Karar we cannot do much with collected flows as DPI works with packets. We can guess the port however but nothing more than that
Regards Luca > On 11 Nov 2015, at 18:47, Karar Sudi <[email protected]> wrote: > > Hello Simone, > > I have an ASA firewall forwarding Netflow to Ntopng. The output show some > protocols like ICMP and the rest is lumped together into unknown. > > Thanks > Karar Sudi > > > > > > > On Tue, Nov 10, 2015 at 12:57 PM, Simone Mainardi <[email protected] > <mailto:[email protected]>> wrote: > Karar, > > I am not an expert in Cisco ASA. Could you please give more information on > the issue you are experiencing? > > The fact that your are correctly seeing ports does not imply that the traffic > protocol is recognized. We have the nDPI technology to detect L7 protocols. > Maybe nDPI is not able to detect some protocol that is flowing. > > > Simone > > On Tue, Nov 10, 2015 at 9:59 AM, Karar Sudi <[email protected] > <mailto:[email protected]>> wrote: > > I am trying to setup Netflow on ASA > > > flow-export destination inside 10.24.32.94 5556 > access-list flow_export_acl permit ip any any > class-map flow_export_class > match access-list flow_export_acl > > policy-map global_policy > class flow_export_class > flow-export event-type all destination 10.24.32.94 > > > > > Most of the traffic is shown as unknown protocol but the ports associated > with connection are shown in the output. > On Ubuntu, i started ntopng using : > > > sudo nprobe --zmq "tcp://*:5556" -i eth0 -n none & > sudo ntopng -i tcp://127.0.0.1:5556 <http://127.0.0.1:5556/> & > > > Any assistance in this matter is greatly appreciated. > > > Thanks > Karar S > > _______________________________________________ > Ntop mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop> > > > _______________________________________________ > Ntop mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop> > > <Screen Shot 2015-11-11 at 9.42.57 > AM.png>_______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
