Re: [Ntop-misc] nprobe + ntopng

[Stefano Bianchi]

Luca,

here is the complete log of start and stuck...
you can see after th first data displayed the output stop (and the same 
happen to the other side of the zmq comunication, ntopng stop to read 
data fromr this probe).

i also add the lspci.

Please note i had tested to compile with and without PF_RING and i also 
test tcpdump coming with PF_RING, if the pf_ring.ko is removed it work 
fine, but with pf_rng.ko installed (insmod ...) tcpdump stop to 
receceive data out than broadcast.


me@te:~$
me@te:~$ sudo /usr/local/bin/nprobe -b2 -i eth2 -Q 1 -u 1 
--lifetime-timeout 600 --idle-timeout 60 --queue-timeout 60 -g 
/var/tmp/nprobe.pid --ndpi-proto-ports /tmp/protos.txt -T "%IN_SRC_MAC 
%OUT_DST_MAC %IPV4_SRC_ADDR %IPV4_DST_ADDR %IN_PKTS %IN_BYTES %OUT_PKTS 
%OUT_BYTES %PROTOCOL %L4_SRC_PORT %L4_DST_PORT %FIRST_SWITCHED 
%LAST_SWITCHED\
 %TCP_FLAGS %SRC_TOS %L7_PROTO %L7_PROTO_NAME %IPV4_SRC_MASK 
%IPV4_DST_MASK %FLOWS %FRAGMENTS" --zmq tcp://*:5556 
--mysql=localhost:nprobe:l:nprobe:nprobe
15/Jan/2014 12:06:10 [plugin.c:161] No plugins found in ./plugins
15/Jan/2014 12:06:10 [plugin.c:168] Loading plugins [.so] from 
/usr/local/lib/nprobe/plugins
15/Jan/2014 12:06:10 [nprobe.c:3620] Succesfully created zmq endpoint 
tcp://*:5556
15/Jan/2014 12:06:10 [nprobe.c:3835] Welcome to nprobe v.6.15.140114 
($Revision: 3745 $) for x86_64-unknown-linux-gnu
15/Jan/2014 12:06:10 [nprobe.c:3863] Tracing enabled
15/Jan/2014 12:06:10 [nprobe.c:3901] WARNING: -n parameter is missing. 
127.0.0.1:2055 will be used.
15/Jan/2014 12:06:10 [nprobe.c:2530] Exporting flows towards 
127.0.0.1:2055 using UDP
15/Jan/2014 12:06:10 [bgpPlugin.c:380] BGP plugin is disabled 
(--bgp-port has not been specified)
15/Jan/2014 12:06:10 [dbPlugin.c:78] Initializing DB plugin
15/Jan/2014 12:06:10 [dbPlugin.c:136] Attempting to connect to database 
as [host: localhost][dbname: nprobe][table prefix: l][user: nprobe][pwd: 
xxxxxx]
15/Jan/2014 12:06:10 [database.c:92] MySQL initialized
15/Jan/2014 12:06:10 [database.c:112] Successfully connected to MySQL 
[host:dbname:user:passwd]=[localhost@0:nprobe:nprobe:xxxxxx]
15/Jan/2014 12:06:10 [plugin.c:225] 2 plugin(s) loaded [2 delete][1 packet].
15/Jan/2014 12:06:10 [nprobe.c:5710] Welcome to nprobe v.6.15.140114 for 
x86_64-unknown-linux-gnu
15/Jan/2014 12:06:10 [nprobe.c:4948] Compiling flow templates...
15/Jan/2014 12:06:10 [nprobe.c:4984] Using NetFlow Packet Payload Len: 1472
15/Jan/2014 12:06:10 [plugin.c:745] Scanning plugin BGP Update Listener
15/Jan/2014 12:06:10 [plugin.c:745] Scanning plugin MySQL DB
15/Jan/2014 12:06:10 [plugin.c:872] 0 plugin(s) enabled
15/Jan/2014 12:06:10 [nprobe.c:5285] Scanning flow template...
15/Jan/2014 12:06:10 [nprobe.c:5295] Template [id=257]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found             IN_BYTES [num 
1][id 1][4 bytes][total 4 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found              IN_PKTS [num 
2][id 2][4 bytes][total 8 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found                FLOWS [num 
3][id 3][4 bytes][total 12 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found             PROTOCOL [num 
4][id 4][1 bytes][total 13 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found              SRC_TOS [num 
5][id 5][1 bytes][total 14 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found            TCP_FLAGS [num 
6][id 6][1 bytes][total 15 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found          L4_SRC_PORT [num 
7][id 7][2 bytes][total 17 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found        IPV4_SRC_ADDR [num 
8][id 8][4 bytes][total 21 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found        IPV4_SRC_MASK [num 
9][id 9][1 bytes][total 22 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found          L4_DST_PORT [num 
10][id 11][2 bytes][total 24 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found        IPV4_DST_ADDR [num 
11][id 12][4 bytes][total 28 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found        IPV4_DST_MASK [num 
12][id 13][1 bytes][total 29 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found        LAST_SWITCHED [num 
13][id 21][4 bytes][total 33 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found       FIRST_SWITCHED [num 
14][id 22][4 bytes][total 37 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found            OUT_BYTES [num 
15][id 23][4 bytes][total 41 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found             OUT_PKTS [num 
16][id 24][4 bytes][total 45 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found           IN_SRC_MAC [num 
17][id 56][6 bytes][total 51 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found          OUT_DST_MAC [num 
18][id 80][6 bytes][total 57 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found            FRAGMENTS [num 
19][id 80][2 bytes][total 59 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found             L7_PROTO [num 
