Re: [Ntop-misc] UDP flow collection / nprobe question

Hi Peter the problem is that your nProbe is receiving templates from multiple routers and they exceed the number of 256. You should see a log like 13/Nov/2020 09:43:22 [collect.c:1624] Added new flow template definition

Re: [Ntop-misc] nProbe dynamic blacklist / --max-num-flows

You can reach the person managing the list at > ntop-misc-ow...@listgateway.unipi.it > <mailto:ntop-misc-ow...@listgateway.unipi.it> > > When replying, please edit your Subject line so it is more specific &g

Re: [Ntop-misc] nProbe dynamic blacklist / --max-num-flows

Hi Peter changing them on the fly is not supported. Better if you filter the host with -f so avoid processing packets at all, instead of discarding egress flows Yes of there is a DoS, flows exceeding the threshold are dropped, this to avoid to DoS also nProbe. What is the algorithm you have in

Re: [Ntop-misc] Send nprobe output to file - nprobe -P ?

in JSON format. Any trick to do > that? > > Thanks! > > David > > On Wednesday, August 1, 2018, 3:54:11 PM CDT, Luca Deri wrote: > > > David, > you need to use -P , but when you start nprobe, the user is nobody so > this can be the problem.

Re: [Ntop-misc] Send nprobe output to file - nprobe -P ?

David, you need to use -P , but when you start nprobe, the user is nobody so this can be the problem. See also --dont-drop-privileges | Do not drop privileges changing to user nobody --unprivileged-user | Use instead of nobody when dropping privileges This said with -P

Re: [Ntop-misc] collector-sample-rate unrecognized option

Simone Can you please update the guide? Luca > On 22 Jul 2018, at 16:04, Ryan Gelobter wrote: > > That option is still in the current nprobe users guide. Also about a year ago > I wrote to the mailing list and Simone had recommended the setting > >> On Sat, Jul 21, 20

Re: [Ntop-misc] collector-sample-rate unrecognized option

Ryan that option has been reworked. Can you please tell me where you read of it that we need to fix the documentation? This said this is the option you need to use. Thanks Luca [--sample-rate|-S] :: | Packet capture sampling rate (-i only)

Re: [Ntop-misc] nprobe to hadoop/hdfs?

Scott no there are no plans as we’re not very skilled on Hadoop. But if you can tell me more in detail what you need and how, I will can see if I can accommodate that Cheers Luca > On 17 Jul 2018, at 22:10, Scott Bossi wrote: > > Hi, > > I was wondering if there were any plans to output

Re: [Ntop-misc] nprobe and ntopng on same system?

David yes you can. When you want to do SPAN + collection you need to start two nprobe instances both exporting to ELK. So nprobe -n none -i ethX … --elastic … nprobe -n none -i none -3 … --elastic … Regards Luca > On 12 Jul 2018, at 05:51, David Kraut wrote: > > Is it possible to run

Re: [Ntop-misc] nProbe performance, zbalance packet drops

Hi David your template is huge. Can you please omit (just for troubleshooting) "--flow-templ….” and report if you see changes in load? Thanks Luca > On 27 Jun 2018, at 08:43, David Notivol wrote: > > Hi, > And now: > - 1.log = scenario in your point 1, including top, zbalance output, and >

Re: [Ntop-misc] nprobe scaling...

Hi Scott thanks for using nProbe. A single instance should be able to collect 10-20k+ flows/core, this if you’re able to distribute flows across instances. Export to ElasticSearch has been improved (and extended to support the latest version) recently. What nProbe version are you using? In

Re: [Ntop-misc] Running ntop on cisco nexus 3K/9K switch?

Hi David we’re not familiar with these devices but it would be nice to create a container you can use them. Please let us know more about this topic so we can build a ntopng container ready for this platform Regards Luca > On 19 Jun 2018, at 19:51, David Kraut wrote: > > Cisco Nexus 3K/9K

[Ntop-misc] Learning the ntopng Lua API

Hi all, we have finally written the documentation for the ntopng Lua API. You can read more here https://www.ntop.org/ntopng/learning-the-ntopng-lua-api/ Please let us know what you think and what is missing. Thank you, Luca ___ Ntop-misc mailing list

Re: [Ntop-misc] nProbe -A option

e_client.pl/> is > not working for me... I need to debug it but if has some easy way to insert > prefix/ASN in the probes, let me know. > > -- > Pedro > > > 2018-05-07 12:51 GMT+02:00 Luca Deri <d...@ntop.org <mailto:d...@ntop.org>>: > > > > Pe

Re: [Ntop-misc] nProbe -A option

Pedro, the file specified with -A has to be in GeoIP format, not text as you did Luca > On 4 May 2018, at 18:20, PEDRO RODRIGUES TORRES wrote: > > Hello, > > I am using nProbe Pro v.8.5.180504 ($Revision: 6149 $) for > x86_64-pc-linux-gnu with native PF_RING acceleration.

Re: [Ntop-misc] nProbe and Andrisoft compatibility

Benjaminall I did is this:I have started "nprobe nprobe.conf” (basically is your config file) and sent some flows to nprobe, then captured the emitted flows with wireshark. I enclose the pcap with such flows. If you open them with wireshark everything looks good with no decoding errors

Re: [Ntop-misc] About pf_ring licences (was nProbe Pro won't do more then 1Gb/s?)

Jan 2018, at 21:54, Marco Teixeira <ma...@scom.uminho.pt> wrote: > > Ok. And one can expect to reach more than 1Gb/s on vanilla drivers right? On > a somewhat decent server... Xeon with PCIe x8 NIC... > > ​Regards > Marco​ > > > > 2018-01-25 19:52 GMT+0

Re: [Ntop-misc] About pf_ring licences (was nProbe Pro won't do more then 1Gb/s?)

So pfcount -i zc:ens2f0 requires a ZC drivers, pfcount -i ens2f0 does not Please see https://github.com/ntop/PF_RING/wiki <https://github.com/ntop/PF_RING/wiki> for details Regards Luca > > ​Regards, and thank you for your advice, and time, > Marco​ > > > > >

Re: [Ntop-misc] About pf_ring licences (was nProbe Pro won't do more then 1Gb/s?)

Marco our licenses don’t have a cap on speed, but they are per device family. So if these devices as 10G you need a 10G license As you’re a university you can mail educat...@ntop.org for free licenses Regards Luca > On 25 Jan 2018, at 12:52, Marco Teixeira

Re: [Ntop-misc] nProbe performance and packet drops

David sorry for the delay. What you can also do is the following 1. Enable RSS let’s say with two queues 2. start nprobe -i eth1@0,eth2@0 -g 1 ... nprobe -i eth1@1,eth2@1 -g 2 ... If this is not enough you can increase the number of RSS queues so that each probe has less messages to process

Re: [Ntop-misc] nProbe Pro won't do more then 1Gb/s?

Marco how much traffic are you injecting and how (pfsend)? What does the sender say? Luca > On 16 Jan 2018, at 17:27, Marco Teixeira wrote: > > Hi Alfredo, > > I think our emails got crossed... but nevertheless here is ethtool -S > output... Shows no drops. > > === >

Re: [Ntop-misc] Default values for nProbe settings

130835/1.0 flows/msg][send errors=0] > 08/Jan/2018 18:09:43 [nprobe.c:3260] Collector Threads: [50988 pkts@0] > 08/Jan/2018 18:09:43 [nprobe.c:3052] Processed packets: 0 (max bucket search: > 8) > 08/Jan/2018 18:09:43 [nprobe.c:3035] Fragment queue length: 0 > 08/Jan/2018 18:09:4

Re: [Ntop-misc] Default values for nProbe settings

Mark the default is 1/1/1/1/1/1 but please note that depending on the template some fields will be set to 0. Please pay attention to the nprobe startup log Thanks Luca > On 8 Jan 2018, at 19:01, Mark Petronic wrote: > > Some indicate the default in the -h output and

Re: [Ntop-misc] General questions and documentation of nprobe internals

Hi Mark, sorry for the late reply but we;ve been in vacation lately Please see below > On 20 Dec 2017, at 13:25, Mark Petronic wrote: > > I am running with nprobe 8.2 in collector mode. I am currently designing a > collection infrastructure so I want to try to

Re: [Ntop-misc] Few general question on using nprobe as a collector with Kafka

Hi Mark please see below, but first of all please move to 8.2 as we have fixes many issues and many improvements in particular when collecting flows https://www.ntop.org/category/nprobe/ On 12/12/2017 06:09 PM, Mark Petronic wrote: > I am fairly new to nprobe and have been experimenting with the

