On Tue, Jan 21, 2014 at 10:49 PM, Luca Deri <[email protected]> wrote: > [...]
> > Then nProbe is unable to decode flows. Please send me a capture (full packet) > of slow packets sent to nprobe > Luca, I sent you a full packet capture of my network to your private email. > this is wrong. nprobe will send flows containing slow data but not sflow > content. Unless you fix the above problem we will not progress > I just noticed that when i capture on the any interface with tcpdump, sflowtool (the InMon sFlow toolkit) is reporting malformed packets. This does not happen tcpdumping on the single eth1 interface. Is this a problem similar to the one I am experiencing with nprobe, maybe related to the pseudo-protocol used by libpcap on Linux to capture from the "any" device? Thanks, Francesco > Luca > >> displays that some traffic is sFlow but no additional info (here a >> screenshot on my ntopng >> https://www.dropbox.com/s/ik0gxfrw1e9ige7/Screenshot%202014-01-20%2012.20.48.png) >> >> Thanks again, >> Francesco >> >> On Mon, Jan 20, 2014 at 2:50 PM, Luca Deri <[email protected]> wrote: >>> Francesco >>> set "-i none -n none" on nprobe and try again >>> >>> luca >>> On 01/18/2014 05:40 PM, Francesco De Giorgi wrote: >>>> Hi all, >>>> I'm running nprobe as a sflow collector as follows (I have a switch >>>> sending sflow to port 9995 of eth1 of ) >>>> >>>> nprobe --zmq "tcp://*:5556" -i eth1 --collector-port 9995 -b 2 >>>> >>>> and ntopng on the same machine >>>> >>>> ./ntopng -i "tcp://127.0.0.1:5556" -m 192.168.0.0/16 >>>> >>>> but I can't understand how ntopng is analyzing sflow. The web page >>>> only reports, in percentage, that some traffic is sflow and is coming >>>> from the switch, but it doesn't seem to "read" the sflow traffic >>>> samples to show information about network traffic. >>>> >>>> Am I doing something wrong? >>>> >>>> Thanks, >>>> Francesco >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> >> >> -- >> Francesco De Giorgi >> eXact lab s.r.l. >> +39 329 1529493 >> www.exact-lab.it >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop -- Francesco De Giorgi eXact lab s.r.l. +39 329 1529493 www.exact-lab.it _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
