On 03 Feb 2014, at 18:45, Jon Bayless <[email protected]> wrote:
> Thanks for the reply. > > Unfortunately, I am not clear on how the pcap file would be created. I am not > doing any kind of capture on the server where I am running ntopng or nprobe. Jon, The pcap file was an example, you probably have to do -i eth0 Cheers Luca > > I assumed that nprobe would accept the incoming netflow data from the routers > and then feed it to ntopng. > Is that not correct? Do I need some other software running to accept the > netflow data from the routers and put it in a pcap file? > > Thanks > > Jon > > On 2/1/2014 8:28 AM, Luca Deri wrote: >> Jon, >> the correct syntax is describe here >> https://svn.ntop.org/svn/ntop/trunk/ntopng/README.ntopng >> >> - collector >> ntopng -i tcp://127.0.0.1:5556 >> >> - probe (nProbe) >> nprobe --zmq "tcp://*:5556" -i ~/pcap/http.pcap -n none -b 2 >> Luca >> >> On 31 Jan 2014, at 18:15, Jon Bayless <[email protected]> wrote: >> >>> Hi! I've successfully installed Ntopng on a Centos 6.5 x86_64 server and >>> the new web interface is very nice. It looks very impressive so far. I am >>> hoping to use the software to display and analyze netflow data >>> exported/sent by Cisco Catalyst 6500 series layer 3 switches. Currently we >>> have flows sent from those switches going into jkflow/flowscan on other >>> linux servers and it works nicely but there is no interface beyond the >>> manual RRDtool graphs we build from the data to show basic in and out byte >>> counts. >>> >>> I understand that nprobe must be used as the netflow collector running on >>> the server with ntopng and I have tried to find good documentation on what >>> settings to use to do so. The best I have been able to do is see a number >>> of packets and connections from the switches in question in the hosts >>> display and flows. It shows it has received roughly 1.5GB of data from each >>> of the 2 routers I have sending to it but the data itself doesn't seem to >>> be processed by nprobe or ntopng. >>> >>> The command I have used to start nprobe currently is: >>> >>> nprobe --zmq "tcp://127.0.0.1:5556" -i none -n none -V 5 --collector-port >>> 2055 >>> >>> But I have tried a few other suggestions on other websites. What command >>> should I use if I just want the server to accept inbound netflow flows from >>> the routers I point at it and then put the flow data into ntopng? >>> >>> Thanks >>> >>> Jon >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
