nprobe “converts” packets into netflow. I do not understand why you need this separate tool. Once you have started nprobe, then you have just to access to the ntopng web interface and see what nprobe has reported to it. Yuri ############################################### Yuri Francalacci - [email protected] - http://www.ntop.org "Simplicity is the ultimate sophistication" - Leonardo da Vinci ###############################################
> On 25 Aug 2015, at 13:14, asad <[email protected]> wrote: > > Also, do I need a separate tool for pcap to netflows conversion or the > switches described in the cmd above automatically does the conversion > for you. > > regards > asad > > On 8/25/15, asad <[email protected]> wrote: >> Right now, I just want to see how netflows packets are received by >> ntopng, I'm think I would need collector mode once I'm in prod >> environment? Thanks >> >> On 8/25/15, asad <[email protected]> wrote: >>> Thanks Yuri, that was a bad mistake. I mixed two options. >>> >>> With this cmd "probe /c --zmq "tcp://*:5556" -i smallFlows.pcap" I got >>> it worked and the output is different this time. >>> >>> "Flow export stats: [9007321 bytes/14243 pkts][1209 flows/41 pkts sent] >>> Flow drop stats: [0 bytes/0 pkts][0 flows] >>> Total flow stats: [9007321 bytes/14243 pkts][1209 flows/41 pkts sent]" >>> >>> Locating on GUI is problem? Is it pcap file problem or where the >>> exported packets are logged. >>> thanks >>> >>> On 8/25/15, Yuri Francalacci <[email protected]> wrote: >>>> Do you need collector mode in nprobe? if not, you have to remove all the >>>> -3 >>>> option (that you have specified with the wrong syntax - check nprobe >>>> —help) >>>> Yuri >>>> ############################################### >>>> Yuri Francalacci - [email protected] - http://www.ntop.org >>>> "Simplicity is the ultimate sophistication" - Leonardo da Vinci >>>> ############################################### >>>> >>>>> On 25 Aug 2015, at 12:47, asad <[email protected]> wrote: >>>>> >>>>> Thanks a lot Yuri. >>>>> >>>>> I changed to "nprobe /c --zmq "tcp://*:5556" -i smallFlows.pcap -n >>>>> none -3 port 2055". >>>>> >>>>> But the output is same >>>>> >>>>> " >>>>> 25/Aug/2015 15:46:03 [nprobe.c:2402] Processed packets: 14261 (max >>>>> bucket search: 1) >>>>> 25/Aug/2015 15:46:03 [nprobe.c:2385] Fragment queue length: 0 >>>>> 25/Aug/2015 15:46:03 [nprobe.c:2411] Flow export stats: [0 bytes/0 >>>>> pkts][0 flows/0 pkts sent] >>>>> 25/Aug/2015 15:46:03 [nprobe.c:2421] Flow drop stats: [0 bytes/0 >>>>> pkts][0 flows] >>>>> 25/Aug/2015 15:46:03 [nprobe.c:2426] Total flow stats: [0 bytes/0 >>>>> pkts][0 flows/0 pkts sent] >>>>> >>>>> " >>>>> regards >>>>> >>>>> On 8/25/15, Yuri Francalacci <[email protected]> wrote: >>>>>> to use ntopng as a graphical frontend for nprobe the way you started >>>>>> ntopng >>>>>> is almost fine >>>>>> For nprobe is enough >>>>>>> nprobe /c --zmq "tcp://*:5556” -n none >>>>>> then you have to decide what you would like to use to “feed” nprobe >>>>>> - using a pcap file, you need to add -i <pcap file> and remove all the >>>>>> other >>>>>> stuff >>>>>> - using nprobe in collector mode, you have to add -i none and -3 >>>>>> <port> >>>>>> and >>>>>> send Netflow (not raw packets) data to that port >>>>>> >>>>>> Yuri >>>>>> ############################################### >>>>>> Yuri Francalacci - [email protected] - http://www.ntop.org >>>>>> "Simplicity is the ultimate sophistication" - Leonardo da Vinci >>>>>> ############################################### >>>>>> >>>>>>> On 25 Aug 2015, at 11:59, asad <[email protected]> wrote: >>>>>>> >>>>>>> To update, >>>>>>> >>>>>>> "ntopng /c -i tcp://127.0.0.1:5556" >>>>>>> >>>>>>> and >>>>>>> >>>>>>> "nprobe /c --zmq "tcp://*:5556" -u 5 -i none zeus-sample-3.pcap -n >>>>>>> none -nf --collector-port 2055:5 -V9 -b 2' >>>>>>> >>>>>>> both and running but output is >>>>>>> >>>>>>> "25/Aug/2015 14:59:54 [nprobe.c:4659] Pending buckets have been >>>>>>> exported... >>>>>>> 25/Aug/2015 14:59:56 [engine.c:3293] Export thread terminated >>>>>>> [exportQueue=0] >>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:4725] Flushing queued flows... >>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:4728] Freeing memory... >>>>>>> 25/Aug/2015 14:59:56 [plugin.c:277] Terminating plugins. >>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:4820] Still allocated 0 hash buckets >>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2402] Processed packets: 1105 (max >>>>>>> bucket search: 0) >>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2385] Fragment queue length: 0 >>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2411] Flow export stats: [0 bytes/0 >>>>>>> pkts][0 flows/0 pkts sent] >>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2418] Flow collection: [collected >>>>>>> pkts: >>>>>>> 0][processed flows: 0] >>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2421] Flow drop stats: [0 bytes/0 >>>>>>> pkts][0 flows] >>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2426] Total flow stats: [0 bytes/0 >>>>>>> pkts][0 flows/0 pkts sent] >>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:4833] Cleaning globals >>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:4853] nProbe terminated." >>>>>>> >>>>>>> >>>>>>> What wrong I'm doing. >>>>>>> >>>>>>> regards >>>>>>> asad >>>>>>> >>>>>>> On 8/25/15, asad <[email protected]> wrote: >>>>>>>> Hello, >>>>>>>> >>>>>>>> I'm running "ntopng" on windows and want to point netflows data >>>>>>>> directly. I see on "netstat" command that port 2055 is put in >>>>>>>> established status. >>>>>>>> >>>>>>>> Nprobe is also installed. I want to use nprobe to send pcap files to >>>>>>>> port 2055 for parsing. I see the nprobe change /re-write the headers >>>>>>>> info when sending netflows data. Is there any way to avoid it? >>>>>>>> >>>>>>>> Also, If I want to use nprobe as a proxy collector does the cmds >>>>>>>> works >>>>>>>> in windows as well. I tried and it gives error >>>>>>>> >>>>>>>> " >>>>>>>> nprobe --zmq "tcp://*:5556" -i ..... >>>>>>>> ntopng -i "tcp://127.0.0.1:5556" >>>>>>>> >>>>>>>> >>>>>>>> " >>>>>>>> >>>>>>>> Thanks. >>>>>>>> regards >>>>>>>> asad >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ntop mailing list >>>>>>> [email protected] >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>>> >>> >> > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
