Now is working.. it takes some time to detect it?
From: [email protected] [mailto:[email protected]] On Behalf Of Sacha Yunusic Sent: miƩrcoles, 14 de septiembre de 2016 11:18 To: [email protected] Subject: [Ntop-misc] How to detect new protocols? Hi, I'm trying to detect SEP traffic (Symantec Endpoint Protection). Clients connect to SEP Manager (SEPM) thru port tcp-8014. If I go to SEPM page in Ntopng GUI, then to flows, I see this: Application: Unknown, tcp, Client: SEPM:8014, Server:[Random_high_number] So, I created proto.txt with this: tcp:8014@sep-comm Re-run ntopng and there is no changes... My guess is due tcp-8014 appears in the client column, it doesn't recognize it as "sep-comm" or whatever... This is traffic from a backbone switch/router, so I can't say what is in and what is out, because everywhere are 192.168.x.x networks... Any guess on what I'm doing wrong? Sacha.
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
