Hi, On Mon, Jul 25, 2016 at 2:55 PM, <questi...@ctsg.com.au> wrote:
> > Hi Simone, > > -Would the PI3 would be OK for a full 24mbps ADSL2+ connection if placed > between the modem and the first switch in series at full speed? > I would say yes although I recommend you to do some testing. > > -I understand the PI3 would work using mirror port on the switch, but for > customers without a managed switch what steps, if any are required to make > the PI3 work in series like the EdgeRouter. I would add 2x ethernet > adapters. 1 for modem, 1 for switch and 1 for management if required and > any config steps? > in that case, I would set the rpi with a bridge interface -i<modem>,<switch> so that you can intercept all internet traffic and use the management interface to control the rpi > > -I plan on using only ntopng at all sites using PI3s with a licensed > version at our office with individual adapters configured for each off-site > ntopng. > > -Im hoping the PI3 in series will not slow down connections up above > 100mbps? In which case it would be future proof for our up coming national > internet connections upgrades and could be used in series between the modem > and the switch. I guess the only way to achieve this, if a slow down is > present is using a managed switch and mirror port. > > -If a slow down is present as above, and the PI3 is used via a mirror port > and not in series, does it provide a full ntopng experience or are the flow > etc limited? > if ntopng is used in passive mode, that is, it receives traffic from a mirror port, then it won't affect network performance at all. > > -I notice the command for the PI3 starts nprobe also. I will be trying to > use ntopng on the PI3 without nprobe if possible. Is the paid nprobe > required for the ability to use the PI3 in series between the modem and the > switch? > no it is not required, you can just use ntopng. > > Thank you! > > > CTSG > > > > Quoting Simone Mainardi <maina...@ntop.org>: > > Hi, >> >> >> On Sat, Jul 23, 2016 at 4:10 PM, <questi...@ctsg.com.au> wrote: >> >> Thank you very much Simone, >>> >>> Currently we are not using nProbe and did not see any SMB traffic. I will >>> test this again on Monday but we have the ntopng installed on a 20+ PC >>> network and did not see any SMB traffic. >>> >>> OK Thank you 1 license move is allow. We better confirm the hardware we >>> would like to use as the server before purchasing. >>> >>> Our Goal is: >>> >>> We run a small business IT support company. I would like to put remote >>> probes at approx 5 to 10 customer locations to monitor their network as >>> they are often limited to 6 to 10mbps internet connections. We are >>> looking >>> to monitor high bandwidth users. >>> >>> -If ntopng is used at remote locations does it support encryption of the >>> data like nprobe? >>> >>> >> yes, see option >> --zmq-encrypt-pwd <pwd> | Encrypt the ZMQ data using the >> specified password >> >> >> >>> -Would you recommend a pi3, UBNT EdgeRouter or a PC to be used for the >>> remote probes to provide a good full speed service? >>> >>> >> for 6-10Mbps all the options are good. >> >> >> >>> -I am assuming the EdgeRouter does not need a switch with a mirror port >>> and would act in series between the modem and the first switch? >>> >> >> >> correct, this is a common way to place the edge router. In this way you >> will be able to catch all the traffic from (and to) the internet. Other >> additional setups are possible using the same edge router. >> >> Note that only nprobe is presently available for the edgerouters. >> >> >> Does the Pi3 with extra Ethernet adapters act the same or do they require >>> a mirror port attached? >>> >>> >> You should be able to use the rpi3 as if it was an edgerouter provided you >> add an extra ethernet adapter. >> >> >> >>> -When using a pi3 or UBNT EdgeRouter do they slow the network down? >>> >>> >> Typically no. Clearly this depends on