Hi there, I'm starting using ntopng and nprobe and we want to use it in production, so I'm in the learning process.
The lab I'm running has some boxes that send NetFlow v9 to the server where I've running nprobe and ntopng, thru udp-2055: [root~]# tcpdump port 2055 -nnn tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes 16:58:22.508489 IP 192.168.xxx.yyy.58136 > 192.168.zzz.www.2055: UDP, length 1368 16:58:22.508529 IP 192.168.xxx.yyy.58136 > 192.168.zzz.www.2055: UDP, length 692 192.168.xxx.yyy is the box that sends Netflow, and 192.168.zzz.www is the server we're running nprobe and ntopng. What I want is to capture that Netflow v9 traffic, send it to ntopng, so, this is what I'm doing: # nprobe -n 127.0.0.1:2055 -i em1 --zmq "tcp://*:5888" --redis 127.0.0.1:6379 --flow-version 9 I'm not sure how usefull/needed is to have Redis in here... but still... In this case, I see traffic, but only traffic I see in em1 (eth0) that is sent directly to my probe server (not the netflow data), so I tried this: # nprobe -n 127.0.0.1:2055 -i none --zmq "tcp://*:5888" --redis 127.0.0.1:6379 --flow-version 9 And there I don't see any flows nor anything. At the nprobeng part, this is what I do: # ntopng -i tcp://127.0.0.1:5888 --redis 127.0.0.1:6379 --http-port 4000 What I'm doing bad? Sacha Yunusic | Gerente Técnico | Pentagon Security & Akainix Av. Kennedy 4700, Piso 10, Of. 1002, Edificio New Century, Vitacura | Código Postal (ZIP Code) 7630454 Central: (56-2) 2246 1050 | Directo: (56-2) 2246 2620 | Cel: (56-9) 9883 4752 | www.penta-sec.com <http://www.penta-sec.com/> & www.akainix.com <http://www.akainix.com/>
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