Re: [Ntop-misc] Query regarding ZC license

ber 11, 2017 for PF_RING-ZC 6.2. So I can > upgrade from 6.2 to {any version released} until December 10, 2018 using the > same license. Sort of. The count starts from the day you generate the license, not when ou buy it Luca > > Regards, > > On Mon, Dec 11, 2017 at 1:19 PM,

Re: [Ntop-misc] Query regarding ZC license

Hi Chandrika, it is all explained here http://www.ntop.org/support/faq/are-licenses-permanent-what-about-maintenance/ In essence we enforce only the date you generate the license, so you can upgrade for one year since license generation or if you so not upgrade licenses are permanent Regards

Re: [Ntop-misc] hw dimensioning for nprobe and ntopng

Spiros for 4 Gbit of traffic any modern server will work. You can use E3 processors up for nProbe, but if you add ELK you’re on an unchartered land as when indexes becomes large expect slow-downs and thus you probably need to spawn more ELK instances Regards Luca > On 8 Oct 2017, at 04:11,

Re: [Ntop-misc] nprobe

Eladio I need to snd you a binary nProbe with debug symbols to figure out the problem. Please open an issue on https://github.com/ntop/nProbe/issues and specify the command line you have used to start nProbe as well add the output of nprobe --version

Re: [Ntop-misc] Getting the transmitted bytes src/dst in a flow

Hi Gouveia are you generating flows with nprobe or collecting them? Please explain the context Thanks Luca > On 19 Sep 2017, at 20:01, Henrique Nascimento Gouveia > wrote: > > Hi, > > I am having a hard time trying to realize how I could get the source and >

Re: [Ntop-misc] nprobe sctp support

You’re welcome Luca > On 3 Sep 2017, at 11:09, Felix Erlacher <felix.erlac...@uibk.ac.at> wrote: > > Hello Luca, > Downloaded and tested it: flows are arriving at my sctp collector :-) > thank you very much! > > regards > Felix > > > On 03/09/17 10:45

Re: [Ntop-misc] nprobe sctp support

Felix, we have modified the Ubuntu 16 build. Please update the packages and let me know Regards Luca > On 1 Sep 2017, at 18:09, Felix Erlacher wrote: > > Hi all, > > I am having trouble getting nprobe to export ipfix flows over SCTP. TCP > and UDP work flawlessly

Re: [Ntop-misc] nprobe biflows

Felix please see (-h) but in general the option below [--biflows-export-policy|-N] | Bi-directional flows export policy: | 1 - export bi-directional flows only | 2 - export mono-directional flows only allows you to export

Re: [Ntop-misc] How to compile nDPI with JSON-C enabled?

Marcel please install it form source or the development package Luca > On 18 Jul 2017, at 17:12, Lüthi Marcel FUB wrote: > > Dear list > > I downloaded the latest (development) version of nDPI from > https://github.com/ntop/nDPI . >

Re: [Ntop-misc] nprobe not capturing traffic

Hi Shahzada, can you please submit an issue on ntopng’s github page so we can track this issue? Luca > On 1 Apr 2017, at 07:24, Shahzada Khurram wrote: > > hi Simone, > thanks for reply please find below detail configuration, all > configuration done by

Re: [Ntop-misc] Nprobe disable collector hostname resolution

Morgan can you please make an example? Luca > On 10 Mar 2017, at 04:09, Morgan Yang wrote: > > Hi All: > > I'm using Nprobe 7.1 and it throws an error when the collector IP can not be > resolved via nslookup. Is it possible to disable hostname resolution for >

Re: [Ntop-misc] Maximum of collectors for 1 session of nprobe

Morgan limit increased as requested. New build is in progress Regards Luca On 02/22/2017 04:12 AM, Morgan Yang wrote: > Hi All: > > I see to be hitting a limit of 8 collectors per session of nprobe (I'm > hoping for 16). I'm waiting for another person on my team to get the > license, is that a

Re: [Ntop-misc] nprobe: export IP in decimal format

Please file an enhancement request on https://github.com/ntop/nProbe/issues Luca > On 16 Feb 2017, at 17:51, Сяргей Башлыкевіч wrote: > > Hi, > > is there any possibility to export IPs to file in decimal (not dotted) format? > I

Re: [Ntop-misc] NTOPNG No Application Breakdown for local interface.