the traffic. For 6-10Mbps no slow >> down will be perceived. >> >> >> >>> -If ntopng does support encryption and we are not needing flow data, do >>> we >>> use the community version on all of the remote sites and collect this >>> data >>> with a licensed version at our office? Or when using ntopng at remote >>> sites >>> instead of the nprobe is a license required? >>> >>> >> you may want to use a licensed version of ntopng at your office to have >> extra features such as reporting and a realtime dashboard. However this is >> not strictly necessary and you can implement your solution using just >> community versions. >> >> >> >>> I like the software and the output so i am just trying to sort out which >>> versions are best used and the hardware required. >>> >>> Once i have the remote sites planned and hardware selected what email >>> should i use to discuss license orders? >>> >> >> >> you can use the contact form on the ntopng website. Your email will be >> routed properly. >> >> >> >>> >>> Thank you >>> >>> CTSG >>> >>> >>> Quoting Simone Mainardi <maina...@ntop.org>: >>> >>> Hi, see below inserted reply >>> >>>> >>>> On Fri, Jul 22, 2016 at 5:30 AM, <questi...@ctsg.com.au> wrote: >>>> >>>> Hi Simone, >>>> >>>>> >>>>> Thank you again for your time. >>>>> >>>>> We have defined the local network and also the correct adapter on the >>>>> service. We now have usable current data. Though we do notice ntop does >>>>> not >>>>> seem to be capturing any local SMB traffic. So if we copy a large file >>>>> from >>>>> 1 PC to another on the same subnet it doesn't seem to show anywhere in >>>>> ntop. I see an old reference to IP Mon section with local to local >>>>> traffics >>>>> in help guides but i cannot find any such data when making the file >>>>> copy. >>>>> Also no flows or devices represent the amount of data or speed we are >>>>> transferring. >>>>> >>>>> >>>>> If you are using ntopng in combination with nProbe, then this is >>>> normal. >>>> File transfert are typically long-flows and nProbe will wait flow >>>> completion before reporting that data to ntopng. You can tune nProbe >>>> export >>>> frequency using : >>>> >>>> [--lifetime-timeout|-t] <timeout> | It specifies the maximum (seconds) >>>> flow >>>> | lifetime [default=120] >>>> [--idle-timeout|-d] <timeout> | It specifies the maximum (seconds) >>>> flow >>>> | idle lifetime [default=30] >>>> >>>> >>>> >>>> Small Business License: From looking it appears this is tied to the >>>>> hardware? If we change the PC running ntop do we need to purchase >>>>> another >>>>> license? or just request a new key? >>>>> >>>>> >>>>> license is tied to the hardware. We may allow up to une hardware switch >>>> per >>>> license but this has to be decided on a case-by-case basis. >>>> >>>> >>>> >>>> We want to use ntop on cheap a laptop for now until looking at embedded >>>>> style devices. >>>>> >>>>> >>>>> that's fine. Did you know you can also run ntopng on embedded devices >>>> such >>>> as ARM (raspberry pi), MIPSEL, etc.? >>>> >>>> >>>> >>>> Thank you >>>>> >>>>> >>>>> CTSG >>>>> >>>>> >>>>> >>>>> Quoting Simone Mainardi <maina...@ntop.org>: >>>>> >>>>> Hi, see below >>>>> >>>>> >>>>>> On Thu, Jul 21, 2016 at 1:42 AM, <questi...@ctsg.com.au> wrote: >>>>>> >>>>>> Hi Simone, >>>>>> >>>>>> >>>>>>> Thank you for your time. >>>>>>> >>>>>>> Thank you. We would like the best possible data from the capture so >>>>>>> we >>>>>>> should at least check the outcome using nProbe. >>>>>>> >>>>>>> We are using version 2.4.270616 >>>>>>> >>>>>>> I had a look through the interface to see if any configuration needed >>>>>>> to >>>>>>> be pointed to local network. Can you advise what config you were >>>>>>> referring >>>>>>> to please? >>>>>>> >>>>>>> >>>>>>> see option -m >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> If we would like to try nProbe using a Windows PC could you please >>>>>> >>>>>>> provide >>>>>>> the install