It looks like hosts:nDPI has a field called "protocol" which is pretty close. It looks like it uses the port number, among other things, to identify the traffic type (SSH, HTTP, etc). However, It also looks like it uses "Unknown" as a protocol. Unfortunately, "Unknown" tells us nothing about the traffic, and while it can't be positively identified, wounldn't using "Port=NNN" instead of "Unknown" preserve some information about the traffic and provide some hint as to what the traffic may be?
On Thu, Jul 9, 2020 at 1:35 AM Simone Mainardi <[email protected]> wrote: > Munroe, > > ntopng does not create per-port timeseries data, so they won't be in > Influx. Live per-port traffic is accessible for hosts and flows > using iface_ports_list.lua. > > If you need historical port data, you can enable flows dump using nIndex > (e.g, -F "nindex"). Each flow will be dumped with its ports so, at that > point, you can just do queries using the RESful API > https://www.ntop.org/guides/ntopng/api/rest/examples_v1.html#get-historical-flows > to > get the ports. > > Simone > > On 8 Jul 2020, at 22:25, Munroe Sollog <[email protected]> wrote: > > My real question is where is the per-port data stored? I've been poking > around influx and I don't see it there. Is it stored elsewhere? > > On Wed, Jul 8, 2020 at 1:13 PM Munroe Sollog <[email protected]> wrote: > >> I must be missing something, I don't see it anywhere. Is it something I >> have to enable? >> >> On Tue, Jul 7, 2020 at 5:32 AM Simone Mainardi <[email protected]> wrote: >> >>> Munroe, >>> >>> You have top-ports by traffic for both local hosts and network >>> interfaces. Just check the 'Ports' tab of the host and interface pages. >>> >>> Simone >>> >>> On 6 Jul 2020, at 15:53, Munroe Sollog <[email protected]> wrote: >>> >>> Is there a way to show top traffic by destination port? >>> >>> -- >>> Munroe Sollog >>> Senior Network Engineer >>> [email protected] >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> >> >> -- >> Munroe Sollog >> Senior Network Engineer >> [email protected] >> > > > -- > Munroe Sollog > Senior Network Engineer > [email protected] > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop -- Munroe Sollog Senior Network Engineer [email protected]
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
