Traffic Classification with dynamic ports #189
Labels
Comments
mikes-gh
changed the title
|
nDPI already provides a classification based on host, not only on port. https://github.com/ntop/nDPI/blob/dev/src/lib/ndpi_content_match.c.inc Can you do a real example ? |
|
Yes but not a combination of both at the same time which would be required to map dynamic posts that may be different per host. Something like. tcp:3000@ntop Unless you have any other ideas of how to classify the traffic. mybe need to think laterally here. |
IvanNardi
added a commit
to IvanNardi/nDPI
that referenced
this issue
Mar 29, 2023
Add an example where traffic matching the same IP, but different ports is classified to different protocols. Close ntop#189
IvanNardi
added a commit
to IvanNardi/nDPI
that referenced
this issue
Mar 29, 2023
Add an example where traffic matching the same IP, but different ports is classified to different protocols. Close ntop#189
IvanNardi
added a commit
that referenced
this issue
Mar 30, 2023
Add an example where traffic matching the same IP, but different ports is classified to different protocols. Close #189
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Since a lot of windows traffic uses the rpc port mapper and dynamic ports the majority of my traffic is Unknown. Sometimes the same port on different hosts is used for different services. So even if I do a netstat -ab to check the services using the ports and add the port descriptions I have no way to classify the traffic across hosts that uses the same port for different services.
Is there anyway to classify traffic per host? I guess Im looking for a more flexible traffic profiling system.
The text was updated successfully, but these errors were encountered: