Alek, please file a bug on github (menu About of ntopng) for nDPI and attach a pcap file of unknown traffic for inspection.
Regards Luca > On 03 Sep 2015, at 09:49, alek markus <[email protected]> wrote: > > Hey , > > i have dumped the Unkown Data to pcap file , and opened in Wireshark > > i can see that all the Destination Ip is my Exchange server and Sometimes The > Exchange Server is the Source and my Firewall become the Destination Host > > So why ntopng is not detect this traffic as SMTP protcol ? > > i have noticed that since i have updated ntopng to the latest version i can > see that Protcol SMTP has only 1.63 GB > > and before i updated ntopng , there was no problem with SMTP detection > > > > > Best Regards, > Alek > > From: [email protected] > To: [email protected] > Date: Wed, 2 Sep 2015 16:54:59 +0300 > Subject: Re: [Ntop-misc] hello , i have 2 questions about requierments for > ntopng and Unkown protocol > > btw , i have noticed that Unkown protocol started to grow before i updated > from ntopng Community v.2.0.150531 > > to ntopng Community v.2.0.150827 > > i have 24 gb of Unkown Protocol > > Best Regards, > Alek > > From: [email protected] > Date: Wed, 2 Sep 2015 15:46:48 +0200 > To: [email protected] > Subject: Re: [Ntop-misc] hello , i have 2 questions about requierments > for ntopng and Unkown protocol > > Your machine is fast enough to process much more traffic than what you have, > thus no problem. > Please check what traffic is not detected and let us know. > > Thank you > Alfredo > > On 02 Sep 2015, at 15:42, alek markus <[email protected] > <mailto:[email protected]>> wrote: > > Hello Alfredo, > > the avg traffic rate is : 4.94 Mbit (looking in historical activity for thae > last 6 hours) > > about sample some traffic and check with wireshark I have not tried yet , > the problem is that i dont know when the unknown traffic is received by my > workstations > > i need to capture for a long time and start to analyze it > > > From: [email protected] <mailto:[email protected]> > Date: Wed, 2 Sep 2015 15:31:36 +0200 > To: [email protected] <mailto:[email protected]> > Subject: Re: [Ntop-misc] hello , i have 2 questions about requierments > for ntopng and Unkown protocol > > Hi Alek > > On 02 Sep 2015, at 15:12, alek markus <[email protected] > <mailto:[email protected]>> wrote: > > Hello, > > the server that ntopng is installed right now have : > > 1. > > 1GB ethrnet network card > > Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz (4 cpu's) > > is that enough for traffic analysis ? > > What is your avg traffic rate? > > 2. i have read in ntop document that : > > TCP Flows can be identified in up to 15 packets in total, otherwise the flow > is marked as “Unknown”. > > i can see in my ntopng setup that i have a lot of Data : "Unkown protocol" > how can i fix that ? > > Are you able to sample some traffic and check with Wireshark what kind of > traffic is not recognised by ntopng? > > Brest Regards > Alfredo > > > Best Regards, > Alek > _______________________________________________ > Ntop-misc mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> > > _______________________________________________ Ntop-misc mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>_______________________________________________ > Ntop-misc mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> > > _______________________________________________ Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > _______________________________________________ > Ntop-misc mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
