Hi,
i had just finish to set up a complete environment with a server is
sniffing the traffic with nprobe (last version) and another one is
trying to fetch the traffic from the originating machine.
i see zmq conversation set up but i fail to receive any traffic and
ntopng interface loop on "No packet has been received yet on interface
[email protected]:5556.
Start options:
nprobe
/usr/local/bin/nprobe -i eth2 -Q 1 -u 1 -G --lifetime-timeout 600
--idle-timeout 60 --queue-timeout 60 -g /var/tmp/nprobe.pid
--ndpi-proto-ports /tmp/protos.txt -T %IN_SRC_MAC %OUT_DST_MAC
%IPV4_SRC_ADDR %IPV4_DST_ADDR %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES
%PROTOCOL %L4_SRC_PORT %L4_DST_PORT %FIRST_SWITCHED %LAST_SWITCHED
%TCP_FLAGS %SRC_TOS %L7_PROTO %L7_PROTO_NAME %IPV4_SRC_MASK
%IPV4_DST_MASK %FLOWS %FRAGMENTS %CLIENT_NW_DELAY_SEC
%CLIENT_NW_DELAY_USEC %SERVER_NW_DELAY_SEC %SERVER_NW_DELAY_USEC
%APPL_LATENCY_SEC %APPL_LATENCY_USEC %NUM_PKTS_UP_TO_128_BYTES
%NUM_PKTS_128_TO_256_BYTES %NUM_PKTS_256_TO_512_BYTES
%NUM_PKTS_512_TO_1024_BYTES %NUM_PKTS_1024_TO_1514_BYTES
%NUM_PKTS_OVER_1514_BYTES %FLOW_PROTO_PORT %LONGEST_FLOW_PKT
%SHORTEST_FLOW_PKT %RETRANSMITTED_IN_PKTS %RETRANSMITTED_OUT_PKTS
%OOORDER_IN_PKTS %OOORDER_OUT_PKTS %IPV4_NEXT_HOP --zmq tcp://*:5556
--mysql=localhost:nprobe:l:nprobe:pass
ntopng
./ntopng -i tcp://10.10.10.10:5556
I had confirm about flow are captured by the nprobe as they are also
stored in the local database, and i see the zmq session startup via
tcpdump, but no no more data are exchanged after the first 5 or 6 pck.
how i can find why zmq is not working ?
thanks in advance
Stefano
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
