hi,
My scenario is very simple and all configuration on single machine i
have done.
Scenario 1 : Stand alone ntopng for packet capturing and analysis
|-------------------------------------------------------------------------------------------|
|
|
| eth1
------------------------------------------------------> ntopng
| Packet capturing and ntopng working fine.
|
|
|-------------------------------------------------------------------------------------------|
Scenario 2 : nprobe for packet capturing and forward flows to ntopng for
analysis purpose
|--------------------------------------------------------------------------------------------|
|
|
| eth1 ---------------------> nprobe
-----------------------> ntopng | nprobe not capturing
packets
|
|
|--------------------------------------------------------------------------------------------|
( because its not capturing packets therefore its not forwarding flows to
ntopng so the problem is nprobe.) which is not capturing packets
Problem with nprobe.
Please help me on this regards.
Khurram
On Sat, Apr 1, 2017 at 5:49 PM, Simone Mainardi <[email protected]> wrote:
> Hi,
>
> On Sat, Apr 1, 2017 at 7:24 AM, Shahzada Khurram <[email protected]>
> wrote:
>
>> hi Simone,
>> thanks for reply please find below detail configuration,
>> all configuration done by nbox web Gui mode. .
>> 1. independently ntopng working fine and traffic capturing working fine
>> 2. When we configure nprobe ( probe) with ntopng ( collector ) its not
>> working.
>>
>> (ntopng log )
>>
>> 31/Mar/2017 22:17:32 Scripts/HTML pages directory: /usr/share/ntopng
>> 31/Mar/2017 22:17:32 Welcome to ntopng x86_64 v.2.4.170215 - (C)
>> 1998-2016 ntop.org
>> 31/Mar/2017 22:17:32 Built on Ubuntu 16.04.1 LTS
>> 31/Mar/2017 22:17:32 Started periodic activities loop...
>> 31/Mar/2017 22:17:32 Dumping alerts into syslog
>> 31/Mar/2017 22:17:32 [LICENSE] ntopng systemId: 3BD34B1A00660F0E
>> 31/Mar/2017 22:17:32 [LICENSE] ntopng license: 50FB086D8E0007E9944AAF3C6
>> 31/Mar/2017 22:17:32 [LICENSE] Maintenance is available until Thu Mar 29
>> 01:48:45 2018 [362 days left]
>> 31/Mar/2017 22:17:32 Started packet polling on interface tcp://
>> 127.0.0.1:5556 [id: 4]...
>> 31/Mar/2017 22:17:32 Collecting flows on tcp://127.0.0.1:5556
>> [nprobe->ntopng]
>>
>> (nprobe log)
>>
>> 31/Mar/2017 22:19:07 Each flow is 63 bytes long
>> 31/Mar/2017 22:19:07 The # packets per flow has been set to 22
>> 31/Mar/2017 22:19:07 Non IPv4/v6 traffic is discarded according to the
>> template
>> 31/Mar/2017 22:19:07 GeoIP: loaded AS config file
>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
>> 31/Mar/2017 22:19:07 GeoIP: loaded AS IPv6 config file
>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
>> 31/Mar/2017 22:19:07 WARNING: Your template ignores IP addresses: your
>> collector might ignore these flows.
>> 31/Mar/2017 22:19:07 Using packet capture length 128
>> 31/Mar/2017 22:19:07 Capturing packets from interface eth1 [snaplen: 128
>> bytes]
>> 31/Mar/2017 22:19:07 nProbe changed user to 'nobody'
>> 31/Mar/2017 22:19:07 nProbe started successfully
>>
>> (nprobe-eth1-conf)
>>
>> -n=tcp://127.0.0.1:5556
>>
>
> this is not OK. Collector should be empty (-n=none) or use another port as
> port 5556 is used by ntopng to listen for ZMQ packets.
>
> this option is missing:
>
> --zmq="tcp://127.0.0.1:5556"
>
>
>> -i=eth1
>> -s=128
>> -t=60
>> -d=60
>> -a=0
>> -e=1
>> -B=10
>> -w=128000
>> -z=0
>> -S=1:1
>> -E=0:0
>> -g=/var/run/nprobe-eth1.pid
>> -p=1/0/0/0/0/1
>> --zmq-probe-mode
>>
>
> If you want to use nprobe with --zmq-probe-mode then ntopng should be
> executed with -i tcp://127.0.0.1:5556c (see the c after the port). Your
> ntopng configuration doesn't have that.
>
> --vlanid-as-iface-idx=none
>> -T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT
>> %IPV4_SRC_ADDR %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP
>> %LAST_SWITCHED %FIRST_SWITCHED
>> -V=9
>> --dump-stats=/var/log/nprobe/eth1-0_flows_stats.txt
>>
>>
>> The scenario is
>>
>> eth1 ----> nprobe (probe-Packet capturing on eth1) ------>ntopng (
>> collector) ( all configuration on single machine)
>>
>> Problem: nprobe not capturing traffic.
>>
>> thanks in advance.. if you need further information letme know
>>
>>
>> khurram
>>
>>
>>
>> On Fri, Mar 31, 2017 at 3:51 PM, Simone Mainardi <[email protected]>
>> wrote:
>>
>>> Khurram
>>>
>>> Can you please post configurations used in both setups?
>>>
>>> On Fri, Mar 31, 2017 at 8:46 AM, Shahzada Khurram <[email protected]>
>>> wrote:
>>>
>>>> Hi,
>>>> I have installed both nprobe and ntopng at ubuntu 16.04. i want to
>>>> capture traffic on the same server on eth1 for research experimental
>>>> purpose. but the problem is when i run ntopng as interdependent its working
>>>> fine and capturing the packet. but when i run ntopng as collector with
>>>> nprobe. nprobe not capturing traffic. is there any special setting for
>>>> nprobe. please help me for this regard.
>>>>
>>>> --
>>>>
>>>> *Thanks & Regards,*
>>>>
>>>> * Khurram*
>>>>
>>>>
>>>> _______________________________________________
>>>> Ntop-misc mailing list
>>>> [email protected]
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>>
>>>
>>>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> [email protected]
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>
>>
>>
>>
>> --
>>
>>
>>
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> [email protected]
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>
>
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
--
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
