Hey ,i have dumped the Unkown Data to pcap file , and opened in Wiresharki can see that all the Destination Ip is my Exchange server and Sometimes The Exchange Server is the Source and my Firewall become the Destination HostSo why ntopng is not detect this traffic as SMTP protcol ? i have noticed that since i have updated ntopng to the latest version i can see that Protcol SMTP has only 1.63 GB and before i updated ntopng , there was no problem with SMTP detection Best Regards,Alek From: [email protected] To: [email protected] Date: Wed, 2 Sep 2015 16:54:59 +0300 Subject: Re: [Ntop-misc] hello , i have 2 questions about requierments for ntopng and Unkown protocol
btw , i have noticed that Unkown protocol started to grow before i updated from ntopng Community v.2.0.150531 to ntopng Community v.2.0.150827 i have 24 gb of Unkown Protocol Best Regards,Alek From: [email protected] Date: Wed, 2 Sep 2015 15:46:48 +0200 To: [email protected] Subject: Re: [Ntop-misc] hello , i have 2 questions about requierments for ntopng and Unkown protocol Your machine is fast enough to process much more traffic than what you have, thus no problem.Please check what traffic is not detected and let us know. Thank youAlfredo On 02 Sep 2015, at 15:42, alek markus <[email protected]> wrote:Hello Alfredo, the avg traffic rate is : 4.94 Mbit (looking in historical activity for thae last 6 hours) about sample some traffic and check with wireshark I have not tried yet , the problem is that i dont know when the unknown traffic is received by my workstations i need to capture for a long time and start to analyze it From: [email protected] Date: Wed, 2 Sep 2015 15:31:36 +0200 To: [email protected] Subject: Re: [Ntop-misc] hello , i have 2 questions about requierments for ntopng and Unkown protocol Hi Alek On 02 Sep 2015, at 15:12, alek markus <[email protected]> wrote:Hello, the server that ntopng is installed right now have : 1. 1GB ethrnet network card Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz (4 cpu's) is that enough for traffic analysis ? What is your avg traffic rate? 2. i have read in ntop document that : TCP Flows can be identified in up to 15 packets in total, otherwise the flow is marked as “Unknown”. i can see in my ntopng setup that i have a lot of Data : "Unkown protocol" how can i fix that ? Are you able to sample some traffic and check with Wireshark what kind of traffic is not recognised by ntopng? Brest RegardsAlfredo Best Regards,Alek_______________________________________________Ntop-misc mailing [email protected]http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc_______________________________________________Ntop-misc mailing [email protected]http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
