Do you need collector mode in nprobe? if not, you have to remove all the -3 option (that you have specified with the wrong syntax - check nprobe —help) Yuri ############################################### Yuri Francalacci - [email protected] - http://www.ntop.org "Simplicity is the ultimate sophistication" - Leonardo da Vinci ###############################################
> On 25 Aug 2015, at 12:47, asad <[email protected]> wrote: > > Thanks a lot Yuri. > > I changed to "nprobe /c --zmq "tcp://*:5556" -i smallFlows.pcap -n > none -3 port 2055". > > But the output is same > > " > 25/Aug/2015 15:46:03 [nprobe.c:2402] Processed packets: 14261 (max > bucket search: 1) > 25/Aug/2015 15:46:03 [nprobe.c:2385] Fragment queue length: 0 > 25/Aug/2015 15:46:03 [nprobe.c:2411] Flow export stats: [0 bytes/0 > pkts][0 flows/0 pkts sent] > 25/Aug/2015 15:46:03 [nprobe.c:2421] Flow drop stats: [0 bytes/0 > pkts][0 flows] > 25/Aug/2015 15:46:03 [nprobe.c:2426] Total flow stats: [0 bytes/0 > pkts][0 flows/0 pkts sent] > > " > regards > > On 8/25/15, Yuri Francalacci <[email protected]> wrote: >> to use ntopng as a graphical frontend for nprobe the way you started ntopng >> is almost fine >> For nprobe is enough >>> nprobe /c --zmq "tcp://*:5556” -n none >> then you have to decide what you would like to use to “feed” nprobe >> - using a pcap file, you need to add -i <pcap file> and remove all the other >> stuff >> - using nprobe in collector mode, you have to add -i none and -3 <port> and >> send Netflow (not raw packets) data to that port >> >> Yuri >> ############################################### >> Yuri Francalacci - [email protected] - http://www.ntop.org >> "Simplicity is the ultimate sophistication" - Leonardo da Vinci >> ############################################### >> >>> On 25 Aug 2015, at 11:59, asad <[email protected]> wrote: >>> >>> To update, >>> >>> "ntopng /c -i tcp://127.0.0.1:5556" >>> >>> and >>> >>> "nprobe /c --zmq "tcp://*:5556" -u 5 -i none zeus-sample-3.pcap -n >>> none -nf --collector-port 2055:5 -V9 -b 2' >>> >>> both and running but output is >>> >>> "25/Aug/2015 14:59:54 [nprobe.c:4659] Pending buckets have been >>> exported... >>> 25/Aug/2015 14:59:56 [engine.c:3293] Export thread terminated >>> [exportQueue=0] >>> 25/Aug/2015 14:59:56 [nprobe.c:4725] Flushing queued flows... >>> 25/Aug/2015 14:59:56 [nprobe.c:4728] Freeing memory... >>> 25/Aug/2015 14:59:56 [plugin.c:277] Terminating plugins. >>> 25/Aug/2015 14:59:56 [nprobe.c:4820] Still allocated 0 hash buckets >>> 25/Aug/2015 14:59:56 [nprobe.c:2402] Processed packets: 1105 (max >>> bucket search: 0) >>> 25/Aug/2015 14:59:56 [nprobe.c:2385] Fragment queue length: 0 >>> 25/Aug/2015 14:59:56 [nprobe.c:2411] Flow export stats: [0 bytes/0 >>> pkts][0 flows/0 pkts sent] >>> 25/Aug/2015 14:59:56 [nprobe.c:2418] Flow collection: [collected pkts: >>> 0][processed flows: 0] >>> 25/Aug/2015 14:59:56 [nprobe.c:2421] Flow drop stats: [0 bytes/0 >>> pkts][0 flows] >>> 25/Aug/2015 14:59:56 [nprobe.c:2426] Total flow stats: [0 bytes/0 >>> pkts][0 flows/0 pkts sent] >>> 25/Aug/2015 14:59:56 [nprobe.c:4833] Cleaning globals >>> 25/Aug/2015 14:59:56 [nprobe.c:4853] nProbe terminated." >>> >>> >>> What wrong I'm doing. >>> >>> regards >>> asad >>> >>> On 8/25/15, asad <[email protected]> wrote: >>>> Hello, >>>> >>>> I'm running "ntopng" on windows and want to point netflows data >>>> directly. I see on "netstat" command that port 2055 is put in >>>> established status. >>>> >>>> Nprobe is also installed. I want to use nprobe to send pcap files to >>>> port 2055 for parsing. I see the nprobe change /re-write the headers >>>> info when sending netflows data. Is there any way to avoid it? >>>> >>>> Also, If I want to use nprobe as a proxy collector does the cmds works >>>> in windows as well. I tried and it gives error >>>> >>>> " >>>> nprobe --zmq "tcp://*:5556" -i ..... >>>> ntopng -i "tcp://127.0.0.1:5556" >>>> >>>> >>>> " >>>> >>>> Thanks. >>>> regards >>>> asad >>>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
