On 07/13/2013 01:50 AM, Mark Davis wrote:
Luca, I have the same problem with ntopng. A large percentage (over
90%) of the traffic is considered "unknown application protocols."
Also, Ntopng doesn't have all
please share a .pcap file with me (full packet traces) for investigation
the details and graphs that ntop 5 has. Is that correct, or are they
hidden somewhere and I'm just not finding them?
What graphs are you talking about?
By the way, is there a paid version of Ntop(ng) with support that
people can get? At this point I'd be interested in pursuing that
option if it would mean getting this to work.
We can offer you this service, but I first need to understand the
problem you're reporting
Luca
Thanks,
Mark
-------------------------------
*Luca Deri* deri at ntop.org
<mailto:ntop%40listgateway.unipi.it?Subject=Re%3A%20%5BNtop%5D%20Verifying%20nDPI%20is%20working%20-%2095%25%20Unknown%20protocols&In-Reply-To=%3CC59028E5-3695-4651-9F4C-EB5B967516A0%40ntop.org%3E>
/Tue Jul 9 23:47:15 CEST 2013/
* Previous message: [Ntop] Verifying nDPI is working - 95% Unknown
protocols
<http://listgateway.unipi.it/mailman/private/ntop/2013-July/017295.html>
* Next message: [Ntop] Installing ntopng from repo
<http://listgateway.unipi.it/mailman/private/ntop/2013-July/017298.html>
* *Messages sorted by:* [ date ]
<http://listgateway.unipi.it/mailman/private/ntop/2013-July/date.html#17297>
[ thread ]
<http://listgateway.unipi.it/mailman/private/ntop/2013-July/thread.html#17297>
[ subject ]
<http://listgateway.unipi.it/mailman/private/ntop/2013-July/subject.html#17297>
[ author ]
<http://listgateway.unipi.it/mailman/private/ntop/2013-July/author.html#17297>
------------------------------------------------------------------------
Mark,
please move to ntopng
Luca
On Jul 9, 2013, at 7:40 PM, Mark Davis <davismark.s at gmail.com
<http://listgateway.unipi.it/mailman/listinfo/ntop>> wrote:
>/ Hello!
/>/
/>/ I am following up on last week's message. I am trying to determine how I can troubleshoot nDPI, what logs I can check, etc. My PCAP file doesn't appear to have any errors when I review it in Wireshark. If someone could offer some suggestions of what to try, I would appreciate it.
/>/
/>/ Thanks,
/>/ Mark
/>/
/>/ Previous message:
/>/
/>/ Hello,
/>/
/>/
/>/ I am running Ntop 5.0.1 that I've compiled to run on my system
/>/ (x86_64-3.5.0-23-generic-linux-gnu [64 bit]), the most stable version. From
/>/ looking at the Information page I can see that I am running GeoOP Version
/>/ GEO-533LITE 20090701 Build 1 and AS Version GEO-117 20090321 Build 1.
/>/
/>/ I am attempting to identify traffic that I've already captured and stored
/>/ on pcap files, however 95% of the output displays as Unknown protocol. I
/>/ have checked the configuration.log and I haven't seen any problems during
/>/ the compiling phases, and the ndpi directory has files in it. I haven't
/>/ noticed any smoking guns during the installation. So how can I confirm that
/>/ the deep protocol inspection is actually running/working? I don't see it
/>/ listed as a plugin.
/>/
/>/ Thanks,
/>/ Mark
/>/ _______________________________________________
/>/ Ntop mailing list
/>/ Ntop at listgateway.unipi.it
<http://listgateway.unipi.it/mailman/listinfo/ntop>
/>/ http://listgateway.unipi.it/mailman/listinfo/ntop
/
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
