reinstall the service with the configuration you would like to have. ############################################### Yuri Francalacci - [email protected] - http://www.ntop.org "Simplicity is the ultimate sophistication" - Leonardo da Vinci ###############################################
> On 25 Aug 2015, at 16:18, asad <[email protected]> wrote: > > Ok,I think I know where I'm messing it up. Your advice please. > > "ntopng /c -i tcp://127.0.0.1:5556 <http://127.0.0.1:5556/>". > > On UI, under "interface" tab i see it as "127.0.0.1:5556 > <http://127.0.0.1:5556/>". > > When, I start it as service either through cmd line switch or service manager > in windows under "interfaces" tab I see the UID of available interfaces. > > On second config, the netflows never reaches/ seen on the UI. So, I'm > thinking why I cannot start the service using the end-points option "ntopng > /c -i tcp://127.0.0.1:5556 <http://127.0.0.1:5556/>". Its difficult to keep a > window open on command prompt for /c switch. > > > > On Tue, Aug 25, 2015 at 6:59 PM, Yuri Francalacci <[email protected] > <mailto:[email protected]>> wrote: > each flow will have the original src/dst ip/port > > ############################################### > Yuri Francalacci - [email protected] <mailto:[email protected]> - > http://www.ntop.org <http://www.ntop.org/> > "Simplicity is the ultimate sophistication" - Leonardo da Vinci > ############################################### > >> On 25 Aug 2015, at 15:46, asad <[email protected] >> <mailto:[email protected]>> wrote: >> >> Yuri, on your last post, I was referring to header info (srcip etc) which >> were not located on UI. When I made it work , I could search the IP exactly >> as shown in pcap files. >> >> Also, only layer 5 to layer 7 info should be discarded. Headers info should >> remain in contact? >> >> regards >> asad >> >> On Tue, Aug 25, 2015 at 6:44 PM, asad <[email protected] >> <mailto:[email protected]>> wrote: >> Yuri, your writing give me confidence to do fresh install of both ntopng and >> nprobe. I followed the same steps and it worked:). >> >> In my office machine , I was restarting/starting the ntopng from the windows >> service tab. This time , I started using command-line. >> >> Or what about local-fw does it have to be turned off? >> >> >> Does ordering matters? Thanks. >> >> On Tue, Aug 25, 2015 at 6:05 PM, asad <[email protected] >> <mailto:[email protected]>> wrote: >> Sorry for confusion, that the problem I'm not seeing packets displayed on >> UI. Do nprobe re-write headers info. For e.g in search I cannot see packets >> that are seen in opening the pcap file alone. Where it goes? >> >> Thanks. >> >> On Tue, Aug 25, 2015 at 5:55 PM, Yuri Francalacci <[email protected] >> <mailto:[email protected]>> wrote: >> nprobe “converts” packets into netflow. I do not understand why you need >> this separate tool. >> Once you have started nprobe, then you have just to access to the ntopng web >> interface and see what nprobe has reported to it. >> Yuri >> ############################################### >> Yuri Francalacci - [email protected] <mailto:[email protected]> - >> http://www.ntop.org <http://www.ntop.org/> >> "Simplicity is the ultimate sophistication" - Leonardo da Vinci >> ############################################### >> >>> On 25 Aug 2015, at 13:14, asad <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Also, do I need a separate tool for pcap to netflows conversion or the >>> switches described in the cmd above automatically does the conversion >>> for you. >>> >>> regards >>> asad >>> >>> On 8/25/15, asad <[email protected] <mailto:[email protected]>> wrote: >>>> Right now, I just want to see how netflows packets are received by >>>> ntopng, I'm think I would need collector mode once I'm in prod >>>> environment? Thanks >>>> >>>> On 8/25/15, asad <[email protected] <mailto:[email protected]>> wrote: >>>>> Thanks Yuri, that was a bad mistake. I mixed two options. >>>>> >>>>> With this cmd "probe /c --zmq "tcp://*:5556 <>" -i smallFlows.pcap" I got >>>>> it worked and the output is different this time. >>>>> >>>>> "Flow export stats: [9007321 bytes/14243 pkts][1209 flows/41 pkts sent] >>>>> Flow drop stats: [0 bytes/0 pkts][0 flows] >>>>> Total flow stats: [9007321 bytes/14243 pkts][1209 flows/41 pkts sent]" >>>>> >>>>> Locating on GUI is problem? Is it pcap file problem or where the >>>>> exported packets are logged. >>>>> thanks >>>>> >>>>> On 8/25/15, Yuri Francalacci <[email protected] <mailto:[email protected]>> wrote: >>>>>> Do you need collector mode in nprobe? if not, you have to remove all the >>>>>> -3 >>>>>> option (that you have specified with the wrong syntax - check nprobe >>>>>> —help) >>>>>> Yuri >>>>>> ############################################### >>>>>> Yuri Francalacci - [email protected] <mailto:[email protected]> - >>>>>> http://www.ntop.org <http://www.ntop.org/> >>>>>> "Simplicity is the ultimate sophistication" - Leonardo da Vinci >>>>>> ############################################### >>>>>> >>>>>>> On 25 Aug 2015, at 12:47, asad <[email protected] >>>>>>> <mailto:[email protected]>> wrote: >>>>>>> >>>>>>> Thanks a lot Yuri. >>>>>>> >>>>>>> I changed to "nprobe /c --zmq "tcp://*:5556 <>" -i smallFlows.pcap -n >>>>>>> none -3 port 2055". >>>>>>> >>>>>>> But the