Simone Mainardi
Simone Mainardi
Wondering if this could just be implemented as a flow risk.
can you provide a capture of the nflite on port 2055 so we can try and reproduce it in our lab?
My guess is that, in this case, it is ntopng that determines and assigns the "Malware" category, using its blacklists. nProbe/nDPI aren't aware of blacklists and thus they can't say/mark...
currently the ndpi-detected OS is not propagated from nprobe to ntopng. Marking this feature as enhancement.
did you consider setting up one nProbe per sampling rate. For example: ``` nprobe -i none -n none -S 1:1000:1 --collector-port 2055 ... nprobe -i none -n none -S 1:4000:2...
Currently only one ElasticSearch is supported.
see https://www.ntop.org/nprobe/monitoring-voip-traffic-with-nprobe-and-ntopng/
@bluefangs did you have a chance to test the suggested version with the fix?
do you mean nprobe or ntopng?
I've tried to reproduce both w/ and w/o `--net=host` and it works. It seems you are not starting Redis server which is a prereq for ntopng to operate. Are you...