Thanks for the reply.
Unfortunately, I am not clear on how the pcap file would be created. I
am not doing any kind of capture on the server where I am running ntopng
or nprobe.
I assumed that nprobe would accept the incoming netflow data from the
routers and then feed it to ntopng.
Is that not correct? Do I need some other software running to accept the
netflow data from the routers and put it in a pcap file?
Thanks
Jon
On 2/1/2014 8:28 AM, Luca Deri wrote:
Jon,
the correct syntax is describe here
https://svn.ntop.org/svn/ntop/trunk/ntopng/README.ntopng
- collector
ntopng -itcp://127.0.0.1:5556
- probe (nProbe)
nprobe --zmq "tcp://*:5556" -i ~/pcap/http.pcap -n none -b 2
Luca
On 31 Jan 2014, at 18:15, Jon Bayless <[email protected]
<mailto:[email protected]>> wrote:
Hi! I've successfully installed Ntopng on a Centos 6.5 x86_64 server
and the new web interface is very nice. It looks very impressive so
far. I am hoping to use the software to display and analyze netflow
data exported/sent by Cisco Catalyst 6500 series layer 3 switches.
Currently we have flows sent from those switches going into
jkflow/flowscan on other linux servers and it works nicely but there
is no interface beyond the manual RRDtool graphs we build from the
data to show basic in and out byte counts.
I understand that nprobe must be used as the netflow collector
running on the server with ntopng and I have tried to find good
documentation on what settings to use to do so. The best I have been
able to do is see a number of packets and connections from the
switches in question in the hosts display and flows. It shows it has
received roughly 1.5GB of data from each of the 2 routers I have
sending to it but the data itself doesn't seem to be processed by
nprobe or ntopng.
The command I have used to start nprobe currently is:
nprobe --zmq "tcp://127.0.0.1:5556" -i none -n none -V 5
--collector-port 2055
But I have tried a few other suggestions on other websites. What
command should I use if I just want the server to accept inbound
netflow flows from the routers I point at it and then put the flow
data into ntopng?
Thanks
Jon
_______________________________________________
Ntop-misc mailing list
[email protected] <mailto:[email protected]>
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