Iain, can you please file a bug on github (menu home "Report Issue") and attach the complete URL as well a screendump? Thanks Luca On 12/13/2016 11:49 AM, Iain Bowker wrote: > Hi, > > I've got a freshly installed linux NTOPNG (fully licensed) server with > a locally configured sensor interface

Re: [Ntop-misc] nprobe proxy mode - not working with templates

Troy, the template you have used lacks core fields such as time, bytes and packets. This is the problem. Please add them to it Regards Luca > On 8 Dec 2016, at 04:10, Troy Jordan wrote: > > All, > > Adding a -T template argument appears to break my nprobe in proxy mode. >

Re: [Ntop-misc] NPROBE CENTO Out of bounday error

ick question. When we are exporting using Netflow v9, are we > also exporting IPv6 traffic? Yes I do > > Kind regards, > Regards Luca > Jesse > > -Original Message- > From: ntop-misc-boun...@listgateway.unipi.it > [mailto:ntop-misc-boun...@listgateway.unipi.it]

Re: [Ntop-misc] NPROBE CENTO Out of bounday error

Jesse what cento version are you using? This bug should have been solved a while ago. I have tested the latest devel version and it works for me. Please let me know. Thanks Luca On 11/21/2016 09:27 PM, Jesse Alexander wrote: > Hello, > > Beginning today, we are receiving an error when running

Re: [Ntop-misc] Ntopng chart time axis formatting problems

ion > you're referring to? > > Peter Shute > > Sent from my iPad > >> On 15 Nov. 2016, at 6:55 pm, Luca Deri <d...@ntop.org> wrote: >> >> Peter >> in the pro version we use a different library where the problem you >> reported doesn't appear

Re: [Ntop-misc] Ntopng chart time axis formatting problems

Peter in the pro version we use a different library where the problem you reported doesn't appear If you have a patch to share, please send us a pull request and we'll consider its inclusion in ntopng Regards Luca On 11/15/2016 01:33 AM, Peter Shute wrote: > Charts are displayed in several

Re: [Ntop-misc] n2disk dumping with RHEL6 Kernel 2.6.32-642.4.2.el6.x86_64

> everything from RPMs (via yum). > > Thanks, > Derek > > > From: ntop-misc-boun...@listgateway.unipi.it > <ntop-misc-boun...@listgateway.unipi.it> on behalf of Luca Deri > <d...@ntop.org> > Sent: Thursday, November 10, 2016 3:33 PM > To: ntop-misc@lis

Re: [Ntop-misc] n2disk dumping with RHEL6 Kernel 2.6.32-642.4.2.el6.x86_64

Derek how did you update? Via yum? Luca > On 10 Nov 2016, at 20:11, Spransy, Derek wrote: > > Hi Alfredo, > > I updated, but now I've run into a different problem. It looks like the new > version of n2disk10g requires glibc 2.14? Was that just changed in this > version?

Re: [Ntop-misc] PFRING not giving callback for fragmented packets if frag enabled in PFRING

Hi Chandrika in PF_RING we rely on kernel defragmentation routines, it’s not our code. As the kernel code is designed to work per socket and not in in the wild, this could be the issue. I suggest to defragment in user-space as your traffic seems to be heavily fragmented (BTW why don’t you

Re: [Ntop-misc] PF_RING sees DAG but nprobe does not

John our PF_RING packages binaries do not include DAG support yet. We’ve just received DAG drivers and working at this. Please file an issue on https://github.com/ntop/PF_RING/issues so we can track the problem more effectively than via email Regards

Re: [Ntop-misc] Access to historical charts very slow in ntopng

Peter it is very likely that your MySQL is not fast enough. Try to run the query below on your DB to see how long it took (MySQL 5.6 or later) Luca mysql> select * from events_statements_summary_by_digest order by MAX_TIMER_WAIT desc limit 1 \G *** 1. row

Re: [Ntop-misc] trying to get PF_RING to recognize DAG

Hi John, we are in touch with Endace and we’ll refresh DAG support in PF_RING in the near future to make sure we support all their latest products. This said, you need to compile PF_RING from source on a host where you have the DAG tools installed and it should work. Did you do that perhaps?

