nProbe/ntopng application unknown

[gsuJohn]

Hello all my application data is showing up as unknown. I wanted to get more L7 data to ntopng. My current setup is Netflow from Nexus 7k/nProbe/ntopng. Here is the configuration.

Netflow from Cisco Nexus 7k

flow record NTArecord match ipv4 source address match ipv4 destination address match ipv4 protocol match transport source-port match transport destination-port match ipv4 tos match interface input collect interface output collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last collect application name

--flow exporter

flow exporter NTAExport destination “My Ubuntu servers IP address” source vlan 1 transport UDP 2055 export-protocol netflow-v9 template data timeout 60 option application-table timeout 60 option application-attributes timeout 300 flow monitor NTAMonitor record NTArecord exporter NTAExport cache timeout active 60 cache timeout inactive 15

sampler netflow-sampler mode 1 out-of 10

--Interface setup int vlan 12 ip flow monitor NTAMonitor input ip flow monitor NTAMonitor output

Ubuntu 22.04.1 Nprobe version 10.1.221103 Enterprise M Edition Sudo nprobe –zmq “tcp://*:5556 –collector-port 2055 -T “@NTOPNG@”

Ntopng version 5.5.221103 Pro Edition Sudo ntopng -I tcp://127.0.0.1:5556

[cardigliano]

@gsuJohn please note that L7 protocols are detected by our nDPI library, which requires access to the packet payloads to be accurate. When collecting Netflow, the library can guess the protocol using port and l4 protocol, thus you may experience a lot of Unknown L7 protocols depending on the traffic. Is all your traffic Unknown? Could you provide some example?

[gsuJohn]

Yes all the traffic is unkown. Thanks for the reply.