Pavel,
> On 20 Jul 2017, at 11:49, Семенищев Павел Леонидович > <[email protected]> wrote: > > I use: > Ntopng: 3.0.170719 - Pro [Small Business Edition] Edition > nDPI: 2.0.0-836-3cfcc05 > > As far as I understand you, my nDPI instance can parse HTTP packets as much > as possible, but the ntopng product itself can not get this data from nDPI > I'm right? You can see the HTTP data that ntopng gets from nDPI by looking at this function https://github.com/ntop/ntopng/blob/dev/src/Flow.cpp#L2436 <https://github.com/ntop/ntopng/blob/dev/src/Flow.cpp#L2436> You may want to extend that function to get extra HTTP details. > > Do I need to use a different product for this? Alternatively, you can use nProbe with the HTTP plugin that gives you access (in ntopng as well) to the following fields: Plugin HTTP Protocol templates: [NFv9 57652][IPFIX 35632.180] %HTTP_URL HTTP URL (IXIA URI) [NFv9 57832][IPFIX 35632.360] %HTTP_METHOD HTTP METHOD [NFv9 57653][IPFIX 35632.181] %HTTP_RET_CODE HTTP return code (e.g. 200, 304...) [NFv9 57654][IPFIX 35632.182] %HTTP_REFERER HTTP Referer [NFv9 57655][IPFIX 35632.183] %HTTP_UA HTTP User Agent [NFv9 57656][IPFIX 35632.184] %HTTP_MIME HTTP Mime Type [NFv9 57659][IPFIX 35632.187] %HTTP_HOST HTTP Host Name (IXIA Host Name) [NFv9 57833][IPFIX 35632.361] %HTTP_SITE HTTP server without host name [NFv9 57932][IPFIX 35632.460] %HTTP_X_FORWARDED_FOR HTTP X-Forwarded-For [NFv9 57933][IPFIX 35632.461] %HTTP_VIA HTTP Via Regards, Simone > > Regards, > Pavel Semenishhev > > From: [email protected] > [mailto:[email protected]] On Behalf Of Simone Mainardi > Sent: Wednesday, July 19, 2017 4:19 PM > To: [email protected] > Cc: [email protected] > Subject: Re: [Ntop] nDPI HTTP dissection > > Pavel, > > > Can you please explain what is your nDPI instance? > > If you have nProbe and you want the HTTP fields, then you need the HTTP > plugin that gives you access to the following elements: > > Plugin HTTP Protocol templates: > [NFv9 57652][IPFIX 35632.180] %HTTP_URL HTTP URL > (IXIA URI) > [NFv9 57832][IPFIX 35632.360] %HTTP_METHOD HTTP METHOD > [NFv9 57653][IPFIX 35632.181] %HTTP_RET_CODE HTTP return > code (e.g. 200, 304...) > [NFv9 57654][IPFIX 35632.182] %HTTP_REFERER HTTP Referer > [NFv9 57655][IPFIX 35632.183] %HTTP_UA HTTP User > Agent > [NFv9 57656][IPFIX 35632.184] %HTTP_MIME HTTP Mime Type > [NFv9 57659][IPFIX 35632.187] %HTTP_HOST HTTP Host > Name (IXIA Host Name) > [NFv9 57833][IPFIX 35632.361] %HTTP_SITE HTTP server > without host name > [NFv9 57932][IPFIX 35632.460] %HTTP_X_FORWARDED_FOR HTTP > X-Forwarded-For > [NFv9 57933][IPFIX 35632.461] %HTTP_VIA HTTP Via > > Regards, > > Simone > > > > On 19 Jul 2017, at 10:12, Семенищев Павел Леонидович > <[email protected] <mailto:[email protected]>> wrote: > > Hi Luca, > Thanks for answer. But why my nDPI instance doesn’t generate HTTP_UA field? > All HTTP fields but not UA. Do I have to make some settings? > <image001.png> > > Kind regards, > Pavel Semenishhev > Head of WiFi networks group > Enforta ("Prestige-Internet") > Mobile: +7 (903) 509-25-18 > > From: [email protected] > <mailto:[email protected]> > [mailto:[email protected] > <mailto:[email protected]>] On Behalf Of Luca Deri > Sent: Wednesday, July 19, 2017 10:12 AM > To: [email protected] <mailto:[email protected]> > Cc: [email protected] <mailto:[email protected]> > Subject: Re: [Ntop] nDPI HTTP dissection > > Pavel, > not quite true: > https://github.com/ntop/nDPI/blob/dev/src/lib/protocols/http.c#L272 > <https://github.com/ntop/nDPI/blob/dev/src/lib/protocols/http.c#L272> . The > information is parsed by nDPI, so apps (like ntopng or nProbe) can use it. > > Regards Luca > > On 19 Jul 2017, at 09:06, Семенищев Павел Леонидович > <[email protected] <mailto:[email protected]>> wrote: > > Hello ntop teem, > > I was unpleasantly surprised that the nDPI product does not actually inspect > the pacts so deeply. > For example, it does not know how to parse HTTP packets and upload > information about the User Agent. > > As far as I understand, to solve my task, I have to use nProbe product with > plug-ins? > > Does Ntop plan to integrate plugins into the nDPI product? > > Kind regards, > Pavel Semenishhev > Head of WiFi networks group > > Enforta ("Prestige-Internet") > E-mail: [email protected] <mailto:[email protected]> > Phone: +7 (495) 739-75-59 (ext. 7718) > Mobile: +7 (903) 509-25-18 > Skype: htechnoo > Address: Ovchinnikovskaya emb. 20, bldg. 2, Moscow, Russia, 115184 > www.enforta.com <http://www.enforta.com/> > > _______________________________________________ > Ntop mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop> > > _______________________________________________ > Ntop mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop> > > _______________________________________________ > Ntop mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
