Jon Please send it to my private email Thanks Luca
Sent from my iPhone (sorry for typos) On 30/dic/2012, at 00:20, "Jan Speksnijder" <[email protected]> wrote: > Luca, > > Thanks, I think of using wireshark with capture filter port 9996 (my setup) > and saved as .pcap file. > Is this the way you want me to send the flows to you or do you prefer another > way? > > Regards Jan > > ----- Original Message ----- From: "Luca Deri" <[email protected]> > To: <[email protected]> > Sent: Saturday, December 29, 2012 9:35 PM > Subject: Re: [Ntop] Netflow and ntop, nDPI and/or protocol.list? > > >> Jan, >> please send me some full packets flows that are not recognized so I can add >> support for them into nDPI. >> >> -p is not bad per se, but I think it should rather go into nDPI (and not >> ntop) so that all apps using nDPI can benefit from it. >> >> Regards Luca >> >> On Dec 28, 2012, at 1:20 PM, Jan Speksnijder <[email protected]> >> wrote: >> >>> Stefano, >>> >>> Strange enough some applications are detected like: HTTP, SSL, HTTP Proxy, >>> Citrix and the default applications DNS, Netbios, Mail, NFS/AFS and DHCP. >>> I use rflow, this is a Netflow implementation in the DD-WRT open source >>> router. >>> If Netflow cannot give the required information for nDPI, I hope Luca Deri >>> will re-enable the use of the -p protocol.list option in ntop. >>> >>> ciao >>> >>> ----- Original Message ----- From: "Stefano Bianchi" >>> <[email protected]> >>> To: <[email protected]> >>> Sent: Friday, December 28, 2012 12:08 PM >>> Subject: Re: [Ntop] Netflow and ntop, nDPI and/or protocol.list? >>> >>> >>>> Jan, >>>> >>>> i may be wrong but if the feeded data is netflow nDPI can't do nothing to >>>> detect the applications, as the payload is not in the netflow packet. >>>> >>>> if you produce netflow data with the csco box it is nbar in charge to >>>> recognize the applications, if you use a different probe it up to the >>>> proble to inspect the layer7 (o upper layer) applications. >>>> >>>> ciao >>>> >>>> >>>> Il 27/12/2012 17:16, Jan Speksnijder ha scritto: >>>>> Hi, >>>>> I'm using Netflow data to feed ntop fir win32 v5.0.2. >>>>> How effective is nDPI to detect applications? >>>>> With the detaults ntop v5 detects fewers applications as v3.2 with an >>>>> expanded protocols.list. >>>>> What is the most effective configuration for ntop v5 when using Netflow >>>>> to feed ntop? >>>>> Jan >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