Re: [Ntop-misc] Different reported packet rates in cento

] [zc:] [0 > pps/0.00 Gbps][1’960/0/0/512’000 act/exp/drop/max flows][34’004/0 > RX/TX pkt drops][0 TX pps] > 03/Oct/2016 16:59:38 [NetworkInterface.cpp:990] [zc:] [0 > pps/0.00 Gbps][9’583/0/0/512’000 act/exp/drop/max flows][125’445/0 > RX/TX pkt drops][0 TX pps] > 03/Oct/2016

Re: [Ntop-misc] Trouble with Zero Copy Performance

Michael 95% of CPU load is already too much. I would look at the nProbe traces to see if the number of slots, fragments etc are ok. If you do not decrease the Cpu load in case of traffic spikes what you describe is reasonable although not desirable. Please let me know if you can see anything

Re: [Ntop-misc] Even there are 16 child processes, ntopng only uses 2

Sacha, can you please file a ticket on github and attach the current status (# of hosts and flows etc) so we can trck this issue? Luca > On 13 Sep 2016, at 18:32, Sacha Yunusic wrote: > > Hi! > I’m starting to use ntopng that is receiving flows from a Cisco switch 4507 >

Re: [Ntop-misc] nProbe delay.

Gabriel can you please provide a pcap with the flow so I can see what you mean? Luca > On 13 Sep 2016, at 10:22, Gabriel Zamorski wrote: > > Hello, > > I’m using nProbe from yesterday with my WanGuard Flow Sensor. There are logs > on it like this: "Received flow

Re: [Ntop-misc] Analysing just inbound internet traffic with ntopng

Peter analysing only one traffic direction will break (most of) nDPI. Please don;t do that. As you’re asking several questions, I suggest you to file individual issues on https://github.com/ntop/ntopng/issues so we can answer one by one Luca > On 29 Aug 2016, at 23:36, Peter Shute

Re: [Ntop-misc] 100GbE Network Adapters

gt; Thanks > > On Wed, Aug 24, 2016 at 2:03 PM, Luca Deri <d...@ntop.org > <mailto:d...@ntop.org>> wrote: > Robert > we currently support > 1. Napatech 100G > 2. Accolade 100G > 3. Intel FM10K (see > http://www.silicom-usa.com/100_

Re: [Ntop-misc] 100GbE Network Adapters

Robert we currently support 1. Napatech 100G 2. Accolade 100G 3. Intel FM10K (see http://www.silicom-usa.com/100_Gigabit_Dual_Port_NIC_PE3100G2DQiRL_96) 4. InveaTech/Netcope We have limited mellanox support (see https://github.com/ntop/PF_RING/blob/dev/userland/lib/pfring_mod_mlx.c) as we have

Re: [Ntop-misc] What does the nprobe --nf parameter do?

Thanks for reporting the problem. This needs to be fixed as you pointed out Regards Luca Sent from my iPad > On 18 Aug 2016, at 01:10, Peter Shute wrote: > > I believe I have solved this myself. To elaborate, page 44 in the current > nProbe_UserGuide.pdf lists sample

Re: [Ntop-misc] Collecting NetFlow data with nprobe

g dumped, but I'll check. > > Sent from my iPad > >> On 17 Aug 2016, at 6:54 PM, Luca Deri <d...@ntop.org> wrote: >> >> Peter >> please file an issue on https://github.com/ntop/nProbe/issues and attach a >> pcap file. I need to see what nprobe is rec

Re: [Ntop-misc] Collecting NetFlow data with nprobe

Peter please file an issue on https://github.com/ntop/nProbe/issues and attach a pcap file. I need to see what nprobe is receiving before commenting. Please make sure you also add “-i none” Thanks Luca > On 17 Aug 2016, at 04:17, Peter Shute wrote: > > I still haven't made

Re: [Ntop-misc] cento flow template

Issue closed: implemented Regards Luca > On 20 Jul 2016, at 14:00, Jeremy Ashton <jeremy.ash...@shopify.com> wrote: > > Issue created. https://github.com/ntop/nProbe/issues/85 > > Thanks. > > On Wed, Jul 20, 2016 at 4:06 AM, Luca Deri <d...@ntop.org> wrot

Re: [Ntop-misc] How to Include Agent ID Field in MySQL SFlow Records?

