Re: [pmacct-discussion] nDPI with nfacctd

2017-11-22 Thread Paolo Lucente
Hi Grimur, You may be mixing two unrelated things, nDPI and NetFlow. nDPI applies to actual traffic (libpcap, NFLOG); typical NetFlow exports do report only some elements of the packet headers (further summarised in flows) in its records so a DPI tecnique can't be applied to it; Cisco provides

[pmacct-discussion] nDPI with nfacctd

2017-11-22 Thread Grímur Daníelsson
Hi I'm trying to use nDPI with the nfacctd daemon. I've compiled and installed everything. I added the class attribute to the aggregate list, when I start the daemon it says that it is running with --enable-ndpi. Yet every netflow entry says that the class is unknown. nfacctd.conf:

[pmacct-discussion] nDPI

2017-07-26 Thread Stephen Clark
Hi Paolo, Noticed an error in the example you gave in the documentation. 5) Configure pmacct. The following sample configuration is based on pmacctd and the print plugin with formatted output to stdout: daemonize: true interface: eth0 snaplen: 700 ! plugins: print !

[pmacct-discussion] nDPI

2017-07-25 Thread Stephen Clark
Hi Paolo, I did a minimal test of the new nDPI integration. It looks promising. What is the first Unknown suppose to represent? Unknown/Kerberos Unknown/Kerberos Unknown/Kerberos This is a little confusing - this was traffic between the same host - very close together but only one is

Re: [pmacct-discussion] nDPI integration

2017-07-23 Thread Abi Askushi
Great! I will test this and get back at some point. On Jul 23, 2017 22:29, "Paolo Lucente" wrote: > > Dearests, > > A first round of coding to integrate packet classification via nDPI in > pmacct is now available on the GitHub code for all those souls that > would like to

[pmacct-discussion] nDPI integration

2017-07-23 Thread Paolo Lucente
Dearests, A first round of coding to integrate packet classification via nDPI in pmacct is now available on the GitHub code for all those souls that would like to contribute helping out testing this. I recall a few of you that have been waiting this: please reach out to me if i don't reach out