20][id 118][2 bytes][total 61 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found        L7_PROTO_NAME [num 
21][id 119][16 bytes][total 77 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5295] Template [id=258]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found             IN_BYTES [num 
1][id 1][4 bytes][total 4 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found              IN_PKTS [num 
2][id 2][4 bytes][total 8 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found                FLOWS [num 
3][id 3][4 bytes][total 12 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found             PROTOCOL [num 
4][id 4][1 bytes][total 13 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found              SRC_TOS [num 
5][id 5][1 bytes][total 14 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found            TCP_FLAGS [num 
6][id 6][1 bytes][total 15 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found          L4_SRC_PORT [num 
7][id 7][2 bytes][total 17 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found          L4_DST_PORT [num 
8][id 11][2 bytes][total 19 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found        LAST_SWITCHED [num 
9][id 21][4 bytes][total 23 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found       FIRST_SWITCHED [num 
10][id 22][4 bytes][total 27 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found            OUT_BYTES [num 
11][id 23][4 bytes][total 31 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found             OUT_PKTS [num 
12][id 24][4 bytes][total 35 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found        IPV6_SRC_ADDR [num 
13][id 27][16 bytes][total 51 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found        IPV6_DST_ADDR [num 
14][id 28][16 bytes][total 67 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found        IPV6_SRC_MASK [num 
15][id 29][1 bytes][total 68 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found        IPV6_DST_MASK [num 
16][id 30][1 bytes][total 69 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found           IN_SRC_MAC [num 
17][id 56][6 bytes][total 75 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found          OUT_DST_MAC [num 
18][id 80][6 bytes][total 81 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found            FRAGMENTS [num 
19][id 80][2 bytes][total 83 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found             L7_PROTO [num 
20][id 118][2 bytes][total 85 bytes]
15/Jan/2014 12:06:10 [nprobe.c:5301] Found        L7_PROTO_NAME [num 
21][id 119][16 bytes][total 101 bytes]
15/Jan/2014 12:06:10 [database.c:217] Creating database schema...
15/Jan/2014 12:06:10 [database.c:219] Scanning templates
15/Jan/2014 12:06:11 [nprobe.c:5325] Scanning option template...
15/Jan/2014 12:06:11 [nprobe.c:5331] Found      TOTAL_FLOWS_EXP [id 
42][4 bytes][total 4 bytes]
15/Jan/2014 12:06:11 [nprobe.c:5331] Found       TOTAL_PKTS_EXP [id 
41][4 bytes][total 8 bytes]
15/Jan/2014 12:06:11 [nprobe.c:5359] Each flow is 101 bytes long
15/Jan/2014 12:06:11 [nprobe.c:5360] The # packets per flow has been set 
to 13
15/Jan/2014 12:06:11 [nprobe.c:4356] Using packet capture length 1600
15/Jan/2014 12:06:11 [nprobe.c:5890] The flows hash has 131072 buckets
15/Jan/2014 12:06:11 [nprobe.c:5892] Flows older than 600 seconds will 
be exported
15/Jan/2014 12:06:11 [nprobe.c:5895] Flows inactive for at least 60 
seconds will be exported
15/Jan/2014 12:06:11 [nprobe.c:5898] Expired flows will not be queued 
for more than 60 seconds
15/Jan/2014 12:06:11 [nprobe.c:5905] Exported flows with engineType 0 
and engineId 162
15/Jan/2014 12:06:11 [nprobe.c:5927] TCP TOS will be ignored and set to 0.
15/Jan/2014 12:06:11 [nprobe.c:5932] Flows ASs will not be computed 
(missing GeoIP support)
15/Jan/2014 12:06:11 [nprobe.c:5945] After 1 flow packets are sent, 
we'll delay at least 1 ms
15/Jan/2014 12:06:11 [nprobe.c:5965] Flows will be emitted in NetFlow 9 
format
15/Jan/2014 12:06:11 [nprobe.c:5995] Flow input interface index is set to 1
15/Jan/2014 12:06:11 [nprobe.c:6001] Flow output interface index is set to 1
15/Jan/2014 12:06:11 [nprobe.c:6017] Capturing packets from interface 
eth2 [snaplen: 1600 bytes]
15/Jan/2014 12:06:11 [util.c:2692] nProbe changed user to 'nobody'
15/Jan/2014 12:06:11 [plugin.c:708] Disabling plugin BGP Update Listener 
(no template is using it)
15/Jan/2014 12:06:11 [plugin.c:708] Disabling plugin MySQL DB (no 
template is using it)
15/Jan/2014 12:06:11 [nprobe.c:5472] Loading nDPI custom protocol ports 
from /tmp/protos.txt
[NDPI] addDefaultPort(): found duplicate for port 1720: overwriting it 
with new value
[NDPI] addDefaultPort(): found duplicate for port 3001: overwriting it 
with new value
[NDPI] addDefaultPort(): found duplicate for port 44046: overwriting it 
with new value
15/Jan/2014 12:06:11 [nprobe.c:6122] Starting 1 packet fetch thread(s)
15/Jan/2014 12:06:11 [engine.c:2967] Starting bucket dequeue thread
15/Jan/2014 12:06:11 [nprobe.c:4717] Fetch packets thread started [thread 0]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:20841 