output is same >>>>>>> >>>>>>> " >>>>>>> 25/Aug/2015 15:46:03 [nprobe.c:2402] Processed packets: 14261 (max >>>>>>> bucket search: 1) >>>>>>> 25/Aug/2015 15:46:03 [nprobe.c:2385] Fragment queue length: 0 >>>>>>> 25/Aug/2015 15:46:03 [nprobe.c:2411] Flow export stats: [0 bytes/0 >>>>>>> pkts][0 flows/0 pkts sent] >>>>>>> 25/Aug/2015 15:46:03 [nprobe.c:2421] Flow drop stats: [0 bytes/0 >>>>>>> pkts][0 flows] >>>>>>> 25/Aug/2015 15:46:03 [nprobe.c:2426] Total flow stats: [0 bytes/0 >>>>>>> pkts][0 flows/0 pkts sent] >>>>>>> >>>>>>> " >>>>>>> regards >>>>>>> >>>>>>> On 8/25/15, Yuri Francalacci <[email protected] <mailto:[email protected]>> >>>>>>> wrote: >>>>>>>> to use ntopng as a graphical frontend for nprobe the way you started >>>>>>>> ntopng >>>>>>>> is almost fine >>>>>>>> For nprobe is enough >>>>>>>>> nprobe /c --zmq "tcp://*:5556 <>” -n none >>>>>>>> then you have to decide what you would like to use to “feed” nprobe >>>>>>>> - using a pcap file, you need to add -i <pcap file> and remove all the >>>>>>>> other >>>>>>>> stuff >>>>>>>> - using nprobe in collector mode, you have to add -i none and -3 >>>>>>>> <port> >>>>>>>> and >>>>>>>> send Netflow (not raw packets) data to that port >>>>>>>> >>>>>>>> Yuri >>>>>>>> ############################################### >>>>>>>> Yuri Francalacci - [email protected] <mailto:[email protected]> - >>>>>>>> http://www.ntop.org <http://www.ntop.org/> >>>>>>>> "Simplicity is the ultimate sophistication" - Leonardo da Vinci >>>>>>>> ############################################### >>>>>>>> >>>>>>>>> On 25 Aug 2015, at 11:59, asad <[email protected] >>>>>>>>> <mailto:[email protected]>> wrote: >>>>>>>>> >>>>>>>>> To update, >>>>>>>>> >>>>>>>>> "ntopng /c -i tcp://127.0.0.1:5556 <>" >>>>>>>>> >>>>>>>>> and >>>>>>>>> >>>>>>>>> "nprobe /c --zmq "tcp://*:5556 <>" -u 5 -i none zeus-sample-3.pcap -n >>>>>>>>> none -nf --collector-port 2055:5 -V9 -b 2' >>>>>>>>> >>>>>>>>> both and running but output is >>>>>>>>> >>>>>>>>> "25/Aug/2015 14:59:54 [nprobe.c:4659] Pending buckets have been >>>>>>>>> exported... >>>>>>>>> 25/Aug/2015 14:59:56 [engine.c:3293] Export thread terminated >>>>>>>>> [exportQueue=0] >>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:4725] Flushing queued flows... >>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:4728] Freeing memory... >>>>>>>>> 25/Aug/2015 14:59:56 [plugin.c:277] Terminating plugins. >>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:4820] Still allocated 0 hash buckets >>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2402] Processed packets: 1105 (max >>>>>>>>> bucket search: 0) >>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2385] Fragment queue length: 0 >>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2411] Flow export stats: [0 bytes/0 >>>>>>>>> pkts][0 flows/0 pkts sent] >>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2418] Flow collection: [collected >>>>>>>>> pkts: >>>>>>>>> 0][processed flows: 0] >>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2421] Flow drop stats: [0 bytes/0 >>>>>>>>> pkts][0 flows] >>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2426] Total flow stats: [0 bytes/0 >>>>>>>>> pkts][0 flows/0 pkts sent] >>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:4833] Cleaning globals >>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:4853] nProbe terminated." >>>>>>>>> >>>>>>>>> >>>>>>>>> What wrong I'm doing. >>>>>>>>> >>>>>>>>> regards >>>>>>>>> asad >>>>>>>>> >>>>>>>>> On 8/25/15, asad <[email protected] <mailto:[email protected]>> >>>>>>>>> wrote: >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> I'm running "ntopng" on windows and want to point netflows data >>>>>>>>>> directly. I see on "netstat" command that port 2055 is put in >>>>>>>>>> established status. >>>>>>>>>> >>>>>>>>>> Nprobe is also installed. I want to use nprobe to send pcap files to >>>>>>>>>> port 2055 for parsing. I see the nprobe change /re-write the headers >>>>>>>>>> info when sending netflows data. Is there any way to avoid it? >>>>>>>>>> >>>>>>>>>> Also, If I want to use nprobe as a proxy collector does the cmds >>>>>>>>>> works >>>>>>>>>> in windows as well. I tried and it gives error >>>>>>>>>> >>>>>>>>>> " >>>>>>>>>> nprobe --zmq "tcp://*:5556 <>" -i ..... >>>>>>>>>> ntopng -i "tcp://127.0.0.1:5556 <>" >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> " >>>>>>>>>> >>>>>>>>>> Thanks. >>>>>>>>>> regards >>>>>>>>>> asad >>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Ntop mailing list >>>>>>>>> [email protected] <mailto:[email protected]> >>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >>>>>>>> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ntop mailing list >>>>>>> [email protected] <mailto:[email protected]> >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >>>>>> >>>>>> >>>>> >>>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] <mailto:[email protected]> >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop >> <http://listgateway.unipi.it/mailman/listinfo/ntop> >> >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop >> <http://listgateway.unipi.it/mailman/listinfo/ntop> > > _______________________________________________ > Ntop mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop> > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
