I use: Ntopng: 3.0.170719 - Pro [Small Business Edition] Edition nDPI: 2.0.0-836-3cfcc05
As far as I understand you, my nDPI instance can parse HTTP packets as much as possible, but the ntopng product itself can not get this data from nDPI I'm right? Do I need to use a different product for this? Regards, Pavel Semenishhev From: [email protected] [mailto:[email protected]] On Behalf Of Simone Mainardi Sent: Wednesday, July 19, 2017 4:19 PM To: [email protected] Cc: [email protected] Subject: Re: [Ntop] nDPI HTTP dissection Pavel, Can you please explain what is your nDPI instance? If you have nProbe and you want the HTTP fields, then you need the HTTP plugin that gives you access to the following elements: Plugin HTTP Protocol templates: [NFv9 57652][IPFIX 35632.180] %HTTP_URL HTTP URL (IXIA URI) [NFv9 57832][IPFIX 35632.360] %HTTP_METHOD HTTP METHOD [NFv9 57653][IPFIX 35632.181] %HTTP_RET_CODE HTTP return code (e.g. 200, 304...) [NFv9 57654][IPFIX 35632.182] %HTTP_REFERER HTTP Referer [NFv9 57655][IPFIX 35632.183] %HTTP_UA HTTP User Agent [NFv9 57656][IPFIX 35632.184] %HTTP_MIME HTTP Mime Type [NFv9 57659][IPFIX 35632.187] %HTTP_HOST HTTP Host Name (IXIA Host Name) [NFv9 57833][IPFIX 35632.361] %HTTP_SITE HTTP server without host name [NFv9 57932][IPFIX 35632.460] %HTTP_X_FORWARDED_FOR HTTP X-Forwarded-For [NFv9 57933][IPFIX 35632.461] %HTTP_VIA HTTP Via Regards, Simone On 19 Jul 2017, at 10:12, Семенищев Павел Леонидович <[email protected]<mailto:[email protected]>> wrote: Hi Luca, Thanks for answer. But why my nDPI instance doesn’t generate HTTP_UA field? All HTTP fields but not UA. Do I have to make some settings? <image001.png> Kind regards, Pavel Semenishhev Head of WiFi networks group Enforta ("Prestige-Internet") Mobile: +7 (903) 509-25-18 From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Luca Deri Sent: Wednesday, July 19, 2017 10:12 AM To: [email protected]<mailto:[email protected]> Cc: [email protected]<mailto:[email protected]> Subject: Re: [Ntop] nDPI HTTP dissection Pavel, not quite true: https://github.com/ntop/nDPI/blob/dev/src/lib/protocols/http.c#L272 . The information is parsed by nDPI, so apps (like ntopng or nProbe) can use it. Regards Luca On 19 Jul 2017, at 09:06, Семенищев Павел Леонидович <[email protected]<mailto:[email protected]>> wrote: Hello ntop teem, I was unpleasantly surprised that the nDPI product does not actually inspect the pacts so deeply. For example, it does not know how to parse HTTP packets and upload information about the User Agent. As far as I understand, to solve my task, I have to use nProbe product with plug-ins? Does Ntop plan to integrate plugins into the nDPI product? Kind regards, Pavel Semenishhev Head of WiFi networks group Enforta ("Prestige-Internet") E-mail: [email protected]<mailto:[email protected]> Phone: +7 (495) 739-75-59 (ext. 7718) Mobile: +7 (903) 509-25-18 Skype: htechnoo Address: Ovchinnikovskaya emb. 20, bldg. 2, Moscow, Russia, 115184 www.enforta.com<http://www.enforta.com/> _______________________________________________ Ntop mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