Dennis please add to your template (-T) these IEs (or just IPv4 if your exporter is via IPv4) [130] %EXPORTER_IPV4_ADDRESS %exporterIPv4Address Exporter IPv4 Address [131] %EXPORTER_IPV6_ADDRESS %exporterIPv6Address Exporter IPv6 Address Cheers Luca > On 15 Jul

Re: [Ntop-misc] cento flow template

Jeremy the idea of cento is to make it fast and thus have some limited NetFlow configurability, to avoid spending time handling custom templates. If adding Mac address is all you need, we can do that as it’s relatively simple. Please file an issue on https://github.com/ntop/nProbe/issues

Re: [Ntop-misc] cento netflow v9 generation problems

Jeremy this has been fixed already: please update your cento copy Regards Luca > On 19 Jul 2016, at 18:53, Jeremy Ashton wrote: > > Wanted to start playing more with cento, but have been running into > the following problem: > > sudo /usr/local/bin/cento -i zc: -C

Re: [Ntop-misc] NT_InfoOpen() failed: NT Service is not started

Jeremy are you using Napatech NICs perhaps? If so, you need to start the napatech services (/opt/napatech….) Cheers Luca > On 13 Jul 2016, at 19:27, Jeremy Ashton wrote: > > Recently when I tried to configure an additional interface I got the > following error: > >

Re: [Ntop-misc] Ouch! Wiped Out My Old OS

option is doing to include wiping out /root and all /home user > This is what we have done yesterday after you reported the issue. Please report if it's now enough. Luca > > folders! > > > On Mon, Jun 6, 2016 at 1:22 PM, Luca Deri <d...@ntop.org > <mail

Re: [Ntop-misc] Nprobe black list network

information > > logo > > > > *De :*ntop-misc-boun...@listgateway.unipi.it > [mailto:ntop-misc-boun...@listgateway.unipi.it] *De la part de* Luca Deri > *Envoyé :* mardi 24 mai 2016 09:02 > *À :* ntop-misc@listgateway.unipi.it > *Objet :* Re: [Ntop-misc] Nprobe blac

Re: [Ntop-misc] Nprobe black list network

Loïc I have just tested and it seems to work for me. What nprobe version are you using? I have tested the latest 7.3 release. Please add a “ “ between the blacklist parameter to make sure the shell does not mess-up. If still not working, please file a bug at

Re: [Ntop-misc] Ouch! Wiped Out My Old OS

Kevin for the nBox a factory reset means to set things like IP address etc. not to wipe the OS. Pur tools are just packages not an OS, so you do noted to modify the OS Regard Luca > On 09 May 2016, at 22:53, Kevin Kleinfelter wrote: > > I didn't RTFM closely enough. I

Re: [Ntop-misc] nProbe and ntopng - Collecting sFlow Data

Karl, can you please add “-b 2” to nProbe to see if flows are properly collected? Please note that we need packet samples in sflows (not just bytes and counters) Regard Luca > On 06 May 2016, at 09:35, Karl van der Schyff wrote: > > Hello > > I have been trying to get

Re: [Ntop-misc] Nprobe and Omniswitch

Timo, please file a bug on github and attach a pcap file with some flows so we can see what’s the problem Thanks Luca > On 23 Apr 2016, at 19:04, Timo Ylikännö wrote: > > Hi > > After many days of tweaking it seems to me that nprobe does not work with > Alcatel Omniswitch

Re: [Ntop-misc] pf_ring hardware filter question

Chris you can set rules via the PF_RING API: did you see https://github.com/ntop/PF_RING/blob/dev/userland/examples/pffilter_test.c ? Regards Luca > On 30 Mar 2016, at 21:12, Clark, Erik J wrote: > > All; > I am trying to filter out tcp and udp traffic at the kernel

Re: [Ntop-misc] Current most production-ready PF_RING

Andrew yes it is the stable branch Luca On 03/29/2016 12:44 PM, Andrew Howard wrote: > > Hi All, > > We've been using a snapshot of the git master head (taken 12th Nov > 2015), and would now like to deploy the current most stable and > production-ready version. > > Would this be the 6.2.0-stable

Re: [Ntop-misc] nprobe packaging - missing dependency

Carsten can you please try again with the new package just built? Luca On 03/22/2016 05:31 PM, InterNetX - Carsten Schoene wrote: > Hi, > > nprobe package from rpm stable repo is missing dependency to > libnetfilter_queue on Centos 7. > > host:~$ nprobe --version > nprobe: error while loading

Re: [Ntop-misc] nprobe install on centos

Hi Eduardo the library should be installed as dependency. What is the version you are installing the stable or dev? Luca > On 09 Mar 2016, at 16:35, Eduardo wrote: > > Hi Folks, > > I am on centos 6.7 64bit, installed the nprobe binary but it's missing > a library: > >

Re: [Ntop-misc] Support for Python

> return 404. > > Regards, > > Ajit > > On Thu, Feb 25, 2016 at 1:12 AM, Luca Deri <d...@ntop.org > <mailto:d...@ntop.org>> wrote: > > Ajit > support for Python where? > > Luca > > > On 02/25/2016 10:07 AM, Ajit Sarnaik wrote: >

