Hi, I'm trying to detect SEP traffic (Symantec Endpoint Protection). Clients connect to SEP Manager (SEPM) thru port tcp-8014.
If I go to SEPM page in Ntopng GUI, then to flows, I see this: Application: Unknown, tcp, Client: SEPM:8014, Server:[Random_high_number] So, I created proto.txt with this: tcp:8014@sep-comm Re-run ntopng and there is no changes... My guess is due tcp-8014 appears in the client column, it doesn't recognize it as "sep-comm" or whatever... This is traffic from a backbone switch/router, so I can't say what is in and what is out, because everywhere are 192.168.x.x networks... Any guess on what I'm doing wrong? Sacha.
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