-> 10.246.128.166:56001 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 
0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=44707]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:28216 
-> 10.246.128.25:5061 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 
0][tos 48][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=1001]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.246.128.25:5061 
-> 10.19.1.205:46988 [50:57:A8:09:4C:00 -> 00:10:DB:FF:A0:80][vlan 
0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=19773]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:20847 
-> 10.246.128.166:56001 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 
0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=44713]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:45572 
-> 10.249.37.50:443 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 0][tos 
48][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=56004]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:56075 
-> 10.246.128.165:56001 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 
0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=79940]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:45512 
-> 10.249.37.25:443 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 0][tos 
0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=55919]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:37871 
-> 10.246.128.165:56001 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 
0][tos 48][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=61736]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [icmp] 10.246.130.10:0 -> 
10.19.128.35:0 [50:57:A8:09:4C:00 -> 00:10:DB:FF:A0:80][vlan 0][tos 
0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=558]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.246.130.10:3329 
-> 10.19.128.35:445 [50:57:A8:09:4C:00 -> 00:10:DB:FF:A0:80][vlan 0][tos 
0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=4337]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:45350 
-> 10.246.128.161:56001 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 
0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=69211]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:45578 
-> 10.249.37.25:443 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 0][tos 
0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=55985]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:45585 
-> 10.249.37.50:443 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 0][tos 
48][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=56017]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:45500 
-> 10.249.37.25:443 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 0][tos 
0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=55907]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:45511 
-> 10.249.37.25:443 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 0][tos 
0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=55918]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:45588 
-> 10.246.132.16:443 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 
0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=14770]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.246.130.10:3332 
-> 10.19.128.8:80 [50:57:A8:09:4C:00 -> 00:10:DB:FF:A0:80][vlan 0][tos 
0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=3948]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:45217 
-> 10.246.128.84:56006 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 
0][tos 48][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=69006]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:2057 -> 
10.246.128.162:56001 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 
0][tos 48][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=25919]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:61293 
-> 10.246.128.84:56006 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 
0][tos 48][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=85082]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:44124 
-> 10.246.128.167:56001 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 
0][tos 48][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=67991]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:38713 
-> 10.196.8.171:3200 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 
0][tos 48][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=110135]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:61646 
-> 10.196.6.56:3202 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 0][tos 
48][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=1371]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 10.19.1.205:45584 
-> 10.246.132.16:443 [00:10:DB:FF:A0:80 -> 50:57:A8:09:4C:00][vlan 
0][tos 48][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=14766]
15/Jan/2014 12:06:11 [engine.c:2190] New Flow: [tcp] 
10.246.128.165:56001 -> 10.19.1.205:37873 [50:57:A8:09:4C:00 -> 
00:10:DB:FF:A0:80][vlan 0][tos 0][ifIdx: 65535 -> 65535][subflowId: 
0/0x0000][idx=61738]







