so what can be the reason that nprobe cant see all the trafiic ? Alek From: [email protected] Date: Sun, 21 Sep 2014 11:26:44 +0200 To: [email protected] Subject: Re: [Ntop-misc] Incorrect Data in ntopng Flow - Please Help
I mean that your ntopng instance received flows from nprobe and if nprobe can’t see all the traffic, ntopng can’t see it either Luca On 21 Sep 2014, at 10:49, alek markus <[email protected]> wrote:what do you mean ? the ntopng and nprobe installed on the same Virtual Machine and on the same Network as other Servers and Computers. Alek From: [email protected] Date: Sun, 21 Sep 2014 09:24:44 +0200 To: [email protected] Subject: Re: [Ntop-misc] Incorrect Data in ntopng Flow - Please Help Your flow sender is able to see all network traffic? Luca On 21 Sep 2014, at 08:35, alek markus <[email protected]> wrote:Hello , i have installed ntopng on my Centos 6.5 server , and can enter to my server:3000 and see host list and flows, but the data is incorrect .because i can see only traffic that came from server only , and not from entire network , for example : computer12 download 1gb file from DropBox i cant see it in the Flow , but if my Centos server that ntopng installed on it will download 1gb file from DropBoX I can see it. what is the problem ? My Config Of Ntopng ntopng -i tcp://127.0.0.1:5556 -m 10.11.32.0/24 21/Sep/2014 09:30:40 [Ntop.cpp:586] Setting local networks to 10.11.32.0/2421/Sep/2014 09:30:40 [Redis.cpp:74] Successfully connected to Redis 127.0.0.1:637921/Sep/2014 09:30:40 [Ntop.cpp:710] Registered interface tcp://127.0.0.1:5556 [id: 0]21/Sep/2014 09:30:40 [Utils.cpp:251] User changed to nobody21/Sep/2014 09:30:40 [main.cpp:184] PID stored in file /var/tmp/ntopng.pid21/Sep/2014 09:30:40 [HTTPserver.cpp:354] HTTPS Disabled: missing SSL certificate /usr/share/ntopng/httpdocs/ssl/ntopng-cert.pem21/Sep/2014 09:30:40 [HTTPserver.cpp:355] Please read https://svn.ntop.org/svn/ntop/trunk/ntopng/README.SSL if you want to enable SSL.21/Sep/2014 09:30:40 [HTTPserver.cpp:392] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts]21/Sep/2014 09:30:40 [HTTPserver.cpp:395] HTTP server listening on port 300021/Sep/2014 09:30:40 [main.cpp:232] Working directory: /var/tmp/ntopng21/Sep/2014 09:30:40 [main.cpp:234] Scripts/HTML pages directory: /usr/share/ntopng21/Sep/2014 09:30:40 [Ntop.cpp:206] Welcome to ntopng x86_64 v.1.2.2 (r1.2.2) - (C) 1998-14 ntop.org21/Sep/2014 09:30:40 [PeriodicActivities.cpp:53] Started periodic activities loop...21/Sep/2014 09:30:40 [RuntimePrefs.cpp:32] Dump alerts into syslog21/Sep/2014 09:30:40 [NetworkInterface.cpp:800] Started packet polling on interface tcp://127.0.0.1:5556 [id: 4]...21/Sep/2014 09:30:41 [CollectorInterface.cpp:92] Collecting flows on tcp://127.0.0.1:5556 nprobe --zmq "tcp://*:5556" -i eth0 -n none -b 2 21/Sep/2014 09:21:25 [plugin.c:161] No plugins found in ./plugins21/Sep/2014 09:21:25 [plugin.c:167] Loading plugins [.so] from /usr/local/lib/nprobe/plugins21/Sep/2014 09:21:25 [nprobe.c:4182] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ?21/Sep/2014 09:21:25 [nprobe.c:4185] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ?21/Sep/2014 09:21:25 [nprobe.c:4240] Welcome to nprobe v.6.16.140918 ($Revision: 4356 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration21/Sep/2014 09:21:25 [nprobe.c:4258] nProbe SystemId: 6F23325A9104A1CD21/Sep/2014 09:21:25 [nprobe.c:4273] Tracing enabled21/Sep/2014 09:21:25 [dbPlugin.c:78] Initializing DB plugin21/Sep/2014 09:21:25 [rtpPlugin.c:119] Initializing RTP plugin21/Sep/2014 09:21:25 [httpPlugin.c:490] Initialized HTTP plugin21/Sep/2014 09:21:25 [radiusPlugin.c:133] Initialized Radius plugin21/Sep/2014 09:21:25 [mysqlPlugin.c:117] Initialized MySQL plugin21/Sep/2014 09:21:25 [gtpv2Plugin.c:120] Initialized GTPv2 plugin21/Sep/2014 09:21:25 [sipPlugin.c:262] Initialized SIP plugin21/Sep/2014 09:21:25 [sipPlugin.c:291] Initialized SIP plugin21/Sep/2014 09:21:25 [gtpv0Plugin.c:93] Initialized GTPv0 plugin21/Sep/2014 09:21:25 [dnsPlugin.c:101] Initialized DNS plugin21/Sep/2014 09:21:25 [smtpPlugin.c:127] Initialized SMTP plugin21/Sep/2014 09:21:25 [nflitePlugin.c:901] [NFLite] Initialized NetFlow-Lite plugin21/Sep/2014 09:21:25 [bgpPlugin.c:376] BGP plugin is disabled (--bgp-port has not been specified)21/Sep/2014 09:21:25 [processPlugin.c:384] Initialized process plugin21/Sep/2014 09:21:25 [gtpv1Plugin.c:119] Initialized GTPv1 plugin21/Sep/2014 09:21:25 [l7BridgePlugin.c:568] [L7] Initialized L7 plugin21/Sep/2014 09:21:25 [plugin.c:242] 15 plugin(s) loaded [14 delete][13 packet].21/Sep/2014 09:21:25 [nprobe.c:6150] Welcome to nprobe v.6.16.140918 for x86_64-unknown-linux-gnu21/Sep/2014 09:21:25 [nprobe.c:5387] Compiling flow templates...21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin MySQL DB21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin RTP Plugin21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin HTTP Protocol21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin Radius Protocol21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin MySQL Plugin21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin GTPv2 Signaling Protocol21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin SIP Plugin21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin GTPv0 Signaling Protocol21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin DNS Protocol21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin SMTP Protocol21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin Netflow-Lite Plugin21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin BGP Update Listener21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin System process information21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin GTPv1 Signaling Protocol21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin L7 Plugin21/Sep/2014 09:21:25 [plugin.c:970] 0 plugin(s) enabled21/Sep/2014 09:21:25 [util.c:308] GeoIP: loaded AS config file /usr/local/nprobe/GeoIPASNum.dat21/Sep/2014 09:21:25 [util.c:317] GeoIP: loaded AS IPv6 config file /usr/local/nprobe/GeoIPASNumv6.dat21/Sep/2014 09:21:25 [nprobe.c:4767] Using packet capture length 12821/Sep/2014 09:21:25 [pro/pf_ring.c:349] Successfully open PF_RING v.6.0.2 on device eth0 [snaplen=128] Best Regards,Alek _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
