Luca, The Ubuntu machine with the nprobe and the ntopng is using network card which is connected to a switch port which has port mirroring, so the ntopng can not sniff directly. I assumed that nprobe is sending through the zmq this information and not via dump files option. I saw this information of computer names exists in netBIOS name query. I was able to catch it in a pcap file(attached), you can see in line 3 some information about names. Isn't the nprobe is feeding the ntopng with info? If so then how does the ntopng parse this info?
Thanks. Ohad From: Luca Deri <[email protected]> To: [email protected] Subject: Re: [Ntop-misc] nprobe\ntopng netbios infomration Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252" Ohad, this info I think is coming from netBIOS-like services so it's produced by ntong. This said unless you need to play with NetFlow or if you need high-speed/detailed protocol dissection, you can use ntopng to sniff directly from the networks Luca -----Original Message----- From: Ohad Kleinman [mailto:[email protected]] Sent: Monday, October 26, 2015 1:36 PM To: '[email protected]' Subject: nprobe\ntopng netbios infomration We are using nProbe to monitor video surveillance network and I am trying to figure out how to identify the information about the pc machines in the network. I can see that the ntopng in the host page for example in the name column some of them have the name of the PC, does this information is coming from the nProbe and is also available via any of the export options? Both nProbe and ntopng are installed on the same Ubuntu machine with dual network card, the monitor network interface is originated from a switch which does port mirroring to a single port where the Ubuntu machine is connected. Thanks, Ohad
storagen2disketh13--storage-n2disk-eth1-3-22.pcap
Description: Binary data
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
