In the Applications tab it’s possible to configure the category associated associated with a particular application.
ntopng determines the application of a flow via some rules into nDPI. However, some additional rules can be specied by the user via the –ndpi-protocols|-p <file> option. The file has the following format:
# host:"<value>",host:"<value>",[email protected]<subproto>host:"googlesyndacation.com"@Googlehost:"venere.com"@Venere
An example for this configuration file is available on: https://github.com/ntop/nDPI/blob/dev/example/protos.txt
Ntopng also supports editing such file from the gui. In order to do so, it’s still necessary to use the above option to point to a protos file located into a directory where ntopng has the permission to read and write. In practice, in order to enable tihs feature, ntopng should be started with the –ndpi-protocols=/var/lib/ntopng/protos.txt option. If you already have a protos file, move it to /var/lib/ntopng/protos.txt and run
sudo chown ntopng:ntopng /var/lib/ntopng/protos.txt
to prepare it to be used by ntopng.
After this feature is enabled, by clicking on the “Edit Rules” button it will be possible edit an application rules rirectly from the gui and add new protocols. It’s important to note that rules and new protocols will only be created and applied after a restart of ntopng.
For example, the tcp:8080 rule in the example above tells ntopng to treat all the tcp traffic on port 8080 as HTTP. In order to delete a user defined protocol it’s necessary to clear all of its rules and save the changes. The protocol will be deleted after a restart of ntopng.