are you sending nprobe all traffic? I don’t think so Luca
On 21 Sep 2014, at 11:54, alek markus <[email protected]> wrote: > so what can be the reason that nprobe cant see all the trafiic ? > > Alek > > From: [email protected] > Date: Sun, 21 Sep 2014 11:26:44 +0200 > To: [email protected] > Subject: Re: [Ntop-misc] Incorrect Data in ntopng Flow - Please Help > > I mean that your ntopng instance received flows from nprobe and if nprobe > can’t see all the traffic, ntopng can’t see it either > > Luca > > On 21 Sep 2014, at 10:49, alek markus <[email protected]> wrote: > > what do you mean ? > the ntopng and nprobe installed on the same Virtual Machine and on the same > Network as other Servers and Computers. > > > Alek > > From: [email protected] > Date: Sun, 21 Sep 2014 09:24:44 +0200 > To: [email protected] > Subject: Re: [Ntop-misc] Incorrect Data in ntopng Flow - Please Help > > Your flow sender is able to see all network traffic? > > Luca > > On 21 Sep 2014, at 08:35, alek markus <[email protected]> wrote: > > Hello , > > i have installed ntopng on my Centos 6.5 server , and can enter to my > server:3000 and see host list and flows, but the data is incorrect . > because i can see only traffic that came from server only , and not from > entire network , for example : computer12 download 1gb file from DropBox i > cant see it in the Flow , but if my Centos server that ntopng installed on it > will download 1gb file from DropBoX I can see it. > > what is the problem ? > > My Config Of Ntopng > > > ntopng -i tcp://127.0.0.1:5556 -m 10.11.32.0/24 > > 21/Sep/2014 09:30:40 [Ntop.cpp:586] Setting local networks to 10.11.32.0/24 > 21/Sep/2014 09:30:40 [Redis.cpp:74] Successfully connected to Redis > 127.0.0.1:6379 > 21/Sep/2014 09:30:40 [Ntop.cpp:710] Registered interface tcp://127.0.0.1:5556 > [id: 0] > 21/Sep/2014 09:30:40 [Utils.cpp:251] User changed to nobody > 21/Sep/2014 09:30:40 [main.cpp:184] PID stored in file /var/tmp/ntopng.pid > 21/Sep/2014 09:30:40 [HTTPserver.cpp:354] HTTPS Disabled: missing SSL > certificate /usr/share/ntopng/httpdocs/ssl/ntopng-cert.pem > 21/Sep/2014 09:30:40 [HTTPserver.cpp:355] Please read > https://svn.ntop.org/svn/ntop/trunk/ntopng/README.SSL if you want to enable > SSL. > 21/Sep/2014 09:30:40 [HTTPserver.cpp:392] Web server dirs > [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] > 21/Sep/2014 09:30:40 [HTTPserver.cpp:395] HTTP server listening on port 3000 > 21/Sep/2014 09:30:40 [main.cpp:232] Working directory: /var/tmp/ntopng > 21/Sep/2014 09:30:40 [main.cpp:234] Scripts/HTML pages directory: > /usr/share/ntopng > 21/Sep/2014 09:30:40 [Ntop.cpp:206] Welcome to ntopng x86_64 v.1.2.2 (r1.2.2) > - (C) 1998-14 ntop.org > 21/Sep/2014 09:30:40 [PeriodicActivities.cpp:53] Started periodic activities > loop... > 21/Sep/2014 09:30:40 [RuntimePrefs.cpp:32] Dump alerts into syslog > 21/Sep/2014 09:30:40 [NetworkInterface.cpp:800] Started packet polling on > interface tcp://127.0.0.1:5556 [id: 4]... > 21/Sep/2014 09:30:41 [CollectorInterface.cpp:92] Collecting flows on > tcp://127.0.0.1:5556 > > > nprobe --zmq "tcp://*:5556" -i eth0 -n none -b 2 > > > 21/Sep/2014 09:21:25 [plugin.c:161] No plugins found in ./plugins > 21/Sep/2014 09:21:25 [plugin.c:167] Loading plugins [.so] from > /usr/local/lib/nprobe/plugins > 21/Sep/2014 09:21:25 [nprobe.c:4182] WARNING: The output interfaceId is set > to 0: did you forget to use -Q perhaps ? > 21/Sep/2014 09:21:25 [nprobe.c:4185] WARNING: The input interfaceId is set to > 0: did you forget to use -u perhaps ? > 21/Sep/2014 09:21:25 [nprobe.c:4240] Welcome to nprobe v.6.16.140918 > ($Revision: 4356 $) for x86_64-unknown-linux-gnu with native PF_RING > acceleration > 21/Sep/2014 09:21:25 [nprobe.c:4258] nProbe SystemId: 6F23325A9104A1CD > 21/Sep/2014 09:21:25 [nprobe.c:4273] Tracing enabled > 21/Sep/2014 09:21:25 [dbPlugin.c:78] Initializing DB plugin > 21/Sep/2014 09:21:25 [rtpPlugin.c:119] Initializing RTP plugin > 21/Sep/2014 09:21:25 [httpPlugin.c:490] Initialized HTTP plugin > 21/Sep/2014 09:21:25 [radiusPlugin.c:133] Initialized Radius plugin > 21/Sep/2014 09:21:25 [mysqlPlugin.c:117] Initialized MySQL plugin > 21/Sep/2014 09:21:25 [gtpv2Plugin.c:120] Initialized GTPv2 plugin > 21/Sep/2014 09:21:25 [sipPlugin.c:262] Initialized SIP plugin > 21/Sep/2014 09:21:25 [sipPlugin.c:291] Initialized SIP plugin > 21/Sep/2014 09:21:25 [gtpv0Plugin.c:93] Initialized GTPv0 plugin > 21/Sep/2014 09:21:25 [dnsPlugin.c:101] Initialized DNS plugin > 21/Sep/2014 09:21:25 [smtpPlugin.c:127] Initialized SMTP plugin > 21/Sep/2014 09:21:25 [nflitePlugin.c:901] [NFLite] Initialized NetFlow-Lite > plugin > 21/Sep/2014 09:21:25 [bgpPlugin.c:376] BGP plugin is disabled (--bgp-port has > not been specified) > 21/Sep/2014 09:21:25 [processPlugin.c:384] Initialized process plugin > 21/Sep/2014 09:21:25 [gtpv1Plugin.c:119] Initialized GTPv1 plugin > 21/Sep/2014 09:21:25 [l7BridgePlugin.c:568] [L7] Initialized L7 plugin > 21/Sep/2014 09:21:25 [plugin.c:242] 15 plugin(s) loaded [14 delete][13 > packet]. > 21/Sep/2014 09:21:25 [nprobe.c:6150] Welcome to nprobe v.6.16.140918 for > x86_64-unknown-linux-gnu > 21/Sep/2014 09:21:25 [nprobe.c:5387] Compiling flow templates... > 21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin MySQL DB > 21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin RTP Plugin > 21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin HTTP Protocol > 21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin Radius Protocol > 21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin MySQL Plugin > 21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin GTPv2 Signaling Protocol > 21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin SIP Plugin > 21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin GTPv0 Signaling Protocol > 21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin DNS Protocol > 21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin SMTP Protocol > 21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin Netflow-Lite Plugin > 21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin BGP Update Listener > 21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin System process information > 21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin GTPv1 Signaling Protocol > 21/Sep/2014 09:21:25 [plugin.c:836] Scanning plugin L7 Plugin > 21/Sep/2014 09:21:25 [plugin.c:970] 0 plugin(s) enabled > 21/Sep/2014 09:21:25 [util.c:308] GeoIP: loaded AS config file > /usr/local/nprobe/GeoIPASNum.dat > 21/Sep/2014 09:21:25 [util.c:317] GeoIP: loaded AS IPv6 config file > /usr/local/nprobe/GeoIPASNumv6.dat > 21/Sep/2014 09:21:25 [nprobe.c:4767] Using packet capture length 128 > > 21/Sep/2014 09:21:25 [pro/pf_ring.c:349] Successfully open PF_RING v.6.0.2 on > device eth0 [snaplen=128] > > Best Regards, > Alek > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > _______________________________________________ Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > _______________________________________________ Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