^Z
[1]+  Stopped                 sudo /usr/local/bin/nprobe -b2 -i eth2 -Q 
1 -u 1 --lifetime-timeout 600 --idle-timeout 60 --queue-timeout 60 -g 
/var/tmp/nprobe.pid --ndpi-proto-ports /tmp/protos.txt -T "%IN_SRC_MAC 
%OUT_DST_MAC %IPV4_SRC_ADDR %IPV4_DST_ADDR %IN_PKTS %IN_BYTES %OUT_PKTS 
%OUT_BYTES %PROTOCOL %L4_SRC_PORT %L4_DST_PORT %FIRST_SWITCHED 
%LAST_SWITCHED %TCP_FLAGS %SRC_TOS %L7_PROTO %L7_PROTO_NAME 
%IPV4_SRC_MASK %IPV4_DST_MASK %FLOWS %FRAGMENTS" --zmq tcp://*:5556 
--mysql=localhost:nprobe:l:nprobe:nprobe
me@te:~$ bg 1
[1]+ sudo /usr/local/bin/nprobe -b2 -i eth2 -Q 1 -u 1 --lifetime-timeout 
600 --idle-timeout 60 --queue-timeout 60 -g /var/tmp/nprobe.pid 
--ndpi-proto-ports /tmp/protos.txt -T "%IN_SRC_MAC %OUT_DST_MAC 
%IPV4_SRC_ADDR %IPV4_DST_ADDR %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES 
%PROTOCOL %L4_SRC_PORT %L4_DST_PORT %FIRST_SWITCHED %LAST_SWITCHED 
%TCP_FLAGS %SRC_TOS %L7_PROTO %L7_PROTO_NAME %IPV4_SRC_MASK 
%IPV4_DST_MASK %FLOWS %FRAGMENTS" --zmq tcp://*:5556 
--mysql=localhost:nprobe:l:nprobe:nprobe &
me@te:~$
me@te:~$ ps ax
  PID TTY      STAT   TIME COMMAND
<snip>
 9507 pts/3    S      0:00 sudo /usr/local/bin/nprobe -b2 -i eth2 -Q 1 
-u 1 --lifetime-timeout 600 --idle-timeout 60 --queue-timeout 60 -g 
/var/tmp/nprobe.pid --ndpi-proto-ports /tmp/protos.txt -T
 9508 pts/3    Sl     2:55 /usr/local/bin/nprobe -b2 -i eth2 -Q 1 -u 1 
--lifetime-timeout 600 --idle-timeout 60 --queue-timeout 60 -g 
/var/tmp/nprobe.pid --ndpi-proto-ports /tmp/protos.txt -T %IN_S
me@te:~$
me@te:~$ date
Wed Jan 15 12:09:22 CET 2014
me@te:~$

