Hi, Please, explain how to reproduce. Enclose a pcap if you think it will help as well.
Simone On Fri, Oct 28, 2016 at 10:46 AM, Lutfi Oduncuoglu < [email protected]> wrote: > Hello, > > I am trying to get L7_PROTO_NAME with nprobe. I am using the nprobe as > below > > nprobe -G -t 60 -d 15 --elastic "flows;nprobe-%Y.%m.%d;http:// > 10.X.X.X:9200/_bulk" -i eth1 -T "%IN_BYTES %IN_PKTS %PROTOCOL > %L4_SRC_PORT %IPV4_SRC_ADDR %L4_DST_PORT %IPV4_DST_ADDR %SRC_AS %DST_AS > %OUT_BYTES %OUT_PKTS %SRC_VLAN %DST_VLAN %HTTP_URL %HTTP_METHOD %HTTP_HOST > %HTTP_SITE %L7_PROTO %L7_PROTO_NAME %APPL_LATENCY_MS" > > > The problem here when I am checking the flows via elasticsearch I get two > differen results for exactly the same request, > > > L7_PROTO_NAME HTTP > > L7_PROTO_NAME Unknown. > > So what may be the problem here? > > Regards, > > Lutfi > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
