Hi Paolo,
just sending this because the message said to.
pmacctd[26649]: WARN ( default/core ): nDPI support for fragmented traffic not
implemented. If you see this message, please get in touch: Paolo Lucente
Regards,
Steve
Email Confidentiality Notice: The information contained in this tran
Hi Grimur,
You may be mixing two unrelated things, nDPI and NetFlow. nDPI applies
to actual traffic (libpcap, NFLOG); typical NetFlow exports do report
only some elements of the packet headers (further summarised in flows)
in its records so a DPI tecnique can't be applied to it; Cisco provides
cl
Hi
I'm trying to use nDPI with the nfacctd daemon. I've compiled and
installed everything. I added the class attribute to the aggregate list,
when I start the daemon it says that it is running with --enable-ndpi.
Yet every netflow entry says that the class is unknown.
nfacctd.conf:
plugins:
Hi Steve,
Thanks very much for this feedback and for reporting the error in the
docs in the separate email. Those unknown come from the so-called
'master protocol' in nDPI, we may understand why you are getting those.
I propose to continue 1:1 on any of issues/feedback related to nDPI so
not to
Hi Paolo,
Noticed an error in the example you gave in the documentation.
5) Configure pmacct. The following sample configuration is based on pmacctd and
the print plugin with formatted output to stdout:
daemonize: true
interface: eth0
snaplen: 700
!
plugins: print
!
aggre
Hi Paolo,
I did a minimal test of the new nDPI integration. It looks promising.
What is the first Unknown suppose to represent?
Unknown/Kerberos
Unknown/Kerberos
Unknown/Kerberos
This is a little confusing - this was traffic between the same host - very close
together but
only one is identifi
Great! I will test this and get back at some point.
On Jul 23, 2017 22:29, "Paolo Lucente" wrote:
>
> Dearests,
>
> A first round of coding to integrate packet classification via nDPI in
> pmacct is now available on the GitHub code for all those souls that
> would like to contribute helping out
Dearests,
A first round of coding to integrate packet classification via nDPI in
pmacct is now available on the GitHub code for all those souls that
would like to contribute helping out testing this. I recall a few of you
that have been waiting this: please reach out to me if i don't reach out
to