Re: [Ntop-misc] Is it possible to disable pf_ring.ko from being loaded by ntopng or nprobe upon invokation

> On 28 Jan 2016, at 03:48, Morgan Yang wrote: > > Hi: > > Ntopng and Nprobe would "insmod pf_ring.ko" upon starting. Is there a command > line or configuration option to disable that? > > Currently, we wish to disable until a pending feature requests are >

Re: [Ntop-misc] Nprobe Dump max file size of 1.6 MB

Hi Ohad, did you try this max-log-lines| Maximum number of lines on a dump file. Default: 1. Regards Luca > On 19 Jan 2016, at 06:42, Ohad Kleinman wrote: > > We are utilizing nProbe Pro v.7.3.160104 ($Revision: 4767 $) on Ubuntu, the > main purpose

Re: [Ntop-misc] Suricata and PF_RING ZC

Hi Mark, the problem you reported should have been fixed in the current PF_RING that is in git: please update. We have sent to OISF people various patches some of which have been included in their repository and others are pending since months (e.g. we have implemented IPS mode over PF_RING,

Re: [Ntop-misc] nprobe and Cisco 4948E Netflow-Lite

Hi Andrey you do not need to do "--interpret-flow-packets --debug” as this are only for debugging. For NFlite you need to use the NFlite plugin (as NFLite flows are called NetFlow…. but the name is misleading), so something like nprobe -i none --nflite 2055 -b 2 Cheers Luca > On 11 Jan

Re: [Ntop-misc] User Agent ntopng

Spencer, this is something that will happen soon, but that is not yet implemented. Likely next week we will integrate HTTP (URL and Host) and DNS (query) support. I have opened an issue you can track - https://github.com/ntop/ntopng/issues/346 - https://github.com/ntop/ntopng/issues/347 -

Re: [Ntop-misc] n2disk

Hi Mark, we have fixed the dependency and a new package is currently being build (it will be available within 20 mins) Regards Luca > On 31 Dec 2015, at 04:03, Mark Stingley wrote: > > I attempted to install n2disk on an AMD64 Debian Jessie system via: > >

Re: [Ntop-misc] nprobe support for Cisco WLC netflow export

Hi Yasser, please file an issue request on https://github.com/ntop/nProbe/issues, attach a pcap file (flows + templates) full packet size, and we’ll see what we can do. Please also specify also the whole command line you have used to start nProbe Thanks Luca > On 29 Dec 2015, at 10:39, Yasser

Re: [Ntop-misc] How can I output the traffic log from nDPI?

Yes > On 22 Dec 2015, at 11:50, James Cheng <jih...@gmail.com> wrote: > > Thanks Luca, > But we would like to extract the application, such as skype. Can ntopng or > nProbe do that? > Cheers, > James > > On Tue, Dec 22, 2015 at 6:43 PM, Luca Deri <d...@ntop.

Re: [Ntop-misc] How can I output the traffic log from nDPI?

James ntopng or nProbe do that Luca > On 22 Dec 2015, at 11:31, James Cheng wrote: > > Dears, > > I would like to output the traffic log from nDPI. Is it possible? and How to > do that? > The output log might include the source ip, destination ip, protocol, > destination

Re: [Ntop-misc] run nprobe as a linux service

Dieter I believe you are using a custom startup script Please use our init.d file that it expects a config files with the following format -T= -n=none If you want to avoid headache, please use the nbox configuration GUI Regards Luca Sent from my iPad > On 21 Dec 2015, at 15:30,

Re: [Ntop-misc] Complex Proxy Config

> On 18 Dec 2015, at 17:04, Erik Schmersal wrote: > > I am interested in ways to set up a complex proxy config as follows: > > Router 1 exports flows on port 2055, I would like to proxy them to collector > A as version 5, collector B as version 9 and collector C as version

Re: [Ntop-misc] Tunnel option applied only for 25% of packets

Hi Gregoire, please file a bug on https://github.com/ntop/nProbe and attach a pcap file for reproducing it Regards Luca > On 17 Dec 2015, at 15:21, gregoire.le...@retenodus.net wrote: > > Hello, > > I want to test nprobe stable on CentOS6 (v.7.2.151211) and I

