Munroe, > On 9 Jul 2020, at 14:18, Munroe Sollog <m...@lehigh.edu> wrote: > > It looks like hosts:nDPI has a field called "protocol" which is pretty close. > It looks like it uses the port number, among other things, to identify the > traffic type (SSH, HTTP, etc).
Ports are used as last resort. More advanced deep packet inspection is performed with nDPI when packets are available. > However, It also looks like it uses "Unknown" as a protocol. > Unfortunately, "Unknown" "Unknown" means neither the port nor nDPI were enough to reliably determine the protocol. > tells us nothing about the traffic, and while it can't be positively > identified, wounldn't using "Port=NNN" instead of "Unknown" preserve some > information about the traffic and provide some hint as to what the traffic > may be? If you want to create your own protocols with port mappings you can do it: see https://www.ntop.org/guides/ntopng/web_gui/categories.html Simone > > On Thu, Jul 9, 2020 at 1:35 AM Simone Mainardi <maina...@ntop.org > <mailto:maina...@ntop.org>> wrote: > Munroe, > > ntopng does not create per-port timeseries data, so they won't be in Influx. > Live per-port traffic is accessible for hosts and flows using > iface_ports_list.lua. > > If you need historical port data, you can enable flows dump using nIndex > (e.g, -F "nindex"). Each flow will be dumped with its ports so, at that > point, you can just do queries using the RESful API > https://www.ntop.org/guides/ntopng/api/rest/examples_v1.html#get-historical-flows > > <https://www.ntop.org/guides/ntopng/api/rest/examples_v1.html#get-historical-flows> > to get the ports. > > Simone > >> On 8 Jul 2020, at 22:25, Munroe Sollog <m...@lehigh.edu >> <mailto:m...@lehigh.edu>> wrote: >> >> My real question is where is the per-port data stored? I've been poking >> around influx and I don't see it there. Is it stored elsewhere? >> >> On Wed, Jul 8, 2020 at 1:13 PM Munroe Sollog <m...@lehigh.edu >> <mailto:m...@lehigh.edu>> wrote: >> I must be missing something, I don't see it anywhere. Is it something I have >> to enable? >> >> On Tue, Jul 7, 2020 at 5:32 AM Simone Mainardi <maina...@ntop.org >> <mailto:maina...@ntop.org>> wrote: >> Munroe, >> >> You have top-ports by traffic for both local hosts and network interfaces. >> Just check the 'Ports' tab of the host and interface pages. >> >> Simone >> >>> On 6 Jul 2020, at 15:53, Munroe Sollog <m...@lehigh.edu >>> <mailto:m...@lehigh.edu>> wrote: >>> >>> Is there a way to show top traffic by destination port? >>> >>> -- >>> Munroe Sollog >>> Senior Network Engineer >>> mun...@lehigh.edu >>> <mailto:mun...@lehigh.edu>_______________________________________________ >>> Ntop mailing list >>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it> >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >> _______________________________________________ >> Ntop mailing list >> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it> >> http://listgateway.unipi.it/mailman/listinfo/ntop >> <http://listgateway.unipi.it/mailman/listinfo/ntop> >> >> -- >> Munroe Sollog >> Senior Network Engineer >> mun...@lehigh.edu <mailto:mun...@lehigh.edu> >> >> -- >> Munroe Sollog >> Senior Network Engineer >> mun...@lehigh.edu >> <mailto:mun...@lehigh.edu>_______________________________________________ >> Ntop mailing list >> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it> >> http://listgateway.unipi.it/mailman/listinfo/ntop >> <http://listgateway.unipi.it/mailman/listinfo/ntop> > _______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop> > > -- > Munroe Sollog > Senior Network Engineer > mun...@lehigh.edu > <mailto:mun...@lehigh.edu>_______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
