[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntop
Subject:    [Ntop] 96% Traffic Unknown?
From:       Riccardo Bortolameotti <r.bortolameotti () gmail ! com>
Date:       2012-08-26 8:53:02
Message-ID: CAM1XxE60jDUTLK0Hry+p-P8oowXcFqESnHAVhZcSfdzf7qDejw () mail ! gmail ! com
[Download RAW message or body]

Hi everybody,

i've configured my ntop with nprobe, including %L7_PROTO, which give
me the visibility about layer 7 protocols. For a test-case my nProbe
is installed on the same machine where ntop is installed, and their
collecting data from the same interface. 2 vlans are mirrored on this
interface.

But ntop shows me strange statistics about protocol layer 7. How is it
possible that i've a 96% of unknown traffic?

I've built this test-case to see the differences between traffic of a
faculty with a local datacenter and a faculty where many of its
systems are remote.

ps: is it possible to distinguish their typology (layer 3, layer 4,
layer 7) of traffic ( for example through known subnets + host
communities), even if vlans are mirrored on the same interface.
(because ntop treats, in its global statistics, this vlans as a single
vlan). Probably the best configuration could be to associate a vlan to
an interface, but now it is not possible
for many reasons.

thx in advance,

regards,

R.

-- 
R.
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
[prev in list] [next in list] [prev in thread] [next in thread]