Hello Simone, Thanks for the update. Will try the installation and see if I can get the following,
- Statistics on 5 tupple flows for bi-directional traffic - Upper layer protocols used, e.g. HTTP along with their request rates - Support for GRE tunnels Regards, Ajit On Tue, Mar 15, 2016 at 1:25 AM, Simone Mainardi <[email protected]> wrote: > Ajit, ntopng and nProbe can work without any additional component. > Depending on your goals, you may need n2disk, pfring etc > > You cannot replace redis with MySQL. > > Simone > > On Tue, Mar 15, 2016 at 12:26 AM, Ajit Sarnaik <[email protected]> > wrote: > >> Hello Simone, >> >> Now that you mention that we need nProbe, will nProbe with ntopng be >> enough or I need to have other components, such as n2disk, nbox, npfring >> ntopng-data as well please. We mysql for other purposes, can we use that >> instead redis please. >> >> Regards, >> >> Ajit >> >> On Tue, Mar 8, 2016 at 4:23 AM, Simone Mainardi <[email protected]> >> wrote: >> >>> Ajit, you need nProbe to decode GRE tunneled traffic: >>> http://www.ntop.org/products/netflow/nprobe/ >>> >>> On Tue, Mar 8, 2016 at 1:12 PM, Ajit Sarnaik <[email protected]> >>> wrote: >>> >>>> Hell Simone, >>>> >>>> This issue does not address the GRE question though. >>>> >>>> Regards, >>>> >>>> Ajit >>>> >>>> On Tue, Mar 8, 2016 at 4:03 AM, Simone Mainardi <[email protected]> >>>> wrote: >>>> >>>>> Ajit, please refer to the following issue: >>>>> https://github.com/ntop/ntopng/issues/432 >>>>> >>>>> On Tue, Mar 8, 2016 at 12:42 PM, Ajit Sarnaik <[email protected]> >>>>> wrote: >>>>> >>>>>> Hello Luca, >>>>>> >>>>>> Are GRE tunnels supported by NTOPNG please. Will file the issue >>>>>> request. >>>>>> >>>>>> Regards, >>>>>> >>>>>> Ajit >>>>>> >>>>>> On Tue, Mar 8, 2016 at 3:35 AM, Luca Deri <[email protected]> wrote: >>>>>> >>>>>>> Hi Ajit, >>>>>>> please file an issue request >>>>>>> >>>>>>> Luca >>>>>>> >>>>>>> On 03/08/2016 12:28 PM, Ajit Sarnaik wrote: >>>>>>> >>>>>>> Hello Simone, >>>>>>> >>>>>>> Is there support for GRE tunnels in ntopng please. >>>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> Ajit >>>>>>> >>>>>>> On Tue, Mar 8, 2016 at 3:27 AM, Ajit Sarnaik <[email protected] >>>>>>> > wrote: >>>>>>> >>>>>>>> Hello Simone, >>>>>>>> >>>>>>>> Thanks for the quick response. By host statistics, you mean native, >>>>>>>> right? We have checked that and also did a tcpdump to verify that we >>>>>>>> are >>>>>>>> getting responses. Below is the json that is returned from one of the >>>>>>>> runs, >>>>>>>> >>>>>>>> hbase-metadata-devjson: >>>>>>>> { >>>>>>>> u'ip': {u'ipVersion': 4, u'ip': u'172.25.3.132', u'localHost': >>>>>>>> False}, >>>>>>>> u'icmp_rcvd': {u'bytes': 0, u'packets': 0}, >>>>>>>> u'pktStats.recv': {}, >>>>>>>> u'contacts': { >>>>>>>> u'client': { u'192.168.254.1': u'62', u'239.255.255.250': u'1'}, >>>>>>>> u'server': {} >>>>>>>> }, >>>>>>>> u'tcp_sent': {u'bytes': 117789898, u'packets': 86207}, >>>>>>>> u'symbolic_name': u'172.25.3.132', >>>>>>>> u'throughput_trend_pps': u'Stable', >>>>>>>> u'ndpiStats': { >>>>>>>> u'Unknown': {u'packets': {u'rcvd': 0, u'sent': 347}, u'bytes': >>>>>>>> {u'rcvd': 0, u'sent': 69306}}, >>>>>>>> u'SSDP': {u'packets': {u'rcvd': 0, u'sent': 1}, u'bytes': >>>>>>>> {u'rcvd': 0, u'sent': 180}}, >>>>>>>> u'RTSP': {u'packets': {u'rcvd': 0, u'sent': 85860}, u'bytes': >>>>>>>> {u'rcvd': 0, u'sent': 117720592}} >>>>>>>> }, >>>>>>>> u'pktStats.sent': { >>>>>>>> u'upTo6500': 678, >>>>>>>> u'upTo1024': 2201, >>>>>>>> u'upTo2500': 836, >>>>>>>> u'upTo128': 1082, >>>>>>>> u'upTo1518': 73338, >>>>>>>> u'upTo512': 1346, >>>>>>>> u'upTo256': 6695, >>>>>>>> u'upTo9000': 65 >>>>>>>> }, >>>>>>>> u'dns': {u'rcvd': {u'stats': {}}, u'sent': {u'stats': {}}}, >>>>>>>> u'mac_address': u'02:C4:92:CA:3F:FD', >>>>>>>> u'throughput_bps': 0.0, >>>>>>>> u'throughput_pps': 0.0, >>>>>>>> u'other_ip_rcvd': {u'bytes': 0, u'packets': 0}, >>>>>>>> u'sent': {u'bytes': 117790078, u'packets': 86208}, >>>>>>>> u'http': {}, >>>>>>>> u'other_ip_sent': {u'bytes': 0, u'packets': 0}, >>>>>>>> u'throughput_trend_bps': u'Stable', >>>>>>>> u'flows.as_client': 63, >>>>>>>> u'activityStats': {u'1456688976': 60, u'1456689036': 48, >>>>>>>> u'1456688916': 60, u'1456688856': 60}, >>>>>>>> u'rcvd': {u'bytes': 0, u'packets': 0}, >>>>>>>> u'flows.as_server': 0, >>>>>>>> u'asn': 14138, >>>>>>>> u'localHost': True, >>>>>>>> u'udp_rcvd': {u'bytes': 0, u'packets': 0}, >>>>>>>> u'udp_sent': {u'bytes': 180, u'packets': 1}, >>>>>>>> u'num_alerts': 0, >>>>>>>> u'epp': {u'rcvd': {}, u'sent': {}}, >>>>>>>> u'systemHost': False, >>>>>>>> u'asname': u'AS14138', >>>>>>>> u'icmp_sent': {u'bytes': 0, u'packets': 0}, >>>>>>>> u'tcp_rcvd': {u'bytes': 0, u'packets': 0} >>>>>>>> } >>>>>>>> >>>>>>>> >>>>>>>> Notice the tcp_sent, which does have data. Let me know if I can >>>>>>>> provide any other information that can help. >>>>>>>> >>>>>>>> Regards, >>>>>>>> >>>>>>>> Ajit >>>>>>>> >>>>>>>> On Mon, Mar 7, 2016 at 7:55 AM, Simone Mainardi < >>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>> >>>>>>>>> ifnum is not recognized as valid param. Since it's unknown, I >>>>>>>>> guess ntopng is replying with host statistics related to the currently >>>>>>>>> active interface. Check hosts statistics against the active interface. >>>>>>>>> >>>>>>>>> Simone >>>>>>>>> >>>>>>>>> On Mon, Mar 7, 2016 at 4:46 PM, Ajit Sarnaik < >>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hello Simone, >>>>>>>>>> >>>>>>>>>> Here is the request, >>>>>>>>>> >>>>>>>>>> " >>>>>>>>>> http://localhost:6398/lua/host_get_json.lua?ifnum=4&host=172.25.3.130 >>>>>>>>>> " >>>>>>>>>> >>>>>>>>>> We do get the Tx stats, but Rx (response from server) is 0. >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> >>>>>>>>>> Ajit >>>>>>>>>> >>>>>>>>>> On Mon, Mar 7, 2016 at 7:05 AM, Simone Mainardi < >>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Ajit, are you calling the http "host_get_json.lua" endpoint >>>>>>>>>>> directly? Could you please post the full http request you make? >>>>>>>>>>> >>>>>>>>>>> simone >>>>>>>>>>> >>>>>>>>>>> On Mon, Mar 7, 2016 at 3:51 AM, Ajit Sarnaik < >>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hello Folks, >>>>>>>>>>>> >>>>>>>>>>>> Just starting using ntop. We would like to capture network >>>>>>>>>>>> statistics for bidirectional traffic and we are using >>>>>>>>>>>> "host_get_json.lua" >>>>>>>>>>>> script to accomplish this. What we are noticing is that the Tx >>>>>>>>>>>> traffic >>>>>>>>>>>> stats are appropriate, where as the Rx traffic stats are 0. We >>>>>>>>>>>> have done a >>>>>>>>>>>> tcpdump to determine if the response are being received on the >>>>>>>>>>>> interface, >>>>>>>>>>>> and they are coming in. Below is the snippet of he config file. >>>>>>>>>>>> >>>>>>>>>>>> # Specifies the network interface or collector >>>>>>>>>>>> endpoint to be used by ntopng for network >>>>>>>>>>>> # monitoring. On Unix you can specify both the interface >>>>>>>>>>>> name (e.g. lo) or the numeric >>>>>>>>>>>> # interface id as shown by ntopng -h. On Windows you >>>>>>>>>>>> must use the interface number instead. >>>>>>>>>>>> # Note that you can specify -i multiple times in order >>>>>>>>>>>> to instruct ntopng to create multiā >>>>>>>>>>>> # ple interfaces. >>>>>>>>>>>> # >>>>>>>>>>>> --interface eth0 >>>>>>>>>>>> --interface eth1 >>>>>>>>>>>> # >>>>>>>>>>>> # -w|--http-port >>>>>>>>>>>> # Sets the HTTP port of the embedded web server. >>>>>>>>>>>> # >>>>>>>>>>>> --http-port 6398 >>>>>>>>>>>> # >>>>>>>>>>>> # -m|--local-networks >>>>>>>>>>>> # ntopng determines the ip addresses and netmasks for >>>>>>>>>>>> each active interface. Any traffic on >>>>>>>>>>>> # those networks is considered local. This parameter >>>>>>>>>>>> allows the user to define additional >>>>>>>>>>>> # networks and subnetworks whose traffic is also >>>>>>>>>>>> considered local in ntopng reports. All >>>>>>>>>>>> # other hosts are considered remote. If not specified >>>>>>>>>>>> the default is set to 192.168.1.0/24. >>>>>>>>>>>> # >>>>>>>>>>>> # Commas separate multiple network values. Both >>>>>>>>>>>> netmask and CIDR notation may be used, >>>>>>>>>>>> # even mixed together, for instance " >>>>>>>>>>>> 131.114.21.0/24,10.0.0.0/255.0.0.0". >>>>>>>>>>>> # >>>>>>>>>>>> --local-networks "172.25.1.0/24,172.25.2.0/24,172.25.3.128/25" >>>>>>>>>>>> # >>>>>>>>>>>> # -n|--dns-mode >>>>>>>>>>>> # Sets the DNS address resolution mode: 0 - Decode DNS >>>>>>>>>>>> responses and resolve only local >>>>>>>>>>>> # (-m) numeric IPs 1 - Decode DNS responses and >>>>>>>>>>>> resolve all numeric IPs 2 - Decode DNS >>>>>>>>>>>> # responses and don't resolve numeric IPs 3 - Don't >>>>>>>>>>>> decode DNS responses and don't resolve >>>>>>>>>>>> # >>>>>>>>>>>> -n=3 >>>>>>>>>>>> >>>>>>>>>>>> Have any of you seen this behavior. Would appreciate any help >>>>>>>>>>>> in this regards. Any pointers to FAQs would also be helpful. >>>>>>>>>>>> >>>>>>>>>>>> Regards, >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Ajit Sarnaik >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Ntop mailing list >>>>>>>>>>>> <[email protected]>[email protected] >>>>>>>>>>>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >>>>>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Ntop mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Ajit Sarnaik >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Ntop mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Ntop mailing list >>>>>>>>> [email protected] >>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Ajit Sarnaik >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Ajit Sarnaik >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ntop mailing >>>>>>> [email protected]http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ntop mailing list >>>>>>> [email protected] >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Ajit Sarnaik >>>>>> >>>>>> _______________________________________________ >>>>>> Ntop mailing list >>>>>> [email protected] >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>> >>>> >>>> >>>> >>>> -- >>>> Ajit Sarnaik >>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> >> >> >> -- >> Ajit Sarnaik >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > -- Ajit Sarnaik
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
