James, you are using an obsolete parameter for nProbe. See this issue: https://github.com/ntop/nProbe/issues/96
Please, use the new parameter --collector-port Regards, Simone On Mon, Oct 31, 2016 at 8:59 PM, James A. Klun <jk...@microsolved.com> wrote: > > I am currently working with nprobe - a new user. > > nProbe v.7.4.160623 (r4597) for Windows > > I am specifically interested in capturing the snmp index number > associated with flows > > My startup: > > C:\Program Files\nProbe>nprobe /c -nf-collector-port 2055 -D t -P E:\nprobe > Running nProbe for Windows. > 31/Oct/2016 13:05:57 [nprobe.c:3404] Valid nProbe Pro license found > 31/Oct/2016 13:05:57 [nprobe.c:4867] WARNING: The output interfaceId is > set to 0: did you forget to use -Q perhaps ? > 31/Oct/2016 13:05:57 [nprobe.c:4870] WARNING: The input interfaceId is set > to 0: did you forget to use -u perhaps ? > 31/Oct/2016 13:05:57 [nprobe.c:4970] Welcome to nProbe Pro v.7.4.160623 > ($Revision: 4384 $) for Windows > 31/Oct/2016 13:05:57 [nprobe.c:4980] Running on Windows > 31/Oct/2016 13:05:57 [nprobe.c:4991] [LICENSE] nProbe SystemId: > 2364757858-76046ad1 > 31/Oct/2016 13:05:57 [nprobe.c:50http://listgateway.unipi.it/75] Dumping > flow files every 60 sec into directory E:\nprobe > 31/Oct/2016 13:05:57 [nprobe.c:5080] WARNING: -n parameter is missing. > 127.0.0.1:2055 will be used. > 31/Oct/2016 13:05:57 [nprobe.c:7307] Welcome to nProbe v.7.4.160623 for > Windows > 31/Oct/2016 13:05:57 [plugin.c:1030] 0 plugin(s) enabled > 31/Oct/2016 13:05:57 [nprobe.c:6833] Non IPv4/v6 traffic is discarded > according to the template > 31/Oct/2016 13:05:57 [nprobe.c:5490] Using packet capture length 128 > 31/Oct/2016 13:05:57 [nprobe.c:7483] IPv6 traffic will NOT be > exported/accounted by this probe > 31/Oct/2016 13:05:57 [nprobe.c:7484] due to configuration options (e.g. > use NetFlow v9) > 31/Oct/2016 13:05:57 [nprobe.c:7529] Flows ASs will not be computed > (missing GeoIP support) > 31/Oct/2016 13:05:57 [nprobe.c:7632] Capturing packets from interface > \Device\NPF_{1AECA7A0-923C-4ADF-BB31-46E5A3C131F7} [snaplen: 128 bytes] > 31/Oct/2016 13:05:57 [nprobe.c:7855] nProbe started successfully > > > The resulting text files look like below: > > IPV4_SRC_ADDR IPV4_DST_ADDR IPV4_NEXT_HOP INPUT_SNMP > OUTPUT_SNMP IN_PKTS IN_BYTES FIRST_SWITCHED > LAST_SWITCHED L4_SRC_PORT > 10.x.x.x 10.x.x.x 0.0.0.0 > 0 0 2 > 1314 1477937430 1477937430 64567 > 10.x.x.x 10.x.x.x 0.0.0.0 > 0 0 1 132 > 1477937430 1477937430 1918 > ...... continues ...... > > > ALL input interfaces show as "0" > > Using wireshark I have verified the V9/IPFIX netflow data IS being > delivered and the interface information is in the flowsets. > > >> Cisco NetFlow/IPFIX > >> Version: 9 > >> Count: 38 > >> SysUptime: 261103507 > >> Timestamp: Oct 28, 2016 21:12:22.000000000 EDT > >> CurrentSecs: 1477703542 > >> FlowSequence: 159997 > >> SourceId: 2304 > >> FlowSet 1 > >> FlowSet Id: (Data) (264) > >> FlowSet Length: 1336 > >> Flow 1 > >> SrcAddr: 122.x.x.x.(122.x.x.x) > >> DstAddr: 122.x.x.x (122.x.x.x) > >> IP ToS: 0x68 > >> Protocol: 17 > >> SrcPort: 20903 > >> DstPort: 53 > >> OutputInt: 9 ===> interface number appears > (and interface is in fact active ) > >> Direction: Egress (1) > >> Octets: 79 > >> Packets: 1 > > > What's required to get the interface numbers to be recognized and > recorded by nprobe? > > > > > > > _______________________________________________ > Ntop mailing list > Ntop@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
