Thank you, Filippo. i did follow the quick start guide you mentioned to add new custom protocol, but cant detect new traffic by ntopng and pcapreader.
Here paste my config files and log below, FYI. Hope they are useful. 1.ntopng.conf cat /etc/ntopng/ntopng.conf -r=localhost:6379 -w=3000 -m="172.0.0.1/8" -G=/var/tmp/ntopng.pid -i=eth0 -i=tcp://0.0.0.0:5556 -p=/etc/ntopng/custome.protos 2. protocol file: custome.protos cat /etc/ntopng/custome.protos # host:"<value>",host:"<value>",.....@<subproto> host:"googlesyndacation.com"@Google host:"venere.com"@Veneer host:"172.20.102.29"@hehe # <tcp|udp>:,<tcp|udp>:,.....@ #tcp:81,tcp:8181@HTTP #udp:5061-5062@SIP #tcp:860,udp:860,tcp:3260,udp:3260@iSCSI tcp:3000@ntop udp:5355@T1 udp:3702@T2 udp:8612@T3 tcp:8888@T4 3. ntopng start up log ntopng /etc/ntopng/ntopng.conf 08/Dec/2013 11:02:29 [Ntop.cpp:457] Setting local networks to 172.0.0.1/8 08/Dec/2013 11:02:29 [AddressResolution.cpp:131] Rule '172.0.0.1'/'8' [NDPI] addDefaultPort(): found duplicate for port 5355 # Maybe here? 08/Dec/2013 11:02:29 [PF_RINGInterface.cpp:42] Reading packets from PF_RING v.5.6.1 interface eth0... 08/Dec/2013 11:02:29 [Ntop.cpp:564] Registered interface eth0 [id: 0] [NDPI] addDefaultPort(): found duplicate for port 5355 # Maybe here? 08/Dec/2013 11:02:29 [Ntop.cpp:564] Registered interface collector@0.0.0.0:5556 [id: 1] 08/Dec/2013 11:02:29 [Utils.cpp:238] User changed to nobody 08/Dec/2013 11:02:29 [main.cpp:147] PID stored in file /var/tmp/ntopng.pid 08/Dec/2013 11:02:29 [HTTPserver.cpp:363] HTTP server listening on port 3000 [/usr/local/share/ntopng/httpdocs][/usr/local/share/ntopng/scripts] 08/Dec/2013 11:02:29 [main.cpp:179] Using RRD version 1.4.7 08/Dec/2013 11:02:29 [main.cpp:188] Working directory: /var/tmp/ntopng 08/Dec/2013 11:02:29 [main.cpp:190] Scripts/HTML pages directory: /usr/local/share/ntopng 08/Dec/2013 11:02:29 [Ntop.cpp:161] Welcome to ntopng x86_64 v.1.1.1 (r7071) - (C) 1998-13 ntop.org 08/Dec/2013 11:02:29 [Redis.cpp:46] Successfully connected to Redis localhost:6379 08/Dec/2013 11:02:29 [PeriodicActivities.cpp:53] Started periodic activities loop... 08/Dec/2013 11:02:29 [NetworkInterface.cpp:629] Started packet polling on interface eth0... 08/Dec/2013 11:02:29 [NetworkInterface.cpp:629] Started packet polling on interface collector@0.0.0.0:5556... 08/Dec/2013 11:02:29 [CollectorInterface.cpp:100] Collecting flows... 08/Dec/2013 11:02:29 [PeriodicActivities.cpp:91] Starting script /usr/local/share/ntopng/scripts/callbacks/second.lua Thanks! Best regards, John 2013/12/7 Filippo Fontanelli <fontane...@ntop.org> > Hi John > > You can find the nDPI quick start in > > nDPI/doc/ > > That explain how you can add custom protocol to nDPI. > > > Il giorno 06/dic/2013, alle ore 16:29, John Zhang <kingzy...@gmail.com> > ha scritto: > > Hi everyone, > > > I want to add custom protocol detection to mdpi, I found the below great > guide, and followed > http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/ > > To add port-based protocol detection, I added the below line to the > protocol file: > > tcp:29000,tcp:29001@MYAP > > > This is correct > > > But ntopng cant detect any traffic of new protocol,and also testing by > pcapReader could not find. > > > Try to use the pcapreader command line with the parameter -p your.protos > and the parameter -v 2 to active the verbose mode and check the flow stack > > > Filippo > > On 06 Dec 2013, at 16:29, John Zhang <kingzy...@gmail.com> wrote: > > Hi everyone, > > > I want to add custom protocol detection to mdpi, I found the below great > guide, and followed > http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/ > > To add port-based protocol detection, I added the below line to the > protocol file: > > tcp:29000,tcp:29001@MYAPP > > > But ntopng cant detect any traffic of new protocol,and also testing by > pcapReader could not find. > > > > Anything I missed, or made wrong? Please help me. > > > > Thank you in advance! > > > > Best regards, > > John > > > _______________________________________________ > Ntop-misc mailing list > Ntop-misc@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > > _______________________________________________ > Ntop-misc mailing list > Ntop-misc@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > >
_______________________________________________ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
