Hi Filippo, I will try, and update you the result.
Great thanks! John 2013/12/10 Filippo Fontanelli <[email protected]> > Hi John, > > We have fixed your warning, > now you are able to override default port protocols using -p command line. > > Please update your svn code and first try with the pcapReader and after > with ntopng. > > Best Regards > > Filippo > > > > On 09 Dec 2013, at 10:59, John Zhang <[email protected]> wrote: > > Thanks, Filippo. > > Where is the default defined protocol list in ntopng? I cant change the > port used by my application, may need change the default protocol list. > > Your meaning is that this warning is the root cause of my problem? and if > I avoid such warning, this issue can be fixed? > > Thanks! > > John > > > 2013/12/9 Filippo Fontanelli <[email protected]> > >> John, >> >> Within nDPI we have defined some default protocol (port based) and then >> in your case: >> >> if you use the port 5355, nDPI report a warning because you are >> redefining the port 5355 for you protocol but this port is already defined >> for the Link local Multicast Name Resolution ( >> http://en.wikipedia.org/wiki/Link-local_Multicast_Name_Resolution). >> >> A simply solution to your problem would be to use a different port. >> >> I'm planning to add to the guide a list of ports that are currently >> defined so as to avoid problems like this >> >> Best Regards, >> Filippo >> >> On 09 Dec 2013, at 10:18, John Zhang <[email protected]> wrote: >> >> Thank you, Filippo. >> >> i did follow the quick start guide you mentioned to add new custom >> protocol, but cant detect new traffic by ntopng and pcapreader. >> >> Here paste my config files and log below, FYI. Hope they are useful. >> 1.ntopng.conf >> cat /etc/ntopng/ntopng.conf >> -r=localhost:6379 >> -w=3000 >> -m="172.0.0.1/8" >> -G=/var/tmp/ntopng.pid >> -i=eth0 >> -i=tcp://0.0.0.0:5556 >> -p=/etc/ntopng/custome.protos >> >> 2. protocol file: custome.protos >> cat /etc/ntopng/custome.protos >> # host:"<value>",host:"<value>",.....@<subproto> >> host:"googlesyndacation.com"@Google >> host:"venere.com"@Veneer >> host:"172.20.102.29"@hehe >> # <tcp|udp>:,<tcp|udp>:,.....@ >> #tcp:81,tcp:8181@HTTP >> #udp:5061-5062@SIP >> #tcp:860,udp:860,tcp:3260,udp:3260@iSCSI >> tcp:3000@ntop >> udp:5355@T1 >> udp:3702@T2 >> udp:8612@T3 >> tcp:8888@T4 >> >> 3. ntopng start up log >> ntopng /etc/ntopng/ntopng.conf >> 08/Dec/2013 11:02:29 [Ntop.cpp:457] Setting local networks to 172.0.0.1/8 >> 08/Dec/2013 11:02:29 [AddressResolution.cpp:131] Rule '172.0.0.1'/'8' >> [NDPI] addDefaultPort(): found duplicate for port 5355 # Maybe here? >> 08/Dec/2013 11:02:29 [PF_RINGInterface.cpp:42] Reading packets from >> PF_RING v.5.6.1 interface eth0... >> 08/Dec/2013 11:02:29 [Ntop.cpp:564] Registered interface eth0 [id: 0] >> [NDPI] addDefaultPort(): found duplicate for port 5355 # Maybe here? >> 08/Dec/2013 11:02:29 [Ntop.cpp:564] Registered interface >> [email protected]:5556 [id: 1] >> 08/Dec/2013 11:02:29 [Utils.cpp:238] User changed to nobody >> 08/Dec/2013 11:02:29 [main.cpp:147] PID stored in file /var/tmp/ntopng.pid >> 08/Dec/2013 11:02:29 [HTTPserver.cpp:363] HTTP server listening on port >> 3000 [/usr/local/share/ntopng/httpdocs][/usr/local/share/ntopng/scripts] >> 08/Dec/2013 11:02:29 [main.cpp:179] Using RRD version 1.4.7 >> 08/Dec/2013 11:02:29 [main.cpp:188] Working directory: /var/tmp/ntopng >> 08/Dec/2013 11:02:29 [main.cpp:190] Scripts/HTML pages directory: >> /usr/local/share/ntopng >> 08/Dec/2013 11:02:29 [Ntop.cpp:161] Welcome to ntopng x86_64 v.1.1.1 >> (r7071) - (C) 1998-13 ntop.org >> 08/Dec/2013 11:02:29 [Redis.cpp:46] Successfully connected to Redis >> localhost:6379 >> 08/Dec/2013 11:02:29 [PeriodicActivities.cpp:53] Started periodic >> activities loop... >> 08/Dec/2013 11:02:29 [NetworkInterface.cpp:629] Started packet polling on >> interface eth0... >> 08/Dec/2013 11:02:29 [NetworkInterface.cpp:629] Started packet polling on >> interface [email protected]:5556... >> 08/Dec/2013 11:02:29 [CollectorInterface.cpp:100] Collecting flows... >> 08/Dec/2013 11:02:29 [PeriodicActivities.cpp:91] Starting script >> /usr/local/share/ntopng/scripts/callbacks/second.lua >> >> >> Thanks! >> >> Best regards, >> John >> >> 2013/12/7 Filippo Fontanelli <[email protected]> >> >>> Hi John >>> >>> You can find the nDPI quick start in >>> >>> nDPI/doc/ >>> >>> That explain how you can add custom protocol to nDPI. >>> >>> >>> Il giorno 06/dic/2013, alle ore 16:29, John Zhang <[email protected]> >>> ha scritto: >>> >>> Hi everyone, >>> >>> >>> I want to add custom protocol detection to mdpi, I found the below great >>> guide, and followed >>> http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/ >>> >>> To add port-based protocol detection, I added the below line to the >>> protocol file: >>> >>> tcp:29000,tcp:29001@MYAP >>> >>> >>> This is correct >>> >>> >>> >>> But ntopng cant detect any traffic of new protocol,and also testing by >>> pcapReader could not find. >>> >>> >>> Try to use the pcapreader command line with the parameter -p your.protos >>> and the parameter -v 2 to active the verbose mode and check the flow stack >>> >>> >>> Filippo >>> >>> On 06 Dec 2013, at 16:29, John Zhang <[email protected]> wrote: >>> >>> Hi everyone, >>> >>> >>> I want to add custom protocol detection to mdpi, I found the below great >>> guide, and followed >>> http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/ >>> >>> To add port-based protocol detection, I added the below line to the >>> protocol file: >>> >>> tcp:29000,tcp:29001@MYAPP >>> >>> >>> But ntopng cant detect any traffic of new protocol,and also testing by >>> pcapReader could not find. >>> >>> >>> >>> >>> >>> Anything I missed, or made wrong? Please help me. >>> >>> >>> >>> >>> >>> Thank you in advance! >>> >>> >>> >>> >>> >>> Best regards, >>> >>> John >>> >>> >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> >>> >>> >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> >>> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
