To whom it may concern:
I am sending you this to ask you please and if possible for some guidance or
help, in order to solve the trivial problems I am facing upon using ntopng in
its collector mode.
I am a computer and communications engineering student at the American
University of Beirut in Lebanon. I am working on a research that aims at
detecting and finding the best solutions to the traffic issues we are facing
inside our campus. For this purpose, the IT Networking department has managed
to use ntop products.
I wonder if you could please check the below process, that I am following, to
work on nprobe and ntopng:
1). Configuring nProbe:
For this, I am using the following command: nprobe -zmq "tcp://127.0.0.1:5556"
-i none -n none -b 2 -3 2055
The following text is displayed:
18/Sep/2014 04:56:21 [collect.c:96] Created UDP sockets
18/Sep/2014 04:56:21 [collect.c:155] Flow collector listening on port 2055
(IPv4/v6)
18/Sep/2014 04:56:21 [nprobe.c:6543] Starting 1 packet fetch thread(s)
18/Sep/2014 04:56:21 [engine.c:2968] Starting bucket dequeue thread
18/Sep/2014 04:56:21 [nprobe.c:6631] nProbe started successfully
2). Sending Data using Pcap files:
Here, I am using : nprobe -zmq "tcp://127.0.0.1:5556" -i ./bigFlows.pcap -n
none -b 2
The following text is then displayed:
18/Sep/2014 05:03:12 [engine.c:2332] Emitting Flow: [->][tcp] 96.43.146.176:443
-> 172.16.133.82:61228
[67 pkt/58074 bytes][ifIdx 65535->65535][2.7 sec][init Unknown]
18/Sep/2014 05:03:12 [engine.c:2355] Emitting Flow: [<-][tcp]
172.16.133.82:61228 -> 96.43.146.176:443
[46 pkt/26753 bytes][ifIdx 65535->65535][2.5 sec]
18/Sep/2014 05:03:12 [engine.c:2332] Emitting Flow: [->][udp]
172.16.133.57:53807 -> 68.64.21.62:1853
[25733 pkt/16958158 bytes][ifIdx 65535->65535][2.9
sec][init Unknown]
18/Sep/2014 05:03:12 [engine.c:2355] Emitting Flow: [<-][udp] 68.64.21.62:1853
-> 172.16.133.57:53807
[14980 pkt/2234797 bytes][ifIdx 65535->65535][2.9 sec]
18/Sep/2014 05:03:13 [nprobe.c:4412] Pending buckets have been exported...
18/Sep/2014 05:03:13 [engine.c:3044] Export thread terminated [exportQueue=0]
18/Sep/2014 05:03:13 [nprobe.c:4473] Flushing queued flows...
18/Sep/2014 05:03:13 [nprobe.c:4476] Freeing memory...
18/Sep/2014 05:03:13 [plugin.c:253] Terminating plugins.
18/Sep/2014 05:03:13 [nprobe.c:4568] Still allocated 0 hash buckets
18/Sep/2014 05:03:13 [nprobe.c:2269] Processed packets: 791615 (max bucket
search: 4)
18/Sep/2014 05:03:13 [nprobe.c:2252] Fragment queue length: 0
18/Sep/2014 05:03:13 [nprobe.c:2278] Flow export stats: [0 bytes/0 pkts][0
flows/0 pkts sent]
18/Sep/2014 05:03:13 [nprobe.c:2288] Flow drop stats: [0 bytes/0 pkts][0
flows]
18/Sep/2014 05:03:13 [nprobe.c:2293] Total flow stats: [0 bytes/0 pkts][0
flows/0 pkts sent]
18/Sep/2014 05:03:13 [nprobe.c:4581] Cleaning globals
18/Sep/2014 05:03:13 [nprobe.c:4602] nProbe terminated.
3. Collecting Data:
For this purpose, I am using the following command: ntopng -i
tcp://127.0.0.1:5556
Upon typing it in, the following text is displayed:
18/Sep/2014 05:08:13 [HTTPserver.cpp:395] HTTP server listening on port 3000
18/Sep/2014 05:08:13 [main.cpp:232] Working directory: /var/tmp/ntopng
18/Sep/2014 05:08:13 [main.cpp:234] Scripts/HTML pages directory:
/usr/share/ntopng
18/Sep/2014 05:08:13 [Ntop.cpp:206] Welcome to ntopng x86_64 v.1.2.2 (r1.2.2) -
(C) 1998-14 ntop.org
18/Sep/2014 05:08:13 [PeriodicActivities.cpp:53] Started periodic activities
loop...
18/Sep/2014 05:08:13 [RuntimePrefs.cpp:32] Dump alerts into syslog
18/Sep/2014 05:08:13 [NetworkInterface.cpp:800] Started packet polling on
interface tcp://127.0.0.1:5556 [id: 3]...
18/Sep/2014 05:08:13 [CollectorInterface.cpp:92] Collecting flows on
tcp://127.0.0.1:5556
Probelms and Trouble shooting :
As you can see above, the process seems to be fine; however, upon logging in to
http://192.168.1.169:3000/ for testing, I get the following message:
No packet has been received yet on interface tcp://127.0.0.1:5556.
1). Using telnet: telnet 127.0.0.1 5556
The below text is shown:
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
2). Using netstat: netstat -nlt
The table below is shown:
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:111 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:54144 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:199 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:6379 0.0.0.0:*
LISTEN
tcp6 0 0 :::111 :::*
LISTEN
tcp6 0 0 :::22 :::*
LISTEN
tcp6 0 0 :::49273 :::*
LISTEN
As you can see above, the port number 5556 is not shown in the "local Address"
column next to my
IP address: 127.0.0.1, which means that something is going wrong.
I wonder if you could please tell me where my problem is, so that I can
continue working on the research.
I am sorry for this lengthy email,as I look forward for hearing from you.
Thank you.
Regards,
Farah Braiteh
Researcher at American University of Beirut in the IT Networking Department
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
