Luca, I have the same problem with ntopng. A large percentage (over 90%) of the traffic is considered "unknown application protocols." Also, Ntopng doesn't have all the details and graphs that ntop 5 has. Is that correct, or are they hidden somewhere and I'm just not finding them?
By the way, is there a paid version of Ntop(ng) with support that people can get? At this point I'd be interested in pursuing that option if it would mean getting this to work. Thanks, Mark ------------------------------- *Luca Deri* deri at ntop.org <ntop%40listgateway.unipi.it?Subject=Re%3A%20%5BNtop%5D%20Verifying%20nDPI%20is%20working%20-%2095%25%20Unknown%20protocols&In-Reply-To=%3CC59028E5-3695-4651-9F4C-EB5B967516A0%40ntop.org%3E> *Tue Jul 9 23:47:15 CEST 2013* - Previous message: [Ntop] Verifying nDPI is working - 95% Unknown protocols <http://listgateway.unipi.it/mailman/private/ntop/2013-July/017295.html> - Next message: [Ntop] Installing ntopng from repo <http://listgateway.unipi.it/mailman/private/ntop/2013-July/017298.html> - *Messages sorted by:* [ date ]<http://listgateway.unipi.it/mailman/private/ntop/2013-July/date.html#17297> [ thread ]<http://listgateway.unipi.it/mailman/private/ntop/2013-July/thread.html#17297> [ subject ]<http://listgateway.unipi.it/mailman/private/ntop/2013-July/subject.html#17297> [ author ]<http://listgateway.unipi.it/mailman/private/ntop/2013-July/author.html#17297> ------------------------------ Mark, please move to ntopng Luca On Jul 9, 2013, at 7:40 PM, Mark Davis <davismark.s at gmail.com <http://listgateway.unipi.it/mailman/listinfo/ntop>> wrote: >* Hello!*>* *>* I am following up on last week's message. I am trying to >determine how I can troubleshoot nDPI, what logs I can check, etc. My PCAP >file doesn't appear to have any errors when I review it in Wireshark. If >someone could offer some suggestions of what to try, I would appreciate it.*>* > *>* Thanks,*>* Mark*>* *>* Previous message:*>* *>* Hello,*>* *>* *>* I am >running Ntop 5.0.1 that I've compiled to run on my system*>* >(x86_64-3.5.0-23-generic-linux-gnu [64 bit]), the most stable version. From*>* >looking at the Information page I can see that I am running GeoOP Version*>* >GEO-533LITE 20090701 Build 1 and AS Version GEO-117 20090321 Build 1.*>* *>* I >am attempting to identify traffic that I've already captured and stored*>* on >pcap files, however 95% of the output displays as Unknown protocol. I*>* have >checked the configuration.log and I haven't seen any problems during*>* the >compiling phases, and the ndpi directory has files in it. I haven't*>* noticed >any smoking guns during the installation. So how can I confirm that*>* the >deep protocol inspection is actually running/working? I don't see it*>* listed >as a plugin.*>* *>* Thanks,*>* Mark*>* >_______________________________________________*>* Ntop mailing list*>* Ntop >at listgateway.unipi.it <http://listgateway.unipi.it/mailman/listinfo/ntop>*>* >http://listgateway.unipi.it/mailman/listinfo/ntop*
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
