hi,
below is my nprobe-eth1.conf information . i did as you mention but
still not working. Sir i told you that problem is ( nprobe) not capturing
packets on eth1.
My scenario is very simple i just want traffic capturing on eth1 interface
through nprobe ( probe) and sent this traffic flows to collector (ntopng)
for analysis. Again i mention here nprobe not capturing traffic on
interface eth1. ( all i did on same machine)
-n=none
-i=eth1
-s=128
-t=60
-d=60
-a=0
-e=1
-B=10
-w=128000
-z=0
-S=1:1
-E=0:0
-g=/var/run/nprobe-eth1.pid
-p=1/0/0/0/0/1
--zmq=tcp://127.0.0.1:5556
--vlanid-as-iface-idx=none
-T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT
%IPV4_SRC_ADDR %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP
%LAST_SWITCHED %FIRST_SWITCHED
-V=9
--dump-stats=/var/log/nprobe/eth1-0_flows_stats.txt
On Sat, Apr 1, 2017 at 5:49 PM, Simone Mainardi <[email protected]> wrote:
> Hi,
>
> On Sat, Apr 1, 2017 at 7:24 AM, Shahzada Khurram <[email protected]>
> wrote:
>
>> hi Simone,
>> thanks for reply please find below detail configuration,
>> all configuration done by nbox web Gui mode. .
>> 1. independently ntopng working fine and traffic capturing working fine
>> 2. When we configure nprobe ( probe) with ntopng ( collector ) its not
>> working.
>>
>> (ntopng log )
>>
>> 31/Mar/2017 22:17:32 Scripts/HTML pages directory: /usr/share/ntopng
>> 31/Mar/2017 22:17:32 Welcome to ntopng x86_64 v.2.4.170215 - (C)
>> 1998-2016 ntop.org
>> 31/Mar/2017 22:17:32 Built on Ubuntu 16.04.1 LTS
>> 31/Mar/2017 22:17:32 Started periodic activities loop...
>> 31/Mar/2017 22:17:32 Dumping alerts into syslog
>> 31/Mar/2017 22:17:32 [LICENSE] ntopng systemId: 3BD34B1A00660F0E
>> 31/Mar/2017 22:17:32 [LICENSE] ntopng license: 50FB086D8E0007E9944AAF3C6
>> 31/Mar/2017 22:17:32 [LICENSE] Maintenance is available until Thu Mar 29
>> 01:48:45 2018 [362 days left]
>> 31/Mar/2017 22:17:32 Started packet polling on interface tcp://
>> 127.0.0.1:5556 [id: 4]...
>> 31/Mar/2017 22:17:32 Collecting flows on tcp://127.0.0.1:5556
>> [nprobe->ntopng]
>>
>> (nprobe log)
>>
>> 31/Mar/2017 22:19:07 Each flow is 63 bytes long
>> 31/Mar/2017 22:19:07 The # packets per flow has been set to 22
>> 31/Mar/2017 22:19:07 Non IPv4/v6 traffic is discarded according to the
>> template
>> 31/Mar/2017 22:19:07 GeoIP: loaded AS config file
>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
>> 31/Mar/2017 22:19:07 GeoIP: loaded AS IPv6 config file
>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
>> 31/Mar/2017 22:19:07 WARNING: Your template ignores IP addresses: your
>> collector might ignore these flows.
>> 31/Mar/2017 22:19:07 Using packet capture length 128
>> 31/Mar/2017 22:19:07 Capturing packets from interface eth1 [snaplen: 128
>> bytes]
>> 31/Mar/2017 22:19:07 nProbe changed user to 'nobody'
>> 31/Mar/2017 22:19:07 nProbe started successfully
>>
>> (nprobe-eth1-conf)
>>
>> -n=tcp://127.0.0.1:5556
>>
>
> this is not OK. Collector should be empty (-n=none) or use another port as
> port 5556 is used by ntopng to listen for ZMQ packets.
>
> this option is missing:
>
> --zmq="tcp://127.0.0.1:5556"
>
>
>> -i=eth1
>> -s=128
>> -t=60
>> -d=60
>> -a=0
>> -e=1
>> -B=10
>> -w=128000
>> -z=0
>> -S=1:1
>> -E=0:0
>> -g=/var/run/nprobe-eth1.pid
>> -p=1/0/0/0/0/1
>> --zmq-probe-mode
>>
>
> If you want to use nprobe with --zmq-probe-mode then ntopng should be
> executed with -i tcp://127.0.0.1:5556c (see the c after the port). Your
> ntopng configuration doesn't have that.
>
> --vlanid-as-iface-idx=none
>> -T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT
>> %IPV4_SRC_ADDR %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP
>> %LAST_SWITCHED %FIRST_SWITCHED
>> -V=9
>> --dump-stats=/var/log/nprobe/eth1-0_flows_stats.txt
>>
>>
>> The scenario is
>>
>> eth1 ----> nprobe (probe-Packet capturing on eth1) ------>ntopng (
>> collector) ( all configuration on single machine)
>>
>> Problem: nprobe not capturing traffic.
>>
>> thanks in advance.. if you need further information letme know
>>
>>
>> khurram
>>
>>
>>
>> On Fri, Mar 31, 2017 at 3:51 PM, Simone Mainardi <[email protected]>
>> wrote:
>>
>>> Khurram
>>>
>>> Can you please post configurations used in both setups?
>>>
>>> On Fri, Mar 31, 2017 at 8:46 AM, Shahzada Khurram <[email protected]>
>>> wrote:
>>>
>>>> Hi,
>>>> I have installed both nprobe and ntopng at ubuntu 16.04. i want to
>>>> capture traffic on the same server on eth1 for research experimental
>>>> purpose. but the problem is when i run ntopng as interdependent its working
>>>> fine and capturing the packet. but when i run ntopng as collector with
>>>> nprobe. nprobe not capturing traffic. is there any special setting for
>>>> nprobe. please help me for this regard.
>>>>
>>>> --
>>>>
>>>> *Thanks & Regards,*
>>>>
>>>> * Khurram*
>>>>
>>>>
>>>> _______________________________________________
>>>> Ntop-misc mailing list
>>>> [email protected]
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>>
>>>
>>>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> [email protected]
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>
>>
>>
>>
>> --
>>
>>
>>
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> [email protected]
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>
>
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
--
*Thanks & Regards,*
*Shahzada Khurram* | *Cell* # *0* | *Email* : *[email protected]
<[email protected]>*
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
