Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NTop>
  3. Misc
New ports/applications
mkh at rqc
Aug 10, 2017, 12:16 AM
Post #1 of 5 (1107 views)
Permalink
Deal ntopng authors,
Dear all,

What can I do to make more ports/applications recognized by ntopng?
Particularly I miss recognition of the following ports:

2193: both TCP and UDP registered by IANA for Dr.Web Enterprise
Management Service
4971 TCP: BURP - BackUp and Restore Program
4972 TCP: BURP - BackUp and Restore Program (status requests)

Last two are not registered anywhere I afraid.


--

With Best Regards,
Marat Khalili
_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: New ports/applications [ In reply to ]
mainardi at ntop
Aug 10, 2017, 12:43 AM
Post #2 of 5 (1107 views)
Permalink
Marat,

If you are capturing raw packets, then I encourage you to submit a request on the nDPI GitHub page along with a pcap of the traffic you are interested in supporting.

If you are collecting NetFlow data, you can't leverage nDPI as no packet payload can be inspected by either nProbe or ntopng. In that case, please, use http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/ <http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/>

Regards,
Simone

> On 10 Aug 2017, at 09:16, Marat Khalili <mkh@rqc.ru> wrote:
>
> Deal ntopng authors,
> Dear all,
>
> What can I do to make more ports/applications recognized by ntopng? Particularly I miss recognition of the following ports:
>
> 2193: both TCP and UDP registered by IANA for Dr.Web Enterprise Management Service
> 4971 TCP: BURP - BackUp and Restore Program
> 4972 TCP: BURP - BackUp and Restore Program (status requests)
>
> Last two are not registered anywhere I afraid.
>
>
> --
>
> With Best Regards,
> Marat Khalili
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: New ports/applications [ In reply to ]
mkh at rqc
Aug 10, 2017, 4:35 AM
Post #3 of 5 (1106 views)
Permalink
> If you are capturing raw packets, then I encourage you to submit a
> request on the nDPI GitHub page along with a pcap of the traffic you
> are interested in supporting.
I'm using NetFlow, unfortunately.

> If you are collecting NetFlow data, you can't leverage nDPI as no
> packet payload can be inspected by either nProbe or ntopng. In that
> case, please, use
> http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/
I've read this page. It says that I can specify protocols in some
configuration file with some simple format. But there's this file and
how can it be enabled? And is it used during build or runtime?

--

With Best Regards,
Marat Khalili

On 10/08/17 10:43, Simone Mainardi wrote:
> Marat,
>
> If you are capturing raw packets, then I encourage you to submit a
> request on the nDPI GitHub page along with a pcap of the traffic you
> are interested in supporting.
>
> If you are collecting NetFlow data, you can't leverage nDPI as no
> packet payload can be inspected by either nProbe or ntopng. In that
> case, please, use
> http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/
>
> Regards,
> Simone
>
>> On 10 Aug 2017, at 09:16, Marat Khalili <mkh@rqc.ru
>> <mailto:mkh@rqc.ru>> wrote:
>>
>> Deal ntopng authors,
>> Dear all,
>>
>> What can I do to make more ports/applications recognized by ntopng?
>> Particularly I miss recognition of the following ports:
>>
>> 2193: both TCP and UDP registered by IANA for Dr.Web Enterprise
>> Management Service
>> 4971 TCP: BURP - BackUp and Restore Program
>> 4972 TCP: BURP - BackUp and Restore Program (status requests)
>>
>> Last two are not registered anywhere I afraid.
>>
>>
>> --
>>
>> With Best Regards,
>> Marat Khalili
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: New ports/applications [ In reply to ]
mainardi at ntop
Aug 10, 2017, 5:10 AM
Post #4 of 5 (1106 views)
Permalink
Marat,

> On 10 Aug 2017, at 13:35, Marat Khalili <mkh@rqc.ru> wrote:
>
>
>> If you are capturing raw packets, then I encourage you to submit a request on the nDPI GitHub page along with a pcap of the traffic you are interested in supporting.
> I'm using NetFlow, unfortunately.
>
>
>> If you are collecting NetFlow data, you can't leverage nDPI as no packet payload can be inspected by either nProbe or ntopng. In that case, please, use http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/ <http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/>I've read this page. It says that I can specify protocols in some configuration file with some simple format. But there's this file and how can it be enabled? And is it used during build or runtime?

