Re: [Ntop] Netflow and ntop, nDPI and/or protocol.list?

Sat, 29 Dec 2012 15:20:51 -0800 

Luca,
Thanks, I think of using wireshark with capture filter port 9996 (my setup) and saved as .pcap file. Is this the way you want me to send the flows to you or do you prefer another way? 

Regards Jan


----- Original Message ----- 
From: "Luca Deri" <[email protected]>

To: <[email protected]>
Sent: Saturday, December 29, 2012 9:35 PM
Subject: Re: [Ntop] Netflow and ntop, nDPI and/or protocol.list?



Jan,

please send me some full packets flows that are not recognized so I can 
add support for them into nDPI.



-p is not bad per se, but I think it should rather go into nDPI (and not 
ntop) so that all apps using nDPI can benefit from it.


Regards Luca


On Dec 28, 2012, at 1:20 PM, Jan Speksnijder <[email protected]> 
wrote:



Stefano,


Strange enough some applications are detected like: HTTP, SSL, HTTP 
Proxy, Citrix and the default applications DNS, Netbios, Mail, NFS/AFS 
and DHCP.
I use rflow, this is a Netflow implementation in the DD-WRT open source 
router.
If Netflow cannot give the required information for nDPI, I hope Luca 
Deri will re-enable the use of the -p protocol.list option in ntop.


ciao


----- Original Message ----- From: "Stefano Bianchi" 
<[email protected]>

To: <[email protected]>
Sent: Friday, December 28, 2012 12:08 PM
Subject: Re: [Ntop] Netflow and ntop, nDPI and/or protocol.list?



Jan,


i may be wrong but if the feeded data is netflow nDPI can't do nothing 
to detect the applications, as the payload is not in the netflow packet.



if you produce netflow data with the csco box it is nbar in charge to 
recognize the applications, if you use a different probe it up to the 
proble to inspect the layer7 (o upper layer) applications.


ciao


Il 27/12/2012 17:16, Jan Speksnijder ha scritto:

Hi,
I'm using Netflow data to feed ntop fir win32 v5.0.2.
How effective is nDPI to detect applications?

With the detaults ntop v5 detects fewers applications as v3.2 with an 
expanded protocols.list.
What is the most effective configuration for ntop v5 when using Netflow 
to feed ntop?

Jan


_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop


_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop


_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop


_______________________________________________
Ntop mailing list
[email protected]

http://listgateway.unipi.it/mailman/listinfo/ntop 


_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop






















					Reply via email to