lspci
00:00.0 Host bridge: Intel Corporation 5000P Chipset Memory Controller 
Hub (rev b1)
00:02.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x8 
Port 2-3 (rev b1)
00:03.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x4 
Port 3 (rev b1)
00:04.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x8 
Port 4-5 (rev b1)
00:05.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x4 
Port 5 (rev b1)
00:06.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x8 
Port 6-7 (rev b1)
00:07.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x4 
Port 7 (rev b1)
00:10.0 Host bridge: Intel Corporation 5000 Series Chipset FSB Registers 
(rev b1)
00:10.1 Host bridge: Intel Corporation 5000 Series Chipset FSB Registers 
(rev b1)
00:10.2 Host bridge: Intel Corporation 5000 Series Chipset FSB Registers 
(rev b1)
00:11.0 Host bridge: Intel Corporation 5000 Series Chipset Reserved 
Registers (rev b1)
00:13.0 Host bridge: Intel Corporation 5000 Series Chipset Reserved 
Registers (rev b1)
00:15.0 Host bridge: Intel Corporation 5000 Series Chipset FBD Registers 
(rev b1)
00:16.0 Host bridge: Intel Corporation 5000 Series Chipset FBD Registers 
(rev b1)
00:1c.0 PCI bridge: Intel Corporation 631xESB/632xESB/3100 Chipset PCI 
Express Root Port 1 (rev 09)
00:1c.1 PCI bridge: Intel Corporation 631xESB/632xESB/3100 Chipset PCI 
Express Root Port 2 (rev 09)
00:1d.0 USB controller: Intel Corporation 631xESB/632xESB/3100 Chipset 
UHCI USB Controller #1 (rev 09)
00:1d.1 USB controller: Intel Corporation 631xESB/632xESB/3100 Chipset 
UHCI USB Controller #2 (rev 09)
00:1d.2 USB controller: Intel Corporation 631xESB/632xESB/3100 Chipset 
UHCI USB Controller #3 (rev 09)
00:1d.3 USB controller: Intel Corporation 631xESB/632xESB/3100 Chipset 
UHCI USB Controller #4 (rev 09)
00:1d.7 USB controller: Intel Corporation 631xESB/632xESB/3100 Chipset 
EHCI USB2 Controller (rev 09)
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev d9)
00:1f.0 ISA bridge: Intel Corporation 631xESB/632xESB/3100 Chipset LPC 
Interface Controller (rev 09)
00:1f.1 IDE interface: Intel Corporation 631xESB/632xESB IDE Controller 
(rev 09)
00:1f.3 SMBus: Intel Corporation 631xESB/632xESB/3100 Chipset SMBus 
Controller (rev 09)
01:00.0 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express 
Upstream Port (rev 01)
01:00.3 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express to 
PCI-X Bridge (rev 01)
02:00.0 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express 
Downstream Port E1 (rev 01)
02:01.0 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express 
Downstream Port E2 (rev 01)
03:00.0 RAID bus controller: Adaptec AAC-RAID (Rocket) (rev 02)
08:01.0 Ethernet controller: Intel Corporation 82546GB Gigabit Ethernet 
Controller (rev 03)
08:01.1 Ethernet controller: Intel Corporation 82546GB Gigabit Ethernet 
Controller (rev 03)
1a:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5721 
Gigabit Ethernet PCI Express (rev 21)
1c:04.0 VGA compatible controller: Advanced Micro Devices, Inc. 
[AMD/ATI] ES1000 (rev 02)



