Mailing List Archive: nProbe's nDPI application layer protocol detection

Hi,

Detection is done by nDPI. nDPI is a library that is shared by ntopng and
nProbe and is actively under development. So, if ntopng correctly detects
the protocol but nProbe doesn't, I guess you are using a version of nProbe
that hasn't the proper heuristics to detect the protocols you're looking
for. This typically solves by updating nProbe to the latest version.

Regards,

On Tue, Jan 24, 2017 at 5:50 PM, Yotam Hochman <yotamho@gmail.com> wrote:

> Hello, I am using nProbe demo version for evaluation.
> I am using the "%L7_PROTO_NAME" in the -T flag to get the application
> layer protocol (detected by nDPI).
> Unfortunately, the output file detects "WhatsAppVoice" and "STUN" flows as
> "Unknown"/"RTP", even though ntopng detect the right protocol of them.
>
> This is the command I start nProbe with:
> C:\Program Files\nProbe>nprobe.exe/c -i 5 -Q 5 -u 5 -n 127.0.0.1:2055 -D
> t -P C:\Flows -F 60 -T "%L7_PROTO_NAME %IPV4_SRC_ADDR %IPV4_DST_ADDR"
>
>
> What am I doing wrong?
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>