Asad /i <service name> <parameters> installa a service on windows with the parameters you specified
Luca > On 25 Aug 2015, at 17:13, asad <[email protected]> wrote: > > Please find attached screenshot, I can't use /i switch the way I want. > > On Tue, Aug 25, 2015 at 7:52 PM, asad <[email protected] > <mailto:[email protected]>> wrote: > But should " -i tcp://127.0.0.1:5556 <http://127.0.0.1:5556/>" not meaning > I'm connecting it as client so how can it use these parms as service? > > On Tue, Aug 25, 2015 at 7:28 PM, Yuri Francalacci <[email protected] > <mailto:[email protected]>> wrote: > reinstall the service with the configuration you would like to have. > > ############################################### > Yuri Francalacci - [email protected] <mailto:[email protected]> - > http://www.ntop.org <http://www.ntop.org/> > "Simplicity is the ultimate sophistication" - Leonardo da Vinci > ############################################### > >> On 25 Aug 2015, at 16:18, asad <[email protected] >> <mailto:[email protected]>> wrote: >> >> Ok,I think I know where I'm messing it up. Your advice please. >> >> "ntopng /c -i tcp://127.0.0.1:5556 <http://127.0.0.1:5556/>". >> >> On UI, under "interface" tab i see it as "127.0.0.1:5556 >> <http://127.0.0.1:5556/>". >> >> When, I start it as service either through cmd line switch or service >> manager in windows under "interfaces" tab I see the UID of available >> interfaces. >> >> On second config, the netflows never reaches/ seen on the UI. So, I'm >> thinking why I cannot start the service using the end-points option "ntopng >> /c -i tcp://127.0.0.1:5556 <http://127.0.0.1:5556/>". Its difficult to keep >> a window open on command prompt for /c switch. >> >> >> >> On Tue, Aug 25, 2015 at 6:59 PM, Yuri Francalacci <[email protected] >> <mailto:[email protected]>> wrote: >> each flow will have the original src/dst ip/port >> >> ############################################### >> Yuri Francalacci - [email protected] <mailto:[email protected]> - >> http://www.ntop.org <http://www.ntop.org/> >> "Simplicity is the ultimate sophistication" - Leonardo da Vinci >> ############################################### >> >>> On 25 Aug 2015, at 15:46, asad <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Yuri, on your last post, I was referring to header info (srcip etc) which >>> were not located on UI. When I made it work , I could search the IP exactly >>> as shown in pcap files. >>> >>> Also, only layer 5 to layer 7 info should be discarded. Headers info should >>> remain in contact? >>> >>> regards >>> asad >>> >>> On Tue, Aug 25, 2015 at 6:44 PM, asad <[email protected] >>> <mailto:[email protected]>> wrote: >>> Yuri, your writing give me confidence to do fresh install of both ntopng >>> and nprobe. I followed the same steps and it worked:). >>> >>> In my office machine , I was restarting/starting the ntopng from the >>> windows service tab. This time , I started using command-line. >>> >>> Or what about local-fw does it have to be turned off? >>> >>> >>> Does ordering matters? Thanks. >>> >>> On Tue, Aug 25, 2015 at 6:05 PM, asad <[email protected] >>> <mailto:[email protected]>> wrote: >>> Sorry for confusion, that the problem I'm not seeing packets displayed on >>> UI. Do nprobe re-write headers info. For e.g in search I cannot see packets >>> that are seen in opening the pcap file alone. Where it goes? >>> >>> Thanks. >>> >>> On Tue, Aug 25, 2015 at 5:55 PM, Yuri Francalacci <[email protected] >>> <mailto:[email protected]>> wrote: >>> nprobe “converts” packets into netflow. I do not understand why you need >>> this separate tool. >>> Once you have started nprobe, then you have just to access to the ntopng >>> web interface and see what nprobe has reported to it. >>> Yuri >>> ############################################### >>> Yuri Francalacci - [email protected] <mailto:[email protected]> - >>> http://www.ntop.org <http://www.ntop.org/> >>> "Simplicity is the ultimate sophistication" - Leonardo da Vinci >>> ############################################### >>> >>>> On 25 Aug 2015, at 13:14, asad <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Also, do I need a separate tool for pcap to netflows conversion or the >>>> switches described in the cmd above automatically does the conversion >>>> for you. >>>> >>>> regards >>>> asad >>>> >>>> On 8/25/15, asad <[email protected] <mailto:[email protected]>> wrote: >>>>> Right now, I just want to see how netflows packets are received by >>>>> ntopng, I'm think I would need collector mode once I'm in prod >>>>> environment? Thanks >>>>> >>>>> On 8/25/15, asad <[email protected] <mailto:[email protected]>> wrote: >>>>>> Thanks Yuri, that was a bad mistake. I mixed two options. >>>>>> >>>>>> With this cmd "probe /c --zmq "tcp://*:5556 <>" -i smallFlows.pcap" I got >>>>>> it worked and the output is different this time. >>>>>> >>>>>> "Flow export stats: [9007321 bytes/14243 pkts][1209 flows/41 pkts sent] >>>>>> Flow drop stats: [0 bytes/0 pkts][0 flows] >>>>>> Total flow stats: [9007321 bytes/14243 pkts][1209 flows/41 pkts sent]" >>>>>> >>>>>> Locating on GUI is problem? Is it pcap file problem or where the >>>>>> exported packets are logged. >>>>>> thanks >>>>>> >>>>>> On 8/25/15, Yuri Francalacci <[email protected] <mailto:[email protected]>> >>>>>> wrote: >>>>>>> Do you need collector mode in nprobe? if not, you have to remove all the >>>>>>> -3 >>>>>>> option (that you have specified with the wrong syntax - check nprobe >>>>>>> —help) >>>>>>> Yuri >>>>>>> ############################################### >>>>>>> Yuri Francalacci - [email protected] <mailto:[email protected]> - >>>>>>> http://www.ntop.org <http://www.ntop.org/> >>>>>>> "Simplicity is the ultimate sophistication" - Leonardo da Vinci >>>>>>> ############################################### >>>>>>> >>>>>>>> On 25 Aug 2015, at 12:47, asad <[email protected] >>>>>>>> <mailto:[email protected]>> wrote: >>>>>>>> >>>>>>>> Thanks a lot Yuri. >>>>>>>> >>>>>>>> I changed to "nprobe /c --zmq "tcp://*:5556 <>" -i smallFlows.pcap -n >>>>>>>> none -3 port 2055". >>>>>>>> >>>>>>>> But the output is same >>>>>>>> >>>>>>>> " >>>>>>>> 25/Aug/2015 15:46:03 [nprobe.c:2402] Processed packets: 14261 (max >>>>>>>> bucket search: 1) >>>>>>>> 25/Aug/2015 15:46:03 [nprobe.c:2385] Fragment queue length: 0 >>>>>>>> 25/Aug/2015 15:46:03 [nprobe.c:2411] Flow export stats: [0 bytes/0 >>>>>>>> pkts][0 flows/0 pkts sent] >>>>>>>> 25/Aug/2015 15:46:03 [nprobe.c:2421] Flow drop stats: [0 bytes/0 >>>>>>>> pkts][0 flows] >>>>>>>> 25/Aug/2015 15:46:03 [nprobe.c:2426] Total flow stats: [0 bytes/0 >>>>>>>> pkts][0 flows/0 pkts sent] >>>>>>>> >>>>>>>> " >>>>>>>> regards >>>>>>>> >>>>>>>> On 8/25/15, Yuri Francalacci <[email protected] <mailto:[email protected]>> >>>>>>>> wrote: >>>>>>>>> to use ntopng as a graphical frontend for nprobe the way you started >>>>>>>>> ntopng >>>>>>>>> is almost fine >>>>>>>>> For nprobe is enough >>>>>>>>>> nprobe /c --zmq "tcp://*:5556 <>” -n none >>>>>>>>> then you have to decide what you would like to use to “feed” nprobe >>>>>>>>> - using a pcap file, you need to add -i <pcap file> and remove all the >>>>>>>>> other >>>>>>>>> stuff >>>>>>>>> - using nprobe in collector mode, you have to add -i none and -3 >>>>>>>>> <port> >>>>>>>>> and >>>>>>>>> send Netflow (not raw packets) data to that port >>>>>>>>> >>>>>>>>> Yuri >>>>>>>>> ############################################### >>>>>>>>> Yuri Francalacci - [email protected] <mailto:[email protected]> - >>>>>>>>> http://www.ntop.org <http://www.ntop.org/> >>>>>>>>> "Simplicity is the ultimate sophistication" - Leonardo da Vinci >>>>>>>>> ############################################### >>>>>>>>> >>>>>>>>>> On 25 Aug 2015, at 11:59, asad <[email protected] >>>>>>>>>> <mailto:[email protected]>> wrote: >>>>>>>>>> >>>>>>>>>> To update, >>>>>>>>>> >>>>>>>>>> "ntopng /c -i tcp://127.0.0.1:5556 <>" >>>>>>>>>> >>>>>>>>>> and >>>>>>>>>> >>>>>>>>>> "nprobe /c --zmq "tcp://*:5556 <>" -u 5 -i none zeus-sample-3.pcap -n >>>>>>>>>> none -nf --collector-port 2055:5 -V9 -b 2' >>>>>>>>>> >>>>>>>>>> both and running but output is >>>>>>>>>> >>>>>>>>>> "25/Aug/2015 14:59:54 [nprobe.c:4659] Pending buckets have been >>>>>>>>>> exported... >>>>>>>>>> 25/Aug/2015 14:59:56 [engine.c:3293] Export thread terminated >>>>>>>>>> [exportQueue=0] >>>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:4725] Flushing queued flows... >>>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:4728] Freeing memory... >>>>>>>>>> 25/Aug/2015 14:59:56 [plugin.c:277] Terminating plugins. >>>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:4820] Still allocated 0 hash buckets >>>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2402] Processed packets: 1105 (max >>>>>>>>>> bucket search: 0) >>>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2385] Fragment queue length: 0 >>>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2411] Flow export stats: [0 bytes/0 >>>>>>>>>> pkts][0 flows/0 pkts sent] >>>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2418] Flow collection: [collected >>>>>>>>>> pkts: >>>>>>>>>> 0][processed flows: 0] >>>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2421] Flow drop stats: [0 bytes/0 >>>>>>>>>> pkts][0 flows] >>>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:2426] Total flow stats: [0 bytes/0 >>>>>>>>>> pkts][0 flows/0 pkts sent] >>>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:4833] Cleaning globals >>>>>>>>>> 25/Aug/2015 14:59:56 [nprobe.c:4853] nProbe terminated." >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> What wrong I'm doing. >>>>>>>>>> >>>>>>>>>> regards >>>>>>>>>> asad >>>>>>>>>> >>>>>>>>>> On 8/25/15, asad <[email protected] <mailto:[email protected]>> >>>>>>>>>> wrote: >>>>>>>>>>> Hello, >>>>>>>>>>> >>>>>>>>>>> I'm running "ntopng" on windows and want to point netflows data >>>>>>>>>>> directly. I see on "netstat" command that port 2055 is put in >>>>>>>>>>> established status. >>>>>>>>>>> >>>>>>>>>>> Nprobe is also installed. I want to use nprobe to send pcap files to >>>>>>>>>>> port 2055 for parsing. I see the nprobe change /re-write the headers >>>>>>>>>>> info when sending netflows data. Is there any way to avoid it? >>>>>>>>>>> >>>>>>>>>>> Also, If I want to use nprobe as a proxy collector does the cmds >>>>>>>>>>> works >>>>>>>>>>> in windows as well. I tried and it gives error >>>>>>>>>>> >>>>>>>>>>> " >>>>>>>>>>> nprobe --zmq "tcp://*:5556 <>" -i ..... >>>>>>>>>>> ntopng -i "tcp://127.0.0.1:5556 <>" >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> " >>>>>>>>>>> >>>>>>>>>>> Thanks. >>>>>>>>>>> regards >>>>>>>>>>> asad >>>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Ntop mailing list >>>>>>>>>> [email protected] <mailto:[email protected]> >>>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>>>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >>>>>>>>> >>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Ntop mailing list >>>>>>>> [email protected] <mailto:[email protected]> >>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] <mailto:[email protected]> >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] <mailto:[email protected]> >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >>> >>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] <mailto:[email protected]> >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop >> <http://listgateway.unipi.it/mailman/listinfo/ntop> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop >> <http://listgateway.unipi.it/mailman/listinfo/ntop> > > _______________________________________________ > Ntop mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop> > > > <scr.PNG>_______________________________________________ > Ntop mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