commands to get both services talking on the same >>>>>>> required >>>>>>> port >>>>>>> etc. >>>>>>> >>>>>>> >>>>>>> >>>>>> here is a good example >>>>>> >>>>>> >>>>>> >>>>>> http://www.ntop.org/ntopng/creating-a-hierarchical-cluster-of-ntopng-instances/ >>>>>> there are just few small differences in the way you execute the >>>>>> command >>>>>> on >>>>>> windows. This is documented in the manual. >>>>>> >>>>>> >>>>>> Will only mainly be used off mirror ports on a single subnet with both >>>>>> >>>>>> probe and ntopng on the same host. Rarely will we be looking at >>>>>>> anything >>>>>>> more than a single switch and network when using ntopng. >>>>>>> >>>>>>> Thank you again >>>>>>> >>>>>>> CTSG >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Quoting Simone Mainardi <maina...@ntop.org>: >>>>>>> >>>>>>> Hi, please see below >>>>>>> >>>>>>> >>>>>>> On Wed, Jul 20, 2016 at 7:05 AM, <questi...@ctsg.com.au> wrote: >>>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> >>>>>>>> We would like to use ntopng installed on a windows laptop connected >>>>>>>>> to >>>>>>>>> a >>>>>>>>> mirror port on a network switch to monitor and report on network >>>>>>>>> traffic >>>>>>>>> to >>>>>>>>> determine issues across the network. >>>>>>>>> >>>>>>>>> Using ntopng connected to a switch port with mirror configured; is >>>>>>>>> nProbe >>>>>>>>> required? >>>>>>>>> >>>>>>>>> >>>>>>>>> it is not strictly necessary in your case. Provided that you don't >>>>>>>>> need >>>>>>>>> >>>>>>>>> deep packet dissection features (e.g., to dissect DNSm BGP, VoIP, >>>>>>>> etc), >>>>>>>> then ntopng may suffice. >>>>>>>> >>>>>>>> >>>>>>>> We appear to still get some flows shown in ntopng with nprobe >>>>>>>> removed >>>>>>>> but >>>>>>>> >>>>>>>> i'm not positive the flow data is complete. Also I notice the >>>>>>>> >>>>>>>>> interface >>>>>>>>> total bandwidth graph at the bottom of the pages is not displaying >>>>>>>>> any >>>>>>>>> data. >>>>>>>>> >>>>>>>>> >>>>>>>>> - update ntopng to version >= 2.4 >>>>>>>>> >>>>>>>>> - make sure to define local networks in the configuration >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Could someone please let us know the basic setup for a >Smart >>>>>>>> >>>>>>>> Switch>?nprobe?>ntopng>Windows laptop. >>>>>>>>> >>>>>>>>> >>>>>>>>> if you are mirroring a switch port, then nprobe is not strictly >>>>>>>>> >>>>>>>>> necessary >>>>>>>> provided that you don't need information extracted by nprobe plugins >>>>>>>> http://www.ntop.org/products/netflow/nprobe/ >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Is nProbe only required when trying to source data from a netflow or >>>>>>>> >>>>>>>> sflow >>>>>>>>> compatible router device? >>>>>>>>> >>>>>>>>> >>>>>>>>> this is just one case. nprobe is required also for deep traffic >>>>>>>>> >>>>>>>>> dissection >>>>>>>> features. It is also useful to decouple monitoring from >>>>>>>> visualization. >>>>>>>> For >>>>>>>> example, you can deploy multiple nprobes on the vantage points of >>>>>>>> your >>>>>>>> network and collect their results on a remote ntopng. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Knowing the above intended use what would be the best install >>>>>>>> command >>>>>>>> >>>>>>>> for >>>>>>>>> either service please? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> Thank you >>>>>>>> >>>>>>>> >>>>>>>>> CTSG >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Ntop mailing list >>>>>>>>> Ntop@listgateway.unipi.it >>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>> Ntop mailing list >>>>>>> Ntop@listgateway.unipi.it >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> Ntop@listgateway.unipi.it >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>> >>>>> >>>>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> Ntop@listgateway.unipi.it >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >>> > > _______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
