Simone 1. The demo version of nprobe does not include plugins so you cannot test them 2. In the voip monitoring paper, ntop analyzes the voip traffic without passing through netflow export 3. Ntop supports some (but not all) of the custom template tags sent by the probe. As pf today the best solution for voip monitoring using nprobe is to let it dump flows on a db and perform SQL queries on it
Regards Luca --- Luca Deri <[email protected]> Il giorno 09/set/2010, alle ore 16.30, Simone Felici <[email protected]> ha scritto: > > In additional I obtain: > > 09/Sep/2010 16:27:48 [plugin.c:128] No plugins in ./plugins > 09/Sep/2010 16:27:49 [plugin.c:128] No plugins in > /usr/local/lib/nprobe/plugins > 09/Sep/2010 16:27:49 [plugin.c:132] WARNING: Unable to find plugins > directory. nProbe will work without plugins! > 09/Sep/2010 16:27:49 [util.c:1540] WARNING: Unable to locate template > 'SIP_CALL_ID'. Discarded. > 09/Sep/2010 16:27:49 [util.c:1540] WARNING: Unable to locate template > 'SIP_CALLING_PARTY'. Discarded. > 09/Sep/2010 16:27:49 [util.c:1540] WARNING: Unable to locate template > 'SIP_CALLED_PARTY'. Discarded. > 09/Sep/2010 16:27:49 [util.c:1540] WARNING: Unable to locate template > 'SIP_RTP_CODECS'. Discarded. > 09/Sep/2010 16:27:49 [util.c:1540] WARNING: Unable to locate template > 'SIP_RTP_SRC_PORT'. Discarded. > 09/Sep/2010 16:27:49 [util.c:1540] WARNING: Unable to locate template > 'SIP_RTP_DST_PORT'. Discarded. > 09/Sep/2010 16:27:49 [plugin.c:520] 0 plugin(s) enabled > 09/Sep/2010 16:27:49 [nprobe.c:4029] Capturing packets from interface eth1 > > And if I register and analyze the flows sent (tcpdump), I cannot find the SIP > field into netflow packets (wireshark). > > I'm trying the demo version to test it. > > > thanks for help! > > > Simon > > > Il 09/09/2010 14:18, Simone Felici ha scritto: >> >> Hi to all! >> >> I'l trying to configure ntop/nprobe con collect informations on VoIP traffic. >> A've some questions: >> >> 1. Do I need nprobe to obtain an advanced monitoring of VoIP records as >> descrived here (http://luca.ntop.org/VoIP.pdf) or is >> enough to configure a cisco router to export "flow export ..." pointing to a >> server running ntop? >> >> 2. If I need nprobe, I've tested this solution: >> a) voip server on Cisco router with port in span duplicating ALL the traffic >> to a server with nprobe on eth1. >> b) starting nprobe with this parameters: >> ./nprobe -i eth1 -n <ntop_server_ip>:2055 -U 257 -T "%LAST_SWITCHED >> %FIRST_SWITCHED %IPV4_SRC_ADDR %IPV4_DST_ADDR %IN_BYTES >> %IN_PKTS %OUT_BYTES %SIP_CALL_ID %SIP_CALLING_PARTY %SIP_CALLED_PARTY >> %SIP_RTP_CODECS %SIP_RTP_SRC_PORT %SIP_RTP_DST_PORT >> %RTP_FIRST_SSRC %RTP_IN_JITTER %RTP_OUT_PAYLOAD_TYPE %RTP_IN_MAX_DELTA >> %L4_SRC_PORT %L4_DST_PORT" >> c) starting ntop on another server enabling the "NetFlow plugin" on port >> 2055. >> Is the scenario correct? >> >> 3. Even if correct (please confirm) on the nprobe server, I cannot see on >> ntop any information about voip. I cannot see the "ntop: >> VoIP Session Detail" or "ntop: Host Detail" (I'm missing these menus) like >> descrived in "Open Source VoIP Traffic Monitoring" >> documentation of Luca Deri. >> >> What I'm doing wrong? >> >> Thank's >> >> Simon >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop > > > -- > Simone Felici > Divisione Tecnica: Progettazione e Sviluppo > > tel. +39 0461.030.111 > fax. +39 0461 030.112 > Via Fersina, 23 - 38123 Trento > > ------------- > MC-link S.p.A. > Sede Direzionale e Amministrativa > Via Carlo Perrier, 9/a - 00157 Roma > Sede Legale > Via Fersina, 23 - 38123 Trento > > http://www.mclink.it > > Save a tree. Don't print this e-mail unless it's really necessary > > Informativa ai sensi del Codice della proprietà industriale e del Codice dei > dati personali. > Le informazioni contenute in questa e-mail e negli eventuali allegati, > possono contenere informazioni confidenziali e coperte da segreto > commerciale/industriale. Esse vengono comunicate nei limiti giuridici dei > rapporti in essere fra le parti e pertanto nessun ulteriore diritto di > proprietà intellettuale o industriale può essere rivendicato dal ricevente. > Le informazioni contenute in questa e-mail e negli eventuali allegati sono > indirizzate esclusivamente a coloro che figurano come destinatari. > Se avete ricevuto per errore questa e-mail siete pregati di informarci > (rispedendola al mittente) e di provvedere alla sua rimozione, a non farne > utilizzo e a non conservarne alcuna copia. > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
