Mailing List Archive

ntopng DPI Question
We are a small ISP looking to get more insights into our network traffic. We have setup ntopng (Community Edition) monitoring an ethernet interface that is being mirrored on a Juniper switch. The peak traffic on this interface is about 170Mbps.

Traffic levels look correct, and we are definitely seeing host insights.

However, nDPI does not seem to be recognizing applications as well as I would have expected. While it shows things like YouTube, Windows Updates, and Bit Torent, it seems to miss things like NetFlix. I know our customers are using NetFlix, other solutuions have shown this to be about 35% of our total traffic.

Top Application Protocols shows:
HTTP 28%
Other 24.6%
SSL 24.5%
YouTube 12.8%
Unknown 5.7%
Facebook 4.4%

Is there tweaking required to make nDPI more accurate?
If we decide to move ahead with ntopng, it will be placed at our network edge with traffic levels over 2Gbps and climbing.

Thanks in Advance for any help.
Terry D.
NETAGO
Re: ntopng DPI Question [ In reply to ]
Terry,

You sent 4 emails to the mailing list all with the same text as the one below. The mailing list is working, please don't do multiple transmissions.

> On 11 Apr 2018, at 16:53, Terry Duchcherer <terry@netago.com> wrote:
>
> We are a small ISP looking to get more insights into our network traffic. We have setup ntopng (Community Edition) monitoring an ethernet interface that is being mirrored on a Juniper switch. The peak traffic on this interface is about 170Mbps.
>
> Traffic levels look correct, and we are definitely seeing host insights.
>
> However, nDPI does not seem to be recognizing applications as well as I would have expected. While it shows things like YouTube, Windows Updates, and Bit Torent, it seems to miss things like NetFlix. I know our customers are using NetFlix, other solutuions have shown this to be about 35% of our total traffic.
>
> Top Application Protocols shows:
> HTTP 28%
> Other 24.6%
> SSL 24.5%
> YouTube 12.8%
> Unknown 5.7%
> Facebook 4.4%
>
> Is there tweaking required to make nDPI more accurate?

Please, attach/upload a pcap file with traffic that is supposed to be Netflix but is not detected by nDPI so we can check and see if there's something we should change in the deep packet inspection engine to improve accuracy.



> If we decide to move ahead with ntopng, it will be placed at our network edge with traffic levels over 2Gbps and climbing.
>
> Thanks in Advance for any help.
> Terry D.
> NETAGO
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
Re: ntopng DPI Question [ In reply to ]
Terry,

You sent 4 emails to the mailing list all with the same text as the one below. The mailing list is working, please don't do multiple transmissions.

> On 11 Apr 2018, at 16:53, Terry Duchcherer <terry@netago.com> wrote:
>
> We are a small ISP looking to get more insights into our network traffic. We have setup ntopng (Community Edition) monitoring an ethernet interface that is being mirrored on a Juniper switch. The peak traffic on this interface is about 170Mbps.
>
> Traffic levels look correct, and we are definitely seeing host insights.
>
> However, nDPI does not seem to be recognizing applications as well as I would have expected. While it shows things like YouTube, Windows Updates, and Bit Torent, it seems to miss things like NetFlix. I know our customers are using NetFlix, other solutuions have shown this to be about 35% of our total traffic.
>
> Top Application Protocols shows:
> HTTP 28%
> Other 24.6%
> SSL 24.5%
> YouTube 12.8%
> Unknown 5.7%
> Facebook 4.4%
>
> Is there tweaking required to make nDPI more accurate?

Please, attach/upload a pcap file with traffic that is supposed to be Netflix but is not detected by nDPI so we can check and see if there's something we should change in the deep packet inspection engine to improve accuracy.



> If we decide to move ahead with ntopng, it will be placed at our network edge with traffic levels over 2Gbps and climbing.
>
> Thanks in Advance for any help.
> Terry D.
> NETAGO
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
Re: ntopng DPI Question [ In reply to ]
For some reason my Outlook was getting them back as bounced. Not sure why.

Terry


From: ntop-bounces@listgateway.unipi.it [mailto:ntop-bounces@listgateway.unipi.it] On Behalf Of Simone Mainardi
Sent: Wednesday, April 11, 2018 9:18 AM
To: ntop@unipi.it
Cc: ntop@listgateway.unipi.it
Subject: Re: [Ntop] ntopng DPI Question

Terry,

You sent 4 emails to the mailing list all with the same text as the one below. The mailing list is working, please don't do multiple transmissions.


On 11 Apr 2018, at 16:53, Terry Duchcherer <terry@netago.com<mailto:terry@netago.com>> wrote:

We are a small ISP looking to get more insights into our network traffic. We have setup ntopng (Community Edition) monitoring an ethernet interface that is being mirrored on a Juniper switch. The peak traffic on this interface is about 170Mbps.

Traffic levels look correct, and we are definitely seeing host insights.

However, nDPI does not seem to be recognizing applications as well as I would have expected. While it shows things like YouTube, Windows Updates, and Bit Torent, it seems to miss things like NetFlix. I know our customers are using NetFlix, other solutuions have shown this to be about 35% of our total traffic.

Top Application Protocols shows:
HTTP 28%
Other 24.6%
SSL 24.5%
YouTube 12.8%
Unknown 5.7%
Facebook 4.4%

Is there tweaking required to make nDPI more accurate?

Please, attach/upload a pcap file with traffic that is supposed to be Netflix but is not detected by nDPI so we can check and see if there's something we should change in the deep packet inspection engine to improve accuracy.




If we decide to move ahead with ntopng, it will be placed at our network edge with traffic levels over 2Gbps and climbing.

Thanks in Advance for any help.
Terry D.
NETAGO

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop