Hi,
On Sat, Jul 23, 2016 at 4:10 PM, <questi...@ctsg.com.au> wrote: > Thank you very much Simone, > > Currently we are not using nProbe and did not see any SMB traffic. I will > test this again on Monday but we have the ntopng installed on a 20+ PC > network and did not see any SMB traffic. > > OK Thank you 1 license move is allow. We better confirm the hardware we > would like to use as the server before purchasing. > > Our Goal is: > > We run a small business IT support company. I would like to put remote > probes at approx 5 to 10 customer locations to monitor their network as > they are often limited to 6 to 10mbps internet connections. We are looking > to monitor high bandwidth users. > > -If ntopng is used at remote locations does it support encryption of the > data like nprobe? > yes, see option --zmq-encrypt-pwd <pwd> | Encrypt the ZMQ data using the specified password > > -Would you recommend a pi3, UBNT EdgeRouter or a PC to be used for the > remote probes to provide a good full speed service? > for 6-10Mbps all the options are good. > > -I am assuming the EdgeRouter does not need a switch with a mirror port > and would act in series between the modem and the first switch? correct, this is a common way to place the edge router. In this way you will be able to catch all the traffic from (and to) the internet. Other additional setups are possible using the same edge router. Note that only nprobe is presently available for the edgerouters. > Does the Pi3 with extra Ethernet adapters act the same or do they require > a mirror port attached? > You should be able to use the rpi3 as if it was an edgerouter provided you add an extra ethernet adapter. > > -When using a pi3 or UBNT EdgeRouter do they slow the network down? > Typically no. Clearly this depends on the traffic. For 6-10Mbps no slow down will be perceived. > > -If ntopng does support encryption and we are not needing flow data, do we > use the community version on all of the remote sites and collect this data > with a licensed version at our office? Or when using ntopng at remote sites > instead of the nprobe is a license required? > you may want to use a licensed version of ntopng at your office to have extra features such as reporting and a realtime dashboard. However this is not strictly necessary and you can implement your solution using just community versions. > > I like the software and the output so i am just trying to sort out which > versions are best used and the hardware required. > > Once i have the remote sites planned and hardware selected what email > should i use to discuss license orders? you can use the contact form on the ntopng website. Your email will be routed properly. > > > Thank you > > CTSG > > > Quoting Simone Mainardi <maina...@ntop.org>: > > Hi, see below inserted reply >> >> On Fri, Jul 22, 2016 at 5:30 AM, <questi...@ctsg.com.au> wrote: >> >> Hi Simone, >>> >>> Thank you again for your time. >>> >>> We have defined the local network and also the correct adapter on the >>> service. We now have usable current data. Though we do notice ntop does >>> not >>> seem to be capturing any local SMB traffic. So if we copy a large file >>> from >>> 1 PC to another on the same subnet it doesn't seem to show anywhere in >>> ntop. I see an old reference to IP Mon section with local to local >>> traffics >>> in help guides but i cannot find any such data when making the file copy. >>> Also no flows or devices represent the amount of data or speed we are >>> transferring. >>> >>> >> If you are using ntopng in combination with nProbe, then this is normal. >> File transfert are typically long-flows and nProbe will wait flow >> completion before reporting that data to ntopng. You can tune nProbe >> export >> frequency using : >> >> [--lifetime-timeout|-t] <timeout> | It specifies the maximum (seconds) >> flow >> | lifetime [default=120] >> [--idle-timeout|-d] <timeout> | It specifies the maximum (seconds) >> flow >> | idle lifetime [default=30] >> >> >> >>> Small Business License: From looking it appears this is tied to the >>> hardware? If we change the PC running ntop do we need to purchase another >>> license? or just request a new key? >>> >>> >> license is tied to the hardware. We may allow up to une hardware switch >> per >> license but this has to be decided on a case-by-case basis. >> >> >> >>> We want to use ntop on cheap a laptop for now until looking at embedded >>> style devices. >>> >>> >> that's fine. Did you know you can also run ntopng on embedded devices such >> as ARM (raspberry pi), MIPSEL, etc.? >> >> >> >>> Thank you >>> >>> >>> CTSG >>> >>> >>> >>> Quoting Simone Mainardi <maina...@ntop.org>: >>> >>> Hi, see below >>> >>>> >>>> On Thu, Jul 21, 2016 at 1:42 AM, <questi...@ctsg.com.au> wrote: >>>> >>>> Hi Simone, >>>> >>>>> >>>>> Thank you for your time. >>>>> >>>>> Thank you. We would like the best possible data from the capture so we >>>>> should at least check the outcome using nProbe. >>>>> >>>>> We are using version 2.4.270616 >>>>> >>>>> I had a look through the interface to see if any configuration needed >>>>> to >>>>> be pointed to local network. Can you advise what config you were >>>>> referring >>>>> to please? >>>>> >>>>> >>>>> see option -m >>>> >>>> >>>> >>>> If we would like to try nProbe using a Windows PC could you please >>>>> provide >>>>> the install commands to get both services talking on the same required >>>>> port >>>>> etc. >>>>> >>>>> >>>> >>>> here is a good example >>>> >>>> >>>> http://www.ntop.org/ntopng/creating-a-hierarchical-cluster-of-ntopng-instances/ >>>> there are just few small differences in the way you execute the command >>>> on >>>> windows. This is documented in the manual. >>>> >>>> >>>> Will only mainly be used off mirror ports on a single subnet with both >>>> >>>>> probe and ntopng on the same host. Rarely will we be looking at >>>>> anything >>>>> more than a single switch and network when using ntopng. >>>>> >>>>> Thank you again >>>>> >>>>> CTSG >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Quoting Simone Mainardi <maina...@ntop.org>: >>>>> >>>>> Hi, please see below >>>>> >>>>> >>>>>> On Wed, Jul 20, 2016 at 7:05 AM, <questi...@ctsg.com.au> wrote: >>>>>> >>>>>> Hi All, >>>>>> >>>>>> >>>>>>> We would like to use ntopng installed on a windows laptop connected >>>>>>> to >>>>>>> a >>>>>>> mirror port on a network switch to monitor and report on network >>>>>>> traffic >>>>>>> to >>>>>>> determine issues across the network. >>>>>>> >>>>>>> Using ntopng connected to a switch port with mirror configured; is >>>>>>> nProbe >>>>>>> required? >>>>>>> >>>>>>> >>>>>>> it is not strictly necessary in your case. Provided that you don't >>>>>>> need >>>>>>> >>>>>> deep packet dissection features (e.g., to dissect DNSm BGP, VoIP, >>>>>> etc), >>>>>> then ntopng may suffice. >>>>>> >>>>>> >>>>>> We appear to still get some flows shown in ntopng with nprobe removed >>>>>> but >>>>>> >>>>>> i'm not positive the flow data is complete. Also I notice the >>>>>>> interface >>>>>>> total bandwidth graph at the bottom of the pages is not displaying >>>>>>> any >>>>>>> data. >>>>>>> >>>>>>> >>>>>>> - update ntopng to version >= 2.4 >>>>>>> >>>>>> - make sure to define local networks in the configuration >>>>>> >>>>>> >>>>>> >>>>>> Could someone please let us know the basic setup for a >Smart >>>>>> >>>>>>> Switch>?nprobe?>ntopng>Windows laptop. >>>>>>> >>>>>>> >>>>>>> if you are mirroring a switch port, then nprobe is not strictly >>>>>>> >>>>>> necessary >>>>>> provided that you don't need information extracted by nprobe plugins >>>>>> http://www.ntop.org/products/netflow/nprobe/ >>>>>> >>>>>> >>>>>> >>>>>> Is nProbe only required when trying to source data from a netflow or >>>>>> >>>>>>> sflow >>>>>>> compatible router device? >>>>>>> >>>>>>> >>>>>>> this is just one case. nprobe is required also for deep traffic >>>>>>> >>>>>> dissection >>>>>> features. It is also useful to decouple monitoring from visualization. >>>>>> For >>>>>> example, you can deploy multiple nprobes on the vantage points of your >>>>>> network and collect their results on a remote ntopng. >>>>>> >>>>>> >>>>>> >>>>>> Knowing the above intended use what would be the best install command >>>>>> >>>>>>> for >>>>>>> either service please? >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> Thank you >>>>>> >>>>>>> >>>>>>> CTSG >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ntop mailing list >>>>>>> Ntop@listgateway.unipi.it >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> Ntop@listgateway.unipi.it >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>> >>>>> >>>>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> Ntop@listgateway.unipi.it >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >>> > > > _______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
