to use ntopng as a graphical frontend for nprobe the way you started ntopng is almost fine For nprobe is enough > nprobe /c --zmq "tcp://*:5556” -n none then you have to decide what you would like to use to “feed” nprobe - using a pcap file, you need to add -i <pcap file> and remove all the other stuff - using nprobe in collector mode, you have to add -i none and -3 <port> and send Netflow (not raw packets) data to that port
Yuri ############################################### Yuri Francalacci - [email protected] - http://www.ntop.org "Simplicity is the ultimate sophistication" - Leonardo da Vinci ############################################### > On 25 Aug 2015, at 11:59, asad <[email protected]> wrote: > > To update, > > "ntopng /c -i tcp://127.0.0.1:5556" > > and > > "nprobe /c --zmq "tcp://*:5556" -u 5 -i none zeus-sample-3.pcap -n > none -nf --collector-port 2055:5 -V9 -b 2' > > both and running but output is > > "25/Aug/2015 14:59:54 [nprobe.c:4659] Pending buckets have been exported... > 25/Aug/2015 14:59:56 [engine.c:3293] Export thread terminated [exportQueue=0] > 25/Aug/2015 14:59:56 [nprobe.c:4725] Flushing queued flows... > 25/Aug/2015 14:59:56 [nprobe.c:4728] Freeing memory... > 25/Aug/2015 14:59:56 [plugin.c:277] Terminating plugins. > 25/Aug/2015 14:59:56 [nprobe.c:4820] Still allocated 0 hash buckets > 25/Aug/2015 14:59:56 [nprobe.c:2402] Processed packets: 1105 (max > bucket search: 0) > 25/Aug/2015 14:59:56 [nprobe.c:2385] Fragment queue length: 0 > 25/Aug/2015 14:59:56 [nprobe.c:2411] Flow export stats: [0 bytes/0 > pkts][0 flows/0 pkts sent] > 25/Aug/2015 14:59:56 [nprobe.c:2418] Flow collection: [collected pkts: > 0][processed flows: 0] > 25/Aug/2015 14:59:56 [nprobe.c:2421] Flow drop stats: [0 bytes/0 > pkts][0 flows] > 25/Aug/2015 14:59:56 [nprobe.c:2426] Total flow stats: [0 bytes/0 > pkts][0 flows/0 pkts sent] > 25/Aug/2015 14:59:56 [nprobe.c:4833] Cleaning globals > 25/Aug/2015 14:59:56 [nprobe.c:4853] nProbe terminated." > > > What wrong I'm doing. > > regards > asad > > On 8/25/15, asad <[email protected]> wrote: >> Hello, >> >> I'm running "ntopng" on windows and want to point netflows data >> directly. I see on "netstat" command that port 2055 is put in >> established status. >> >> Nprobe is also installed. I want to use nprobe to send pcap files to >> port 2055 for parsing. I see the nprobe change /re-write the headers >> info when sending netflows data. Is there any way to avoid it? >> >> Also, If I want to use nprobe as a proxy collector does the cmds works >> in windows as well. I tried and it gives error >> >> " >> nprobe --zmq "tcp://*:5556" -i ..... >> ntopng -i "tcp://127.0.0.1:5556" >> >> >> " >> >> Thanks. >> regards >> asad >> > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