Re: [Ntop-misc] how to correct the direction of long-lived tcp connection

Alan, unfortunately nprobe does not offer other solutions, and it’s your app to do that Regards Luca > On 15 Dec 2015, at 11:06, Wang wrote: > > Dear all, > nprobe will consider the first packet it observes with the direction of src > --> dst if no packet with SYN flag

Re: [Ntop-misc] ntopng active flows for network element says No Results Found

Ohad, (said that you better move this issue to github for tracking issues) can you please check the browser javascript console and see if the .lua file that returns the JSON to the page does not contain errors? Regards Luca > On 14 Dec 2015, at 16:59, Ohad Kleinman wrote: >

Re: [Ntop-misc] nProbe big log file with elastic search

nipi.it > <mailto:ntop-misc-boun...@listgateway.unipi.it> > [mailto:ntop-misc-boun...@listgateway.unipi.it > <mailto:ntop-misc-boun...@listgateway.unipi.it>] *On Behalf Of *Luca Deri > *Sent:* Wednesday, December 02, 2015 9:37 AM > *To:* ntop-misc@listgateway.unipi.it >

Re: [Ntop-misc] nProbe big log file with elastic search

t; > From: ntop-misc-boun...@listgateway.unipi.it > <mailto:ntop-misc-boun...@listgateway.unipi.it> > [mailto:ntop-misc-boun...@listgateway.unipi.it > <mailto:ntop-misc-boun...@listgateway.unipi.it>] On Behalf Of Luca Deri > Sent: Sunday, November 29, 2015 12:22 PM

Re: [Ntop-misc] nProbe big log file with elastic search

@listgateway.unipi.it> > [mailto:ntop-misc-boun...@listgateway.unipi.it > <mailto:ntop-misc-boun...@listgateway.unipi.it>] On Behalf Of Luca Deri > Sent: Monday, November 23, 2015 2:59 PM > To: ntop-misc@listgateway.unipi.it <mailto:ntop-misc@listgateway.unipi.it> >

Re: [Ntop-misc] ntopng remove syslog

ng > to write to a log locally on the system. But I wish to configure it to log to > a syslog collector elsewhere. For nprobe, there is a "--syslog" option, but I > don't see in the man page for ntopng. > > Morgan > > On Fri, Nov 27, 2015 at 10:42 AM, Luca Deri <d...@n

Re: [Ntop-misc] nProbe big log file with elastic search

Hi Ohad, is this file on the ElasticSearch side right? Regards Luca > On 18 Nov 2015, at 15:34, Ohad Kleinman wrote: > > Hi, > We are using nProbe with the option of writing all flows into elastic search, > the nprobe-e...@0.log file is becoming

Re: [Ntop-misc] Steps required to compile nDPI for MIPS

Prateek, I compile as usual ./configure + make on MIPS. I am not familiar with cross-compilers that you seem to use instead. Regards Luca > On 19 Nov 2015, at 13:32, PRATEEK MOHANTY > wrote: > > Hi, > > I am trying to compile nDPI package for MIPS

Re: [Ntop-misc] The new guy on the block

Sacha, if nprobe is used as collector do nprobe -n none -i none -3 2055 --zmq “tcp://*:5888 ” Regards Luca > On 15 Nov 2015, at 21:13, Sacha Yunusic wrote: > > Hi there, > I’m starting using ntopng and nprobe and we want to use it in production, so > I’m in the learning

Re: [Ntop-misc] help on plugging in nDPI to Yet Another Flowmeter YAF

Hi Manickam, we're not familiar (from the programming point of view) of YAF, but if you have questions on nDPI please feel free to ask Regards Luca On 10/26/2015 08:27 AM, Manickam wrote: > Hi, > > I am using YAF as a flow generator and figured out that DPI engine > inbuilt in YAF is not as

Re: [Ntop-misc] Nprobe http plugin dump

Ohad, this is not possible as the format of the http dump is fixes. Please send me a pcap dump as example, file a bug on github, as we’ll follow up Regards Luca > On 11 Oct 2015, at 14:58, Ohad Kleinman wrote: > > Hi, > We have installed nProbe v.7.2.150922 (r4468) on ubuntu

Re: [Ntop-misc] Cisco ASA V9 flows into elasticsearch

Victor inserting them in ELK is not different from collector to probe mode. The thing is that we transform ASA flows into the template specified by -T and thus you will not see a 1:1 correspondence between collected and stored flows in ELK Luca On 10/07/2015 03:20 PM, Victor Castro wrote: >

  1   2   3   4   5   6   7   >