Hi,
I'm trying to detect SEP traffic (Symantec Endpoint Protection). Clients
connect to SEP Manager (SEPM) thru port tcp-8014.
If I go to SEPM page in Ntopng GUI, then to flows, I see this:
Application: Unknown, tcp, Client: SEPM:8014,
Server:[Random_high_number]
So, I created proto.txt with this:
tcp:8014@sep-comm
Re-run ntopng and there is no changes...
My guess is due tcp-8014 appears in the client column, it doesn't
recognize it as "sep-comm" or whatever...
This is traffic from a backbone switch/router, so I can't say what is in
and what is out, because everywhere are 192.168.x.x networks...
Any guess on what I'm doing wrong?
Sacha.
I'm trying to detect SEP traffic (Symantec Endpoint Protection). Clients
connect to SEP Manager (SEPM) thru port tcp-8014.
If I go to SEPM page in Ntopng GUI, then to flows, I see this:
Application: Unknown, tcp, Client: SEPM:8014,
Server:[Random_high_number]
So, I created proto.txt with this:
tcp:8014@sep-comm
Re-run ntopng and there is no changes...
My guess is due tcp-8014 appears in the client column, it doesn't
recognize it as "sep-comm" or whatever...
This is traffic from a backbone switch/router, so I can't say what is in
and what is out, because everywhere are 192.168.x.x networks...
Any guess on what I'm doing wrong?
Sacha.