Hi I’m testing a remote nProbe instance in probe mode and relay’ing complete flow/sessioninfo to NtopNG with ZMQ and the @Ntopng@ template.

When NtopNG itself is doing the interface capture I’m used to seeing SNI and certificate Info in the “INFO” colum on HTTPS/TLS sessions.

But the remote nProbe does not seem to capture/relay this info using nDPI to my NtopNG. I can see HTTP info as usual - so it is doing something. I also didn’t see the DNS decoded names for remote hosts I was expecting, but I found that I had to enable DNS name decoding in the NtopNG config file rather than in the remote nProbe (where I thought nDPI and nProbe + plugins combined this data to send to NtopNG).

Am I missing something, or do I have to enable this somehow in the NtopNG config file as well?

Can you please provide a way to reproduce the defect?

I have since then abandoned the setup where I attempted to use a remote nProbe, so I no longer have the platform available. My own conclusion was that it perhaps was related to the http/dns plugins not working in trial mode because the trial session limits was reached within a minute in my setup. And I only have a licensed nProbe Pro where the plugins are not enabled to do longer testing with.