Matthew.Stavert at nlsd
May 15, 2012, 3:13 PM
Post #1 of 1
I have the newest SVN of Ntop running under Ubuntu 12.04 with, with nDPI of course. I installed an extra card into the box, so that I have Eth0, and Eth1. On the top level swithch that all traffics flows through (port1), I mirroed port 1 to port 49, and plugged Eth0 into port 49. I then used Eth1, as a refugular switching port for the web interface and reporting. I fired up ntop and made sure Eth0 was setup as the capture interface. It did indeed capture traffic, and could see all of my subnets. The only problem, is that under spplications, it classic fied a ton of DNS, HTTP etc, but no identified nDPI application protocols like Facebook, youtube, icould etc...after three hours of running it, it just identified GENERAL top level protocol, no specific applications...is there something I need to do?
Ntop - Not recording sub protocols on Mirrored port
Information Systems Analyst