolution). > > A simply solution to your problem would be to use a different port. > > I'm planning to add to the guide a list of ports that are currently defined > so as to avoid problems like this > > Best Regards, > Filippo > > On 09 Dec 2013, at 10:18, John Zhang <[email protected]> wrote: > >> Thank you, Filippo. >> >> i did follow the quick start guide you mentioned to add new custom protocol, >> but cant detect new traffic by ntopng and pcapreader. >> >> Here paste my config files and log below, FYI. Hope they are useful. >> 1.ntopng.conf >> cat /etc/ntopng/ntopng.conf >> -r=localhost:6379 >> -w=3000 >> -m="172.0.0.1/8" >> -G=/var/tmp/ntopng.pid >> -i=eth0 >> -i=tcp://0.0.0.0:5556 >> -p=/etc/ntopng/custome.protos >> >> 2. protocol file: custome.protos >> cat /etc/ntopng/custome.protos >> # host:"<value>",host:"<value>",.....@<subproto> >> host:"googlesyndacation.com"@Google >> host:"venere.com"@Veneer >> host:"172.20.102.29"@hehe >> # <tcp|udp>:,<tcp|udp>:,.....@ >> #tcp:81,tcp:8181@HTTP >> #udp:5061-5062@SIP >> #tcp:860,udp:860,tcp:3260,udp:3260@iSCSI >> tcp:3000@ntop >> udp:5355@T1 >> udp:3702@T2 >> udp:8612@T3 >> tcp:8888@T4 >> >> 3. ntopng start up log >> ntopng /etc/ntopng/ntopng.conf >> 08/Dec/2013 11:02:29 [Ntop.cpp:457] Setting local networks to 172.0.0.1/8 >> 08/Dec/2013 11:02:29 [AddressResolution.cpp:131] Rule '172.0.0.1'/'8' >> [NDPI] addDefaultPort(): found duplicate for port 5355 # Maybe here? >> 08/Dec/2013 11:02:29 [PF_RINGInterface.cpp:42] Reading packets from PF_RING >> v.5.6.1 interface eth0... >> 08/Dec/2013 11:02:29 [Ntop.cpp:564] Registered interface eth0 [id: 0] >> [NDPI] addDefaultPort(): found duplicate for port 5355 # Maybe here? >> 08/Dec/2013 11:02:29 [Ntop.cpp:564] Registered interface >> [email protected]:5556 [id: 1] >> 08/Dec/2013 11:02:29 [Utils.cpp:238] User changed to nobody >> 08/Dec/2013 11:02:29 [main.cpp:147] PID stored in file /var/tmp/ntopng.pid >> 08/Dec/2013 11:02:29 [HTTPserver.cpp:363] HTTP server listening on port 3000 >> [/usr/local/share/ntopng/httpdocs][/usr/local/share/ntopng/scripts] >> 08/Dec/2013 11:02:29 [main.cpp:179] Using RRD version 1.4.7 >> 08/Dec/2013 11:02:29 [main.cpp:188] Working directory: /var/tmp/ntopng >> 08/Dec/2013 11:02:29 [main.cpp:190] Scripts/HTML pages directory: >> /usr/local/share/ntopng >> 08/Dec/2013 11:02:29 [Ntop.cpp:161] Welcome to ntopng x86_64 v.1.1.1 (r7071) >> - (C) 1998-13 ntop.org >> 08/Dec/2013 11:02:29 [Redis.cpp:46] Successfully connected to Redis >> localhost:6379 >> 08/Dec/2013 11:02:29 [PeriodicActivities.cpp:53] Started periodic activities >> loop... >> 08/Dec/2013 11:02:29 [NetworkInterface.cpp:629] Started packet polling on >> interface eth0... >> 08/Dec/2013 11:02:29 [NetworkInterface.cpp:629] Started packet polling on >> interface [email protected]:5556... >> 08/Dec/2013 11:02:29 [CollectorInterface.cpp:100] Collecting flows... >> 08/Dec/2013 11:02:29 [PeriodicActivities.cpp:91] Starting script >> /usr/local/share/ntopng/scripts/callbacks/second.lua >> >> >> Thanks! >> >> Best regards, >> John >> >> 2013/12/7 Filippo Fontanelli <[email protected]> >> Hi John >> >> You can find the nDPI quick start in >> >> nDPI/doc/ >> >> That explain how you can add custom protocol to nDPI. >> >> >>> Il giorno 06/dic/2013, alle ore 16:29, John Zhang <[email protected]> ha >>> scritto: >>> >> >>> Hi everyone, >>> >>> >>> I want to add custom protocol detection to mdpi, I found the below great >>> guide, and followed >>> http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/ >>> >>> To add port-based protocol detection, I added the below line to the >>> protocol file: >>> tcp:29000,tcp:29001@MYAP >> >> This is correct >> >>> >>> >>> >>> But ntopng cant detect any traffic of new protocol,and also testing by >>> pcapReader could not find. >> >> Try to use the pcapreader command line with the parameter -p your.protos and >> the parameter -v 2 to active the verbose mode and check the flow stack >> >> >> Filippo >> >> On 06 Dec 2013, at 16:29, John Zhang <[email protected]> wrote: >> >>> Hi everyone, >>> >>> >>> I want to add custom protocol detection to mdpi, I found the below great >>> guide, and followed >>> http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/ >>> >>> To add port-based protocol detection, I added the below line to the >>> protocol file: >>> tcp:29000,tcp:29001@MYAPP >>> >>> But ntopng cant detect any traffic of new protocol,and also testing by >>> pcapReader could not find. >>> >>> >>> >>> >>> >>> Anything I missed, or made wrong? Please help me. >>> >>> >>> >>> >>> >>> Thank you in advance! >>> >>> >>> >>> >>> >>> Best regards, >>> John >>> >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