Il 15/01/2014 09:48, Luca Deri ha scritto:
Stefano
please provide some logs of the instance that is dropping traffic

Luca

On 14 Jan 2014, at 16:14, Stefano Bianchi 
<stefano.bian...@iskranet.net <mailto:stefano.bian...@iskranet.net>> 
wrote:

Hi there,

i'm facing a strange issue wih the nprobe & ntopng architecture.
i'm testing an environment where 2 nprobe systems (using the same 
nprobe distribution) feed one single ntopng system.

one of the 2 nprobe is working fine, i must start without the -G flag 
otherwire it stop to generate flowsin zmq & local db after some times.
the second one is not working fine, it start to listend and generate 
flows, but after a while (10 or 15 seconds) it stop to generate 
anything and the statistics (-b 1) tell me i is dropping whole traffic.
the big difference could be in the host machine (no one could be the 
same than the other) and the troughtput, the second one is listening 
at 80Mbit/s the other one (the working one  mean) is listeing 7 to 14 
Mbit/s of traffic.

can you help ?

/stefano


Il 20/12/2013 16:34, Yuri Francalacci ha scritto:
check with netstat if port 5556 is in "LISTEN" and if ntopng can 
connect to this host/port (firewall issue?)(if you are running apps 
on different machine).
Yuri
###############################################
Yuri Francalacci   -y...@ntop.org 
<mailto:y...@ntop.org><mailto:y...@ntop.org>   -http://www.ntop.org 
<http://www.ntop.org/><http://www.ntop.org/>
"Simplicity is the ultimate sophistication" - Leonardo da Vinci
###############################################

On Dec 20, 2013, at 10:21 AM, Stefano Bianchi wrote:

Yuri,

please also have a view to nprobe startup


20/Dec/2013 10:13:55 [plugin.c:161] No plugins found in ./plugins
20/Dec/2013 10:13:55 [plugin.c:168] Loading plugins [.so] from 
/usr/local/lib/nprobe/plugins
20/Dec/2013 10:13:55 [nprobe.c:3620] Succesfully created zmq 
endpoint tcp://10.10.10.10:5556
20/Dec/2013 10:13:55 [nprobe.c:3835] Welcome to nprobe 
v.6.15.131219 ($Revision: 3745 $) for x86_64-unknown-linux-gnu with 
native PF_RING acceleration
20/Dec/2013 10:13:55 [nprobe.c:3901] WARNING: -n parameter is 
missing. 127.0.0.1:2055 will be used.
20/Dec/2013 10:13:55 [dbPlugin.c:78] Initializing DB plugin
20/Dec/2013 10:13:55 [dbPlugin.c:136] Attempting to connect to 
database as [host: localhost][dbname: nprobe][table prefix: 
l][user: nprobe][pwd: xxxxxx]
20/Dec/2013 10:13:55 [database.c:92] MySQL initialized
20/Dec/2013 10:13:55 [database.c:112] Successfully connected to 
MySQL [host:dbname:user:passwd]=[localhost@0:nprobe:nprobe:xxxxxx]
20/Dec/2013 10:13:55 [nprobe.c:5710] Welcome to nprobe 
v.6.15.131219 for x86_64-unknown-linux-gnu
20/Dec/2013 10:13:55 [nprobe.c:4984] Using NetFlow Packet Payload 
Len: 1472
20/Dec/2013 10:13:55 [plugin.c:872] 0 plugin(s) enabled
20/Dec/2013 10:13:55 [database.c:217] Creating database schema...
20/Dec/2013 10:13:55 [nprobe.c:5359] Each flow is 187 bytes long
20/Dec/2013 10:13:55 [nprobe.c:5360] The # packets per flow has 
been set to 6
20/Dec/2013 10:13:55 [util.c:310] WARNING: Unable to load AS file 
/usr/local/nprobe/GeoIPASNum.dat. AS support disabled
20/Dec/2013 10:13:55 [util.c:319] WARNING: Unable to load AS IPv6 
file /usr/local/nprobe/GeoIPASNumv6.dat. AS IPv6 support disabled
20/Dec/2013 10:13:55 [nprobe.c:4356] Using packet capture length 1600
20/Dec/2013 10:13:55 [pro/pf_ring.c:325] Using PF_RING in-kernel 
accelerated packet parsing
20/Dec/2013 10:13:55 [pro/pf_ring.c:329] Dumping traffic statistics 
on /proc/net/pf_ring/stats/17330-eth2.36
20/Dec/2013 10:13:55 [nprobe.c:5932] Flows ASs will not be computed

ciao


Il 20/12/2013 10:18, Stefano Bianchi ha scritto:
Yuri,

thank for replay but i alredy have the " around the param.
this is my startup script

NOMESONDA="PROBE1"
PIDFILE="/var/tmp/nprobe.pid"
ZMQ_SOCKET="tcp://*:5556"
SNIF_IFACE="eth2"
DB_HOST="localhost"
DB_SCHEMA="nprobe"
DB_TABPREFIX="l"
DB_USER="nprobe"
DB_PASSWORD="pass"
PROTOS="/tmp/protos.txt"
TEMPLATEFILE="/tmp/capture_template.txt"
FILTERINFILE="$NOMESONDA+captfilter.txt"
FILTERFILE="/tmp/captfilter.txt"
BINPATH="/usr/local/bin"

case "$1" in
start)
echo "Starting nprobe"
<snip>
  TEMPLATE=$(cat "$TEMPLATEFILE")
  FILTER=$(cat "$FILTERFILE")
  if [ ! -f /tmp/nprobe.norun ]; then

