If I run ntopng listening to the interface directly connected to the mirror port, I get the VLANs broken out and can view them separately (using ntopng -i eth0 -m 172.16.0.0/16,192.168.2.0/24,192.168.3.0/24,192.168.4.0/24,10.197.5.0/24,172.22.0.0/24). However, when I start nprobe and then ntopng to watch that traffic, I do not see the breakdown. Here are the two different commands I am using: nprobe --zmq "tcp://*:5556" -i eth0 -n none -b 2 ntopng -i "tcp://127.0.0.1:5556" -m 172.16.0.0/16,192.168.2.0/24,192.168.3.0/24,192.168.4.0/24,10.197.5.0/24,172.22.0.0/24
Is there a flag that I use with the nprobe traffic to show the vlan traffic? I’ve tried the —vlan-as-iface-idx and -p flags with nprobe with different options but nothing gives a breakdown. Jeff On Mar 31, 2015, at 3:28 PM, Arianna Avanzini <[email protected]> wrote: > Hi Jeffrey, > > On 31/03/2015 18:39, Horn, Jeffrey D. wrote: >> We have a server running NTOPNG that’s getting data from a Juniper firewall >> through a promiscuous interface on the NTOPNG machine. The firewall port is >> a >> mirror port. The problem I’ve run into is that we are mirroring traffic from >> several VLANs going through the firewall. I’ve attached two pictures of what >> happens. The flows are showing in NTOPNG in the format of IP@VLAN:port for >> traffic which seems OK. However, when I want to drill down into the data >> stream, I get an error and am told that IP_VLAN cannot be found. There are >> other VLANs besides 1053; I just happened to catch only 1053 with this >> screen shot. >> 1. Is there a configuration in NTOPNG to handle VLANs? > > No, they should be handled correctly as a default. > >> 2. I’ve also got NPROBE running. Should I change this to a flow from the >> Juniper instead? I’ve tried that, but can’t ever seem to see any of the >> traffic. >> > > AFAIK, flow collection from Juniper is supported by ntopng only if it happens > through nprobe, so you're doing things correctly. > >> I’d be happy to post the config and any other data needed for clarification. >> I >> would like to get this running correctly and in the best config for our >> environment. The box is configured with Centos 6.6 64-bit and ntopng 1.2.1 >> and >> nprobe 7.1.150327. >> > > Please do post your config if you can so that we are able to help. > > Thank you, > Arianna > > >> Thanks in advance for any help on this. >> >> Jeff >> >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > > -- > /* > * Arianna Avanzini > * [email protected] > * http://ava.webhop.me > */ > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
