Ack. Figured it out: My UDP checksums were incorrect. I fixed that and things are working as expected now.
Sorry for the bother - looks like everything is working correctly now. Thanks. On May 12, 2015 11:13 AM, "Michael Jeung" <[email protected]> wrote: > I'm using version 5 of ntop only. Here's my config: > > ntopng -e -I tcp://127.0.0.1:5556 > > nprobe --zmq "tcp://127.0.0.1:5556" -u 1 -Q 1 -i none -n none > --collector-port 2055 -b 2 --debug --interpret-flow-packets --syslog nprobe > -t 900 -d 900 -l 900 -V 5 --dump-pkts /var/nprobe.pcap --dump-bad-packets > /var/nprobe_bad.pcap > > I'm running nprobe version v.7.1.150506 (r46666) > > Strangely the dump-pkts and dump-bad-packets files never get anything in > them, even when I send 'good' traffic from the simulator. > > Michael > On May 12, 2015 12:08 AM, "Yuri Francalacci" <[email protected]> wrote: > >> what is the configuration you are using? Are you using netflow v9/ipfix? >> if so, this issue might be caused by the template. But this could be just >> an idea. >> Yuri >> ############################################### >> Yuri Francalacci - [email protected] - http://www.ntop.org >> "Simplicity is the ultimate sophistication" - Leonardo da Vinci >> ############################################### >> >> On 12 May 2015, at 01:17, Michael Jeung <[email protected]> wrote: >> >> Hello! >> >> I have ntopng setup with nprobe on my network for monitoring net flow >> devices. >> >> I'm pretty sure I've got it configured correctly because when I use the >> Paessler Netflow Simulator to generate some sample netflow data, nprobe >> picks it up as expected and I can see it visualized on ntopng. Great! >> >> However, now I'm trying to get nprobe to recognize traffic from one of my >> network devices. I wrote some code that outputs netflow packets and for >> the last couple of days I've made the output match the "good" packets that >> the Paessler traffic generator is creating and nprobe is consuming. >> >> However, I'm running into a problem that is really stumping me. No >> matter how closely I try to mirror the Paessler netflow traffic, nprobe >> consistently ignores my traffic - but every time I start up the simulated >> Paessler traffic, nprobe eagerly accepts it. (I can tell because I'm >> running nprobe in verbose logging mode and I can see exactly when it emits >> a new flow over zmq.) >> >> So, my question is this: is there a good way to get nprobe to tell me WHY >> it's ignoring the netflow packets that I generate? >> >> Right now, I'm sending my netflow packets to nprobe on port 2055 (just >> like Paessler) but I don't see anything show up in the log. It's like >> nprobe is just silently dropping my packets. >> >> I've verified my netflow packets are hitting the nprobe CentOS box with >> tcpdump. I've also verified that my netflow packets are well-formed using >> Wireshark. I'm quite confused why nprobe seems to be ignoring me, but >> picks up Paessler's simulated traffic no problem. >> >> Is there some persistent nprobe data I need to flush? (I've tried >> rebooting, no luck.) Maybe nprobe has somehow locked on to the simulated >> traffic and that's why it's ignoring me? >> >> Any tips would be greatly appreciated! Thanks, >> >> Michael >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