  $BINPATH/nprobe -i $SNIF_IFACE -Q 1 -u 1 -G --lifetime-timeout 
600 --idle-timeout 60 --queue-timeout 60\
  -g "$PIDFILE"  --ndpi-proto-ports $PROTOS \
  -T "$TEMPLATE" -f "$FILTER" \
  --zmq "$ZMQ_SOCKET" 
"--mysql=$DB_HOST:$DB_SCHEMA:$DB_TABPREFIX:$DB_USER:$DB_PASSWORD" 
> /var/log/nprobe


But even i bind the zmq socket to real ip 
(ZMQ_SOCKET="tcp://10.10.10:5556") nothing change, the zmq_pool 
timeout each second without fetching data ( i added a log of 
zmq_poll timeout).

ciao

Il 19/12/2013 17:56, Yuri Francalacci ha scritto:
if you do not use " " in zmq address, the shell will expand the *.
Try enclosing the zmq address in " ".
Yuri
On 19/dic/2013, at 16:18, Stefano Bianchi 
<stefano.bian...@iskranet.net 
<mailto:stefano.bian...@iskranet.net><mailto:stefano.bian...@iskranet.net>> 
wrote:

Hi,
i had just finish to set up a complete environment with a server 
is sniffing the traffic with nprobe (last version) and another 
one is trying to fetch the traffic from the originating machine.

i see zmq conversation set up but i fail to receive any traffic 
and ntopng interface loop on "No packet has been received yet on 
interfacecollector@10.10.10.10 <mailto:collector@10.10.10.10>:5556.

Start options:
nprobe
/usr/local/bin/nprobe -i eth2 -Q 1 -u 1 -G --lifetime-timeout 
600 --idle-timeout 60 --queue-timeout 60 -g /var/tmp/nprobe.pid 
--ndpi-proto-ports /tmp/protos.txt -T %IN_SRC_MAC %OUT_DST_MAC 
%IPV4_SRC_ADDR %IPV4_DST_ADDR %IN_PKTS %IN_BYTES %OUT_PKTS 
%OUT_BYTES %PROTOCOL %L4_SRC_PORT %L4_DST_PORT %FIRST_SWITCHED 
%LAST_SWITCHED  %TCP_FLAGS %SRC_TOS %L7_PROTO %L7_PROTO_NAME 
%IPV4_SRC_MASK %IPV4_DST_MASK %FLOWS %FRAGMENTS 
%CLIENT_NW_DELAY_SEC %CLIENT_NW_DELAY_USEC %SERVER_NW_DELAY_SEC 
%SERVER_NW_DELAY_USEC %APPL_LATENCY_SEC %APPL_LATENCY_USEC 
%NUM_PKTS_UP_TO_128_BYTES %NUM_PKTS_128_TO_256_BYTES 
%NUM_PKTS_256_TO_512_BYTES %NUM_PKTS_512_TO_1024_BYTES 
%NUM_PKTS_1024_TO_1514_BYTES %NUM_PKTS_OVER_1514_BYTES 
%FLOW_PROTO_PORT %LONGEST_FLOW_PKT %SHORTEST_FLOW_PKT 
%RETRANSMITTED_IN_PKTS %RETRANSMITTED_OUT_PKTS %OOORDER_IN_PKTS 
%OOORDER_OUT_PKTS %IPV4_NEXT_HOP 
--zmqtcp://*:5556--mysql=localhost:nprobe:l:nprobe:pass

ntopng
./ntopng -itcp://10.10.10.10:5556

I had confirm about flow are captured by the nprobe as they are 
also stored in the local database, and i see the zmq session 
startup via tcpdump, but no no more data are exchanged after the 
first 5 or 6 pck.
how i can find why zmq is not working ?

thanks in advance

Stefano
_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it 
<mailto:Ntop-misc@listgateway.unipi.it><mailto:Ntop-misc@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
###############################################
Yuri Francalacci   -y...@ntop.org 
<mailto:y...@ntop.org><mailto:y...@ntop.org> 
  -http://www.ntop.org <http://www.ntop.org/>
"Simplicity is the ultimate sophistication" - Leonardo da Vinci
###############################################










_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc