Andre the idea is that what we detect should be 100% accurate, but we do not claim we can detect 100% of traffic. For this reason I encourage you to look at undetected flows and see if 1. there is a bug on our code 2. these are new protocols for which new dissectors need to be developed
if you use netflow to feed ntop, we have no access to packet payload so our detection will not be very accurate Regards Luca On Dec 11, 2012, at 2:01 AM, [email protected] wrote: > Hi all, > > How effective/accurate is nDPI expected to be? > > And; is there anything I should do/configure to ensure best results? > > I'm feeding Netflow v9 data from a Cisco ASR1001, into the latest nTop/nDPI > compiled just today from SVN. > > Seems to be working, but I'm getting about 32% of protocol traffic as > "Unknown" and certain applications > that I'd expect to see (Netflix) aren't showing up. I am showing about 60% > HTTP, so presumably the usage > I'm looking for is in that chunk. > > Netflix is mentioned on the website, and found in > nDPI/src/lib/protocols/http.c; so I was rather hoping > that would show up. > > It looks like it's relying on DNS matches (*.netflix.com) etc. for the > various popular web sites. > > Are these lookups maybe not enabled by default in nDPI? > > ---- > André Dalle > Systems Administrator > National Capital FreeNet [http://www.ncf.ca] > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
