Re: [Ntop-misc] New ports/applications

2017-08-10 Thread Marat Khalili 

Works now, thank you!

(For the record: there's no existing file, you ought to create a new one 
in format described here 
 
for port-based protocol detection and specify this file in 
--ndpi-protocols argument of ntopng.)


--

With Best Regards,
Marat Khalili

On 10/08/17 15:10, Simone Mainardi wrote:

Marat,

On 10 Aug 2017, at 13:35, Marat Khalili > wrote:



If you are capturing raw packets, then I encourage you to submit a 
request on the nDPI GitHub page along with a pcap of the traffic you 
are interested in supporting.

I'm using NetFlow, unfortunately.


If you are collecting NetFlow data, you can't leverage nDPI as no 
packet payload can be inspected by either nProbe or ntopng. In that 
case, please, use 
http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/
I've read this page. It says that I can specify protocols in some 
configuration file with some simple format. But there's this file and 
how can it be enabled? And is it used during build or runtime?


See for example 
https://github.com/ntop/nDPI/issues/309#issuecomment-263911392


Hint: use google to search for previous similar questions: 
"site:https://github.com/ntop/ custom ndpi protocols"




--

With Best Regards,
Marat Khalili

On 10/08/17 10:43, Simone Mainardi wrote:

Marat,

If you are capturing raw packets, then I encourage you to submit a 
request on the nDPI GitHub page along with a pcap of the traffic you 
are interested in supporting.


If you are collecting NetFlow data, you can't leverage nDPI as no 
packet payload can be inspected by either nProbe or ntopng. In that 
case, please, use 
http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/


Regards,
Simone

On 10 Aug 2017, at 09:16, Marat Khalili > wrote:


Deal ntopng authors,
Dear all,

What can I do to make more ports/applications recognized by ntopng? 
Particularly I miss recognition of the following ports:


2193: both TCP and UDP registered by IANA for Dr.Web Enterprise 
Management Service

4971 TCP: BURP - BackUp and Restore Program
4972 TCP: BURP - BackUp and Restore Program (status requests)

Last two are not registered anywhere I afraid.


--

With Best Regards,
Marat Khalili
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it 
http://listgateway.unipi.it/mailman/listinfo/ntop-misc




___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it 
http://listgateway.unipi.it/mailman/listinfo/ntop-misc




___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] New ports/applications

2017-08-10 Thread Simone Mainardi 
Marat,

> On 10 Aug 2017, at 13:35, Marat Khalili  wrote:
> 
> 
>> If you are capturing raw packets, then I encourage you to submit a request 
>> on the nDPI GitHub page along with a pcap of the traffic you are interested 
>> in supporting.
> I'm using NetFlow, unfortunately.
> 
> 
>> If you are collecting NetFlow data, you can't leverage nDPI as no packet 
>> payload can be inspected by either nProbe or ntopng. In that case, please, 
>> use http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/ 
>> I've
>>  read this page. It says that I can specify protocols in some configuration 
>> file with some simple format. But there's this file and how can it be 
>> enabled? And is it used during build or runtime?

See for example https://github.com/ntop/nDPI/issues/309#issuecomment-263911392 


Hint: use google to search for previous similar questions: 
"site:https://github.com/ntop/ custom ndpi protocols"

> 
> --
> 
> With Best Regards,
> Marat Khalili
> 
> On 10/08/17 10:43, Simone Mainardi wrote:
>> Marat,
>> 
>> If you are capturing raw packets, then I encourage you to submit a request 
>> on the nDPI GitHub page along with a pcap of the traffic you are interested 
>> in supporting.
>> 
>> If you are collecting NetFlow data, you can't leverage nDPI as no packet 
>> payload can be inspected by either nProbe or ntopng. In that case, please, 
>> use http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/ 
>> 
>> 
>> Regards,
>> Simone
>> 
>>> On 10 Aug 2017, at 09:16, Marat Khalili > 
>>> wrote:
>>> 
>>> Deal ntopng authors,
>>> Dear all,
>>> 
>>> What can I do to make more ports/applications recognized by ntopng? 
>>> Particularly I miss recognition of the following ports:
>>> 
>>> 2193: both TCP and UDP registered by IANA for Dr.Web Enterprise Management 
>>> Service
>>> 4971 TCP: BURP - BackUp and Restore Program
>>> 4972 TCP: BURP - BackUp and Restore Program (status requests)
>>> 
>>> Last two are not registered anywhere I afraid.
>>> 
>>> 
>>> --
>>> 
>>> With Best Regards,
>>> Marat Khalili
>>> ___
>>> Ntop-misc mailing list
>>> Ntop-misc@listgateway.unipi.it 
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc 
>>> 
>> 
>> 
>> 
>> ___
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it 
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc 
>> 
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] New ports/applications

2017-08-10 Thread Marat Khalili 
If you are capturing raw packets, then I encourage you to submit a 
request on the nDPI GitHub page along with a pcap of the traffic you 
are interested in supporting.

