Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NTop>
  3. Users
poor NDPI detection rate
x at init2
Dec 21, 2016, 7:13 AM
Post #1 of 3 (779 views)
Permalink
Hello,
I aquired a license for nprobe & ntopng pro about a month ago. Since
then I never saw Whatsapp, Twitch, Youtube, Instagram, eBay, Amazon,
Teamspeak, OpenVPN, TeamViewer, Facebook showing up in the Protocol
Overview, but these protocols are being used by a lot of devices. So I
assume I've made a configuration mistake or ndpi is severely broken in
it's current state.
I'm collecting IPFIX data from a Mikrotik Router, nprobe and ntopng is
running on a Raspberry Pi. Are there any limitations of the embedded
version? All the missing Protocols are listed by ntopng
--print-ndpi-protocols.
Can anyone help me setting this up correctly? I'm using the latest
stable version which is currently available.
Thanks in advance.

Oliver Schweger
Re: poor NDPI detection rate [ In reply to ]
deri at ntop
Dec 21, 2016, 7:14 AM
Post #2 of 3 (774 views)
Permalink
Oliver
DPI works with packets, as with flows we can only guess what a protocol could be. So unless you use nprobe in packet capture more, what is all we can offer you as IPFIX does not carry L7 info.

Regards Luca

> On 21 Dec 2016, at 16:13, Oliver Schweger <x@init2.net> wrote:
>
> Hello,
> I aquired a license for nprobe & ntopng pro about a month ago. Since then I never saw Whatsapp, Twitch, Youtube, Instagram, eBay, Amazon, Teamspeak, OpenVPN, TeamViewer, Facebook showing up in the Protocol Overview, but these protocols are being used by a lot of devices. So I assume I've made a configuration mistake or ndpi is severely broken in it's current state.
> I'm collecting IPFIX data from a Mikrotik Router, nprobe and ntopng is running on a Raspberry Pi. Are there any limitations of the embedded version? All the missing Protocols are listed by ntopng --print-ndpi-protocols.
> Can anyone help me setting this up correctly? I'm using the latest stable version which is currently available.
> Thanks in advance.
>
> Oliver Schweger
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
Re: poor NDPI detection rate [ In reply to ]
deri at ntop
Dec 21, 2016, 7:14 AM
Post #3 of 3 (774 views)
Permalink
Oliver
DPI works with packets, as with flows we can only guess what a protocol could be. So unless you use nprobe in packet capture more, what is all we can offer you as IPFIX does not carry L7 info.

Regards Luca

> On 21 Dec 2016, at 16:13, Oliver Schweger <x@init2.net> wrote:
>
> Hello,
> I aquired a license for nprobe & ntopng pro about a month ago. Since then I never saw Whatsapp, Twitch, Youtube, Instagram, eBay, Amazon, Teamspeak, OpenVPN, TeamViewer, Facebook showing up in the Protocol Overview, but these protocols are being used by a lot of devices. So I assume I've made a configuration mistake or ndpi is severely broken in it's current state.
> I'm collecting IPFIX data from a Mikrotik Router, nprobe and ntopng is running on a Raspberry Pi. Are there any limitations of the embedded version? All the missing Protocols are listed by ntopng --print-ndpi-protocols.
> Can anyone help me setting this up correctly? I'm using the latest stable version which is currently available.
> Thanks in advance.
>
> Oliver Schweger
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal