cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who rated this post

L7 Applicator

I replayed your PCAP to my lab. I see NTPv4 traffic detected as ntp-base, and NTPv1 traffic detected as ntp-non-rfc. I don't see any bittorrent traffic, but I am running 10.2.2, maybe your PAN-OS identifies it differently. Check the source ports of the sessions identified as bittorrent, and compare them to your packet capture to see if there is a correlation between NTPv1 and bittorrent, versus NTPv4 and correct identifification of ntp-base traffic. It is possible that your firewall is detecting ntp-non-rfc as bittorrent.

Who rated this post