You may be mixing two unrelated things, nDPI and NetFlow. nDPI applies
to actual traffic (libpcap, NFLOG); typical NetFlow exports do report
only some elements of the packet headers (further summarised in flows)
in its records so a DPI tecnique can't be applied to it; Cisco provides
I'm trying to use nDPI with the nfacctd daemon. I've compiled and
installed everything. I added the class attribute to the aggregate list,
when I start the daemon it says that it is running with --enable-ndpi.
Yet every netflow entry says that the class is unknown.
Noticed an error in the example you gave in the documentation.
5) Configure pmacct. The following sample configuration is based on pmacctd and
the print plugin with formatted output to stdout:
I did a minimal test of the new nDPI integration. It looks promising.
What is the first Unknown suppose to represent?
This is a little confusing - this was traffic between the same host - very close
only one is
Great! I will test this and get back at some point.
On Jul 23, 2017 22:29, "Paolo Lucente" wrote:
> A first round of coding to integrate packet classification via nDPI in
> pmacct is now available on the GitHub code for all those souls that
> would like to
A first round of coding to integrate packet classification via nDPI in
pmacct is now available on the GitHub code for all those souls that
would like to contribute helping out testing this. I recall a few of you
that have been waiting this: please reach out to me if i don't reach out