Hello Simone, Actually it happens in random. I will try to produce a pcap today. Is it ok, if I I create a pcap with tcpdump while capturing the flows?
Regards, Lutfi On Fri, Oct 28, 2016 at 12:27 PM, Simone Mainardi <[email protected]> wrote: > Hi, > > Please, explain how to reproduce. Enclose a pcap if you think it will help > as well. > > > Simone > > On Fri, Oct 28, 2016 at 10:46 AM, Lutfi Oduncuoglu < > [email protected]> wrote: > >> Hello, >> >> I am trying to get L7_PROTO_NAME with nprobe. I am using the nprobe as >> below >> >> nprobe -G -t 60 -d 15 --elastic "flows;nprobe-%Y.%m.%d;http:// >> 10.X.X.X:9200/_bulk" -i eth1 -T "%IN_BYTES %IN_PKTS %PROTOCOL >> %L4_SRC_PORT %IPV4_SRC_ADDR %L4_DST_PORT %IPV4_DST_ADDR %SRC_AS %DST_AS >> %OUT_BYTES %OUT_PKTS %SRC_VLAN %DST_VLAN %HTTP_URL %HTTP_METHOD %HTTP_HOST >> %HTTP_SITE %L7_PROTO %L7_PROTO_NAME %APPL_LATENCY_MS" >> >> >> The problem here when I am checking the flows via elasticsearch I get two >> differen results for exactly the same request, >> >> >> L7_PROTO_NAME HTTP >> >> L7_PROTO_NAME Unknown. >> >> So what may be the problem here? >> >> Regards, >> >> Lutfi >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