I'm using NetFlow, unfortunately.

If you are collecting NetFlow data, you can't leverage nDPI as no 
packet payload can be inspected by either nProbe or ntopng. In that 
case, please, use 
http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/
I've read this page. It says that I can specify protocols in some 
configuration file with some simple format. But there's this file and 
how can it be enabled? And is it used during build or runtime?


--

With Best Regards,
Marat Khalili

On 10/08/17 10:43, Simone Mainardi wrote:

Marat,

If you are capturing raw packets, then I encourage you to submit a 
request on the nDPI GitHub page along with a pcap of the traffic you 
are interested in supporting.


If you are collecting NetFlow data, you can't leverage nDPI as no 
packet payload can be inspected by either nProbe or ntopng. In that 
case, please, use 
http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/


Regards,
Simone

On 10 Aug 2017, at 09:16, Marat Khalili > wrote:


Deal ntopng authors,
Dear all,

What can I do to make more ports/applications recognized by ntopng? 
Particularly I miss recognition of the following ports:


2193: both TCP and UDP registered by IANA for Dr.Web Enterprise 
Management Service

4971 TCP: BURP - BackUp and Restore Program
4972 TCP: BURP - BackUp and Restore Program (status requests)

Last two are not registered anywhere I afraid.


--

With Best Regards,
Marat Khalili
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it 
http://listgateway.unipi.it/mailman/listinfo/ntop-misc




___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] New ports/applications

2017-08-10 Thread Simone Mainardi 
Marat,

If you are capturing raw packets, then I encourage you to submit a request on 
the nDPI GitHub page along with a pcap of the traffic you are interested in 
supporting.

If you are collecting NetFlow data, you can't leverage nDPI as no packet 
payload can be inspected by either nProbe or ntopng. In that case, please, use 
http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/ 


Regards,
Simone

> On 10 Aug 2017, at 09:16, Marat Khalili  wrote:
> 
> Deal ntopng authors,
> Dear all,
> 
> What can I do to make more ports/applications recognized by ntopng? 
> Particularly I miss recognition of the following ports:
> 
> 2193: both TCP and UDP registered by IANA for Dr.Web Enterprise Management 
> Service
> 4971 TCP: BURP - BackUp and Restore Program
> 4972 TCP: BURP - BackUp and Restore Program (status requests)
> 
> Last two are not registered anywhere I afraid.
> 
> 
> --
> 
> With Best Regards,
> Marat Khalili
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] Using pf_ring on VMware (installed with e1000 drivers)

2017-08-10 Thread Alfredo Cardigliano 
Hi Amir
there is no need to replace the standard drivers if you do not need ZC 
acceleration.

Alfredo

> On 9 Aug 2017, at 18:00, Amir Kaduri  wrote:
> 
> Thanks.
> Under the same details/conditions described in my question (i.e. pf_ring SW 
> hash filters only), is there any specific need to replace the standard igb.ko 
> and ixgbe.ko drivers with the ones that are provided by pf_ring?
> 
> On Wed, Aug 9, 2017 at 11:08 AM, Alfredo Cardigliano  > wrote:
> Hi Amir
> e1000 and e1000e support different adapters (the latter is for pcie adapters 
> in essence).
> 
> Alfredo
> 
> > On 9 Aug 2017, at 08:03, Amir Kaduri  > > wrote:
> >
> > Hi,
> >
> > I'm using pf_ring 6.6.0 (for SW hash filtering only - no ZC) on CentOS 7 on 
> > VMware.
> > All drivers are e1000. The pf_ring filtering seems to work.
> > Is there any benefit to remove the e1000 driver and install the e1000e 
> > drivers that comes with pf_ring?
> >
> > Thanks,
> > Amir
> > ___
> > Ntop-misc mailing list
> > Ntop-misc@listgateway.unipi.it 
> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc 
> > 
> 
> 
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it 
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc 
> 
> 
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc



signature.asc
Description: Message signed with OpenPGP
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

[Ntop-misc] New ports/applications

2017-08-10 Thread Marat Khalili 

Deal ntopng authors,
Dear all,

What can I do to make more ports/applications recognized by ntopng? 
Particularly I miss recognition of the following ports:


2193: both TCP and UDP registered by IANA for Dr.Web Enterprise 
Management Service

4971 TCP: BURP - BackUp and Restore Program
4972 TCP: BURP - BackUp and Restore Program (status requests)

Last two are not registered anywhere I afraid.


--

With Best Regards,
Marat Khalili
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc