OK, confirmed it is a byte order issue (port 20480 = 80, port 47874 = 443).
We've purchased an nProbe license to use with ntopng and this is currently not working. When ntopng is used by itself on a standard Linux interface, this issue does not appear. When using nProbe to caputure netflows, the byte ordering issue shows up. Tried this with Ubuntu and Debian distributions and both have the same issue. Is this the right mailing list to ask for support? On Sun, Sep 8, 2013 at 4:38 PM, Max Zabor <[email protected]> wrote: > Hello, > > Currently using: > > ntopng (ntopng_1.0.1-6754_amd64.deb) > nprobe (nprobe_6.14.130907-3654_amd64.deb) > > When viewing flows in ntopng, the port numbers all appear incorrect > (potential endianness problem?): > > Info Unknown TCP x.x.x.x:47873 192.168.1.102:58599 24 min, > 20 sec 0 bps 196.49 KB > Info Unknown TCP x.x.x.x:20480 192.168.1.102:9457 19 min, > 10 sec 0 bps 105.64 KB > > These should be ports 80 and 443. This, of course, affects the protocols > reporting (100% reported as Unknown). > > I've checked the netflows being generated at the origin and the ports are > being reported correctly to nprobe. Has anyone else had this issue? > > -- > Max > >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
