Thanks a lot Yuri. I changed to "nprobe /c --zmq "tcp://*:5556" -i smallFlows.pcap -n none -3 port 2055".
But the output is same " 25/Aug/2015 15:46:03 [nprobe.c:2402] Processed packets: 14261 (max bucket search: 1) 25/Aug/2015 15:46:03 [nprobe.c:2385] Fragment queue length: 0 25/Aug/2015 15:46:03 [nprobe.c:2411] Flow export stats: [0 bytes/0 pkts][0 flows/0 pkts sent] 25/Aug/2015 15:46:03 [nprobe.c:2421] Flow drop stats: [0 bytes/0 pkts][0 flows] 25/Aug/2015 15:46:03 [nprobe.c:2426] Total flow stats: [0 bytes/0 pkts][0 flows/0 pkts sent] " regards On 8/25/15, Yuri Francalacci <[email protected]> wrote: > to use ntopng as a graphical frontend for nprobe the way you started ntopng > is almost fine > For nprobe is enough >> nprobe /c --zmq "tcp://*:5556” -n none > then you have to decide what you would like to use to “feed” nprobe > - using a pcap file, you need to add -i <pcap file> and remove all the other > stuff > - using nprobe in collector mode, you have to add -i none and -3 <port> and > send Netflow (not raw packets) data to that port > > Yuri > ############################################### > Yuri Francalacci - [email protected] - http://www.ntop.org > "Simplicity is the ultimate sophistication" - Leonardo da Vinci > ############################################### > >> On 25 Aug 2015, at 11:59, asad <[email protected]> wrote: >> >> To update, >> >> "ntopng /c -i tcp://127.0.0.1:5556" >> >> and >> >> "nprobe /c --zmq "tcp://*:5556" -u 5 -i none zeus-sample-3.pcap -n >> none -nf --collector-port 2055:5 -V9 -b 2' >> >> both and running but output is >> >> "25/Aug/2015 14:59:54 [nprobe.c:4659] Pending buckets have been >> exported... >> 25/Aug/2015 14:59:56 [engine.c:3293] Export thread terminated >> [exportQueue=0] >> 25/Aug/2015 14:59:56 [nprobe.c:4725] Flushing queued flows... >> 25/Aug/2015 14:59:56 [nprobe.c:4728] Freeing memory... >> 25/Aug/2015 14:59:56 [plugin.c:277] Terminating plugins. >> 25/Aug/2015 14:59:56 [nprobe.c:4820] Still allocated 0 hash buckets >> 25/Aug/2015 14:59:56 [nprobe.c:2402] Processed packets: 1105 (max >> bucket search: 0) >> 25/Aug/2015 14:59:56 [nprobe.c:2385] Fragment queue length: 0 >> 25/Aug/2015 14:59:56 [nprobe.c:2411] Flow export stats: [0 bytes/0 >> pkts][0 flows/0 pkts sent] >> 25/Aug/2015 14:59:56 [nprobe.c:2418] Flow collection: [collected pkts: >> 0][processed flows: 0] >> 25/Aug/2015 14:59:56 [nprobe.c:2421] Flow drop stats: [0 bytes/0 >> pkts][0 flows] >> 25/Aug/2015 14:59:56 [nprobe.c:2426] Total flow stats: [0 bytes/0 >> pkts][0 flows/0 pkts sent] >> 25/Aug/2015 14:59:56 [nprobe.c:4833] Cleaning globals >> 25/Aug/2015 14:59:56 [nprobe.c:4853] nProbe terminated." >> >> >> What wrong I'm doing. >> >> regards >> asad >> >> On 8/25/15, asad <[email protected]> wrote: >>> Hello, >>> >>> I'm running "ntopng" on windows and want to point netflows data >>> directly. I see on "netstat" command that port 2055 is put in >>> established status. >>> >>> Nprobe is also installed. I want to use nprobe to send pcap files to >>> port 2055 for parsing. I see the nprobe change /re-write the headers >>> info when sending netflows data. Is there any way to avoid it? >>> >>> Also, If I want to use nprobe as a proxy collector does the cmds works >>> in windows as well. I tried and it gives error >>> >>> " >>> nprobe --zmq "tcp://*:5556" -i ..... >>> ntopng -i "tcp://127.0.0.1:5556" >>> >>> >>> " >>> >>> Thanks. >>> regards >>> asad >>> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
