Please use —zmq (double dash before zmq) Luca
On 18 Sep 2014, at 12:51, Farah Braiteh (Student) <[email protected]> wrote: > To whom it may concern: > > I am sending you this to ask you please and if possible for some guidance or > help, in order to solve the trivial problems I am facing upon using ntopng in > its collector mode. > > I am a computer and communications engineering student at the American > University of Beirut in Lebanon. I am working on a research that aims at > detecting and finding the best solutions to the traffic issues we are facing > inside our campus. For this purpose, the IT Networking department has managed > to use ntop products. > > I wonder if you could please check the below process, that I am following, to > work on nprobe and ntopng: > > 1). Configuring nProbe: > For this, I am using the following command: nprobe -zmq > "tcp://127.0.0.1:5556" -i none -n none -b 2 -3 2055 > The following text is displayed: > > 18/Sep/2014 04:56:21 [collect.c:96] Created UDP sockets > 18/Sep/2014 04:56:21 [collect.c:155] Flow collector listening on port 2055 > (IPv4/v6) > 18/Sep/2014 04:56:21 [nprobe.c:6543] Starting 1 packet fetch thread(s) > 18/Sep/2014 04:56:21 [engine.c:2968] Starting bucket dequeue thread > 18/Sep/2014 04:56:21 [nprobe.c:6631] nProbe started successfully > > 2). Sending Data using Pcap files: > Here, I am using : nprobe -zmq "tcp://127.0.0.1:5556" -i ./bigFlows.pcap -n > none -b 2 > The following text is then displayed: > > 18/Sep/2014 05:03:12 [engine.c:2332] Emitting Flow: [->][tcp] > 96.43.146.176:443 -> 172.16.133.82:61228 > [67 pkt/58074 bytes][ifIdx 65535->65535][2.7 > sec][init Unknown] > 18/Sep/2014 05:03:12 [engine.c:2355] Emitting Flow: [<-][tcp] > 172.16.133.82:61228 -> 96.43.146.176:443 > [46 pkt/26753 bytes][ifIdx 65535->65535][2.5 sec] > 18/Sep/2014 05:03:12 [engine.c:2332] Emitting Flow: [->][udp] > 172.16.133.57:53807 -> 68.64.21.62:1853 > [25733 pkt/16958158 bytes][ifIdx > 65535->65535][2.9 sec][init Unknown] > 18/Sep/2014 05:03:12 [engine.c:2355] Emitting Flow: [<-][udp] > 68.64.21.62:1853 -> 172.16.133.57:53807 > [14980 pkt/2234797 bytes][ifIdx 65535->65535][2.9 > sec] > 18/Sep/2014 05:03:13 [nprobe.c:4412] Pending buckets have been exported... > 18/Sep/2014 05:03:13 [engine.c:3044] Export thread terminated [exportQueue=0] > 18/Sep/2014 05:03:13 [nprobe.c:4473] Flushing queued flows... > 18/Sep/2014 05:03:13 [nprobe.c:4476] Freeing memory... > 18/Sep/2014 05:03:13 [plugin.c:253] Terminating plugins. > 18/Sep/2014 05:03:13 [nprobe.c:4568] Still allocated 0 hash buckets > 18/Sep/2014 05:03:13 [nprobe.c:2269] Processed packets: 791615 (max bucket > search: 4) > 18/Sep/2014 05:03:13 [nprobe.c:2252] Fragment queue length: 0 > 18/Sep/2014 05:03:13 [nprobe.c:2278] Flow export stats: [0 bytes/0 pkts][0 > flows/0 pkts sent] > 18/Sep/2014 05:03:13 [nprobe.c:2288] Flow drop stats: [0 bytes/0 pkts][0 > flows] > 18/Sep/2014 05:03:13 [nprobe.c:2293] Total flow stats: [0 bytes/0 pkts][0 > flows/0 pkts sent] > 18/Sep/2014 05:03:13 [nprobe.c:4581] Cleaning globals > 18/Sep/2014 05:03:13 [nprobe.c:4602] nProbe terminated. > > 3. Collecting Data: > For this purpose, I am using the following command: ntopng -i > tcp://127.0.0.1:5556 > Upon typing it in, the following text is displayed: > > 18/Sep/2014 05:08:13 [HTTPserver.cpp:395] HTTP server listening on port 3000 > 18/Sep/2014 05:08:13 [main.cpp:232] Working directory: /var/tmp/ntopng > 18/Sep/2014 05:08:13 [main.cpp:234] Scripts/HTML pages directory: > /usr/share/ntopng > 18/Sep/2014 05:08:13 [Ntop.cpp:206] Welcome to ntopng x86_64 v.1.2.2 (r1.2.2) > - (C) 1998-14 ntop.org > 18/Sep/2014 05:08:13 [PeriodicActivities.cpp:53] Started periodic activities > loop... > 18/Sep/2014 05:08:13 [RuntimePrefs.cpp:32] Dump alerts into syslog > 18/Sep/2014 05:08:13 [NetworkInterface.cpp:800] Started packet polling on > interface tcp://127.0.0.1:5556 [id: 3]... > 18/Sep/2014 05:08:13 [CollectorInterface.cpp:92] Collecting flows on > tcp://127.0.0.1:5556 > > Probelms and Trouble shooting : > As you can see above, the process seems to be fine; however, upon logging in > to http://192.168.1.169:3000/ for testing, I get the following message: > > No packet has been received yet on interface tcp://127.0.0.1:5556. > > 1). Using telnet: telnet 127.0.0.1 5556 > The below text is shown: > > Trying 127.0.0.1... > telnet: connect to address 127.0.0.1: Connection refused > > 2). Using netstat: netstat -nlt > The table below is shown: > > > Proto Recv-Q Send-Q Local Address Foreign Address State > tcp 0 0 0.0.0.0:111 0.0.0.0:* > LISTEN > tcp 0 0 0.0.0.0:80 0.0.0.0:* > LISTEN > tcp 0 0 0.0.0.0:22 > 0.0.0.0:* LISTEN > tcp 0 0 0.0.0.0:443 0.0.0.0:* > LISTEN > tcp 0 0 0.0.0.0:54144 0.0.0.0:* > LISTEN > tcp 0 0 127.0.0.1:199 0.0.0.0:* > LISTEN > tcp 0 0 127.0.0.1:6379 0.0.0.0:* > LISTEN > tcp6 0 0 :::111 > :::* LISTEN > tcp6 0 0 :::22 > :::* LISTEN > tcp6 0 0 :::49273 :::* > LISTEN > > As you can see above, the port number 5556 is not shown in the "local > Address" column next to my > IP address: 127.0.0.1, which means that something is going wrong. > > I wonder if you could please tell me where my problem is, so that I can > continue working on the research. > > I am sorry for this lengthy email,as I look forward for hearing from you. > > Thank you. > Regards, > Farah Braiteh > Researcher at American University of Beirut in the IT Networking Department > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
