I use:
Ntopng: 3.0.170719 - Pro [Small Business Edition] Edition
nDPI: 2.0.0-836-3cfcc05
As far as I understand you, my nDPI instance can parse HTTP packets as much as possible, but the ntopng product itself can not get this data from nDPI
I'm right?
Do I need to use a different product for this?
Regards,
Pavel Semenishhev
From: ntop-bounces@listgateway.unipi.it [mailto:ntop-bounces@listgateway.unipi.it] On Behalf Of Simone Mainardi
Sent: Wednesday, July 19, 2017 4:19 PM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] nDPI HTTP dissection
Pavel,
Can you please explain what is your nDPI instance?
If you have nProbe and you want the HTTP fields, then you need the HTTP plugin that gives you access to the following elements:
Plugin HTTP Protocol templates:
[NFv9 57652][IPFIX 35632.180] %HTTP_URL HTTP URL (IXIA URI)
[NFv9 57832][IPFIX 35632.360] %HTTP_METHOD HTTP METHOD
[NFv9 57653][IPFIX 35632.181] %HTTP_RET_CODE HTTP return code (e.g. 200, 304...)
[NFv9 57654][IPFIX 35632.182] %HTTP_REFERER HTTP Referer
[NFv9 57655][IPFIX 35632.183] %HTTP_UA HTTP User Agent
[NFv9 57656][IPFIX 35632.184] %HTTP_MIME HTTP Mime Type
[NFv9 57659][IPFIX 35632.187] %HTTP_HOST HTTP Host Name (IXIA Host Name)
[NFv9 57833][IPFIX 35632.361] %HTTP_SITE HTTP server without host name
[NFv9 57932][IPFIX 35632.460] %HTTP_X_FORWARDED_FOR HTTP X-Forwarded-For
[NFv9 57933][IPFIX 35632.461] %HTTP_VIA HTTP Via
Regards,
Simone
On 19 Jul 2017, at 10:12, ????????? ????? ?????????? <p.semenishhev@enforta.com<mailto:p.semenishhev@enforta.com>> wrote:
Hi Luca,
Thanks for answer. But why my nDPI instance doesn’t generate HTTP_UA field? All HTTP fields but not UA. Do I have to make some settings?
<image001.png>
Kind regards,
Pavel Semenishhev
Head of WiFi networks group
Enforta ("Prestige-Internet")
Mobile: +7 (903) 509-25-18
From: ntop-bounces@listgateway.unipi.it<mailto:ntop-bounces@listgateway.unipi.it> [mailto:ntop-bounces@listgateway.unipi.it] On Behalf Of Luca Deri
Sent: Wednesday, July 19, 2017 10:12 AM
To: ntop@unipi.it<mailto:ntop@unipi.it>
Cc: ntop@listgateway.unipi.it<mailto:ntop@listgateway.unipi.it>
Subject: Re: [Ntop] nDPI HTTP dissection
Pavel,
not quite true:
https://github.com/ntop/nDPI/blob/dev/src/lib/protocols/http.c#L272 . The information is parsed by nDPI, so apps (like ntopng or nProbe) can use it.
Regards Luca
On 19 Jul 2017, at 09:06, ????????? ????? ?????????? <p.semenishhev@enforta.com<mailto:p.semenishhev@enforta.com>> wrote:
Hello ntop teem,
I was unpleasantly surprised that the nDPI product does not actually inspect the pacts so deeply.
For example, it does not know how to parse HTTP packets and upload information about the User Agent.
As far as I understand, to solve my task, I have to use nProbe product with plug-ins?
Does Ntop plan to integrate plugins into the nDPI product?
Kind regards,
Pavel Semenishhev
Head of WiFi networks group
Enforta ("Prestige-Internet")
E-mail: p.semenishhev@enforta.com<mailto:p.semenishhev@enforta.com>
Phone: +7 (495) 739-75-59 (ext. 7718)
Mobile: +7 (903) 509-25-18
Skype: htechnoo
Address: Ovchinnikovskaya emb. 20, bldg. 2, Moscow, Russia, 115184
www.enforta.com<
http://www.enforta.com/>
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop
