simonemainardi
commented
7 years ago you can instruct nDPI and ntopng to properly mark that traffic as WUDO. See this: http://www.ntop.org/ndpi/configuring-ndpi-for-custom-protocol-detection/
However, the best solution is to post a request to add WUDO support on the official nDPI page https://github.com/ntop/nDPI/issues. Please, make sure to upload a pcap with the traffic you want to be supported as well.
Hi All, I'm seeing a lot of "unknown" traffic on tcp port 7680. According to this web page http://www.computerworld.com/article/2955288/microsoft-windows/windows-10-commandeers-users-upload-bandwidth.html
this appears to be Windows 10 peer-to-peer updating. Given the nature of the traffic and our network, I'm inclined to agree that this is that traffic - although it's interesting that I'm seeing lots of the tcp on port 7680 but not much of the UDP on the corresponding port.
Am I able to teach my ntopng to classify this as WUDO traffic? I've tried using "traffic profiles" but that seems to just tag the traffic and doesn't allow me to search to see the traffic counts under the "profiles" page. (unless I'm using it wrongly).
Cheers, Chris.