See for example https://github.com/ntop/nDPI/issues/309#issuecomment-263911392 <https://github.com/ntop/nDPI/issues/309#issuecomment-263911392>

Hint: use google to search for previous similar questions: "site:https://github.com/ntop/ custom ndpi protocols"

>
> --
>
> With Best Regards,
> Marat Khalili
>
> On 10/08/17 10:43, Simone Mainardi wrote:
>> Marat,
>>
>> If you are capturing raw packets, then I encourage you to submit a request on the nDPI GitHub page along with a pcap of the traffic you are interested in supporting.
>>
>> If you are collecting NetFlow data, you can't leverage nDPI as no packet payload can be inspected by either nProbe or ntopng. In that case, please, use http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/ <http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/>
>>
>> Regards,
>> Simone
>>
>>> On 10 Aug 2017, at 09:16, Marat Khalili <mkh@rqc.ru <mailto:mkh@rqc.ru>> wrote:
>>>
>>> Deal ntopng authors,
>>> Dear all,
>>>
>>> What can I do to make more ports/applications recognized by ntopng? Particularly I miss recognition of the following ports:
>>>
>>> 2193: both TCP and UDP registered by IANA for Dr.Web Enterprise Management Service
>>> 4971 TCP: BURP - BackUp and Restore Program
>>> 4972 TCP: BURP - BackUp and Restore Program (status requests)
>>>
>>> Last two are not registered anywhere I afraid.
>>>
>>>
>>> --
>>>
>>> With Best Regards,
>>> Marat Khalili
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>
>>
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: New ports/applications [ In reply to ]
mkh at rqc
Aug 10, 2017, 5:28 AM
Post #5 of 5 (1106 views)
Permalink
Works now, thank you!

(For the record: there's no existing file, you ought to create a new one
in format described here
<http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/>
for port-based protocol detection and specify this file in
--ndpi-protocols argument of ntopng.)

--

With Best Regards,
Marat Khalili

On 10/08/17 15:10, Simone Mainardi wrote:
> Marat,
>
>> On 10 Aug 2017, at 13:35, Marat Khalili <mkh@rqc.ru
>> <mailto:mkh@rqc.ru>> wrote:
>>
>>
>>> If you are capturing raw packets, then I encourage you to submit a
>>> request on the nDPI GitHub page along with a pcap of the traffic you
>>> are interested in supporting.
>> I'm using NetFlow, unfortunately.
>>
>>
>>> If you are collecting NetFlow data, you can't leverage nDPI as no
>>> packet payload can be inspected by either nProbe or ntopng. In that
>>> case, please, use
>>> http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/
>> I've read this page. It says that I can specify protocols in some
>> configuration file with some simple format. But there's this file and
>> how can it be enabled? And is it used during build or runtime?
>
> See for example
> https://github.com/ntop/nDPI/issues/309#issuecomment-263911392
>
> Hint: use google to search for previous similar questions:
> "site:https://github.com/ntop/ custom ndpi protocols"
>
>>
>> --
>>
>> With Best Regards,
>> Marat Khalili
>>
>> On 10/08/17 10:43, Simone Mainardi wrote:
>>> Marat,
>>>
>>> If you are capturing raw packets, then I encourage you to submit a
>>> request on the nDPI GitHub page along with a pcap of the traffic you
>>> are interested in supporting.
>>>
>>> If you are collecting NetFlow data, you can't leverage nDPI as no
>>> packet payload can be inspected by either nProbe or ntopng. In that
>>> case, please, use
>>> http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/
>>>
>>> Regards,
>>> Simone
>>>
>>>> On 10 Aug 2017, at 09:16, Marat Khalili <mkh@rqc.ru
>>>> <mailto:mkh@rqc.ru>> wrote:
>>>>
>>>> Deal ntopng authors,
>>>> Dear all,
>>>>
>>>> What can I do to make more ports/applications recognized by ntopng?
>>>> Particularly I miss recognition of the following ports:
>>>>
>>>> 2193: both TCP and UDP registered by IANA for Dr.Web Enterprise
>>>> Management Service
>>>> 4971 TCP: BURP - BackUp and Restore Program
>>>> 4972 TCP: BURP - BackUp and Restore Program (status requests)
>>>>
>>>> Last two are not registered anywhere I afraid.
>>>>
>>>>
>>>> --
>>>>
>>>> With Best Regards,
>>>> Marat Khalili
>>>> _______________________________________________
>>>> Ntop-misc mailing list
>>>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>
>>>
>>>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> Ntop-misc@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal