Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NTop>
  3. Misc
nprobe on Ubiquiti EdgeRouter
surajrai at icloud
Sep 2, 2016, 11:42 AM
Post #1 of 5 (2035 views)
Permalink
Hi,

I have a 5 port POE Ubiquiti EdgeRouter. eth0 and eth1 are connected to external ISPs and is configured in redundant setup with eth0 as primary. eth2,3,4 are configured as a switch (router has hardware support for these 3 ports) with interface switch0.

I setup nprobe listening to either eth0 or switch0 but am not really seeing the traffic I was expecting. For instance, I know I am browsing YouTube on one of my internal machines connected via switch0 but ntopng hardly shows any traffic going through.

Any thoughts on what would be the best way to collect stats going through this router on my network? I want to be in a position to monitor traffic history across every device in my internal network.

nprobe command: nprobe --zmq "tcp://*:5556" -i switch0 -n none
ntopng command: ntopng -i "tcp://192.168.1.1:5556"

Would appreciate any help/suggestions.

Thanks
Re: nprobe on Ubiquiti EdgeRouter [ In reply to ]
deri at ntop
Sep 2, 2016, 12:19 PM
Post #2 of 5 (2031 views)
Permalink
Rai
the command should be correct. I cannot comment on -i switch0 if it’s the right interface, but I would suggest to do -i ethX where ethX is the internet interface.

Please let us know if it works

Regards Luca

> On 02 Sep 2016, at 20:42, Rai Suraj <surajrai@icloud.com> wrote:
>
> Hi,
>
> I have a 5 port POE Ubiquiti EdgeRouter. eth0 and eth1 are connected to external ISPs and is configured in redundant setup with eth0 as primary. eth2,3,4 are configured as a switch (router has hardware support for these 3 ports) with interface switch0.
>
> I setup nprobe listening to either eth0 or switch0 but am not really seeing the traffic I was expecting. For instance, I know I am browsing YouTube on one of my internal machines connected via switch0 but ntopng hardly shows any traffic going through.
>
> Any thoughts on what would be the best way to collect stats going through this router on my network? I want to be in a position to monitor traffic history across every device in my internal network.
>
> nprobe command: nprobe --zmq "tcp://*:5556 <tcp://*:5556>" -i switch0 -n none
> ntopng command: ntopng -i "tcp://192.168.1.1:5556 <tcp://192.168.1.1:5556>"
>
> Would appreciate any help/suggestions.
>
> Thanks
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: nprobe on Ubiquiti EdgeRouter [ In reply to ]
surajrai at icloud
Sep 2, 2016, 12:26 PM
Post #3 of 5 (2030 views)
Permalink
Hi,

The internet interface is eth0. I tried it on eth0 but the traffic reported is relatively light. For e.g. on my internal machine 192.168.1.10 I am watching YouTube 4K video which should push at least 10 mbps traffic to YouTube servers but I don’t see much change on the bandwidth meter (shows about 300K). Mind you, some activity is being reported but not what I would expected.

Thanks

> On 3 Sep 2016, at 3:19 AM, Luca Deri <deri@ntop.org> wrote:
>
> Rai
> the command should be correct. I cannot comment on -i switch0 if it’s the right interface, but I would suggest to do -i ethX where ethX is the internet interface.
>
> Please let us know if it works
>
> Regards Luca
>
>> On 02 Sep 2016, at 20:42, Rai Suraj <surajrai@icloud.com <mailto:surajrai@icloud.com>> wrote:
>>
>> Hi,
>>
>> I have a 5 port POE Ubiquiti EdgeRouter. eth0 and eth1 are connected to external ISPs and is configured in redundant setup with eth0 as primary. eth2,3,4 are configured as a switch (router has hardware support for these 3 ports) with interface switch0.
>>
>> I setup nprobe listening to either eth0 or switch0 but am not really seeing the traffic I was expecting. For instance, I know I am browsing YouTube on one of my internal machines connected via switch0 but ntopng hardly shows any traffic going through.
>>
>> Any thoughts on what would be the best way to collect stats going through this router on my network? I want to be in a position to monitor traffic history across every device in my internal network.
>>
>> nprobe command: nprobe --zmq "tcp://*:5556 <tcp://*:5556>" -i switch0 -n none
>> ntopng command: ntopng -i "tcp://192.168.1.1:5556 <tcp://192.168.1.1:5556>"
>>
>> Would appreciate any help/suggestions.
>>
>> Thanks
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: nprobe on Ubiquiti EdgeRouter [ In reply to ]
deri at ntop
Sep 2, 2016, 12:58 PM
Post #4 of 5 (2035 views)
Permalink
Rai
can you please check if with tcpdump you all the traffic you expect? I think this is the problem. Probably you need to disable the switch (see http://www.ntop.org/nprobe/how-to-build-a-100e-augmented-netflowipfix-probe-ubiquity/)

Regards Luca

> On 02 Sep 2016, at 21:26, Rai Suraj <surajrai@icloud.com> wrote:
>
> Hi,
>
> The internet interface is eth0. I tried it on eth0 but the traffic reported is relatively light. For e.g. on my internal machine 192.168.1.10 I am watching YouTube 4K video which should push at least 10 mbps traffic to YouTube servers but I don’t see much change on the bandwidth meter (shows about 300K). Mind you, some activity is being reported but not what I would expected.
>
> Thanks
>
>> On 3 Sep 2016, at 3:19 AM, Luca Deri <deri@ntop.org <mailto:deri@ntop.org>> wrote:
>>
>> Rai
>> the command should be correct. I cannot comment on -i switch0 if it’s the right interface, but I would suggest to do -i ethX where ethX is the internet interface.
>>
>> Please let us know if it works
>>
>> Regards Luca
>>
>>> On 02 Sep 2016, at 20:42, Rai Suraj <surajrai@icloud.com <mailto:surajrai@icloud.com>> wrote:
>>>
>>> Hi,
>>>
>>> I have a 5 port POE Ubiquiti EdgeRouter. eth0 and eth1 are connected to external ISPs and is configured in redundant setup with eth0 as primary. eth2,3,4 are configured as a switch (router has hardware support for these 3 ports) with interface switch0.
>>>
>>> I setup nprobe listening to either eth0 or switch0 but am not really seeing the traffic I was expecting. For instance, I know I am browsing YouTube on one of my internal machines connected via switch0 but ntopng hardly shows any traffic going through.
>>>
>>> Any thoughts on what would be the best way to collect stats going through this router on my network? I want to be in a position to monitor traffic history across every device in my internal network.
>>>
>>> nprobe command: nprobe --zmq "tcp://*:5556 <tcp://*:5556>" -i switch0 -n none
>>> ntopng command: ntopng -i "tcp://192.168.1.1:5556 <tcp://192.168.1.1:5556>"
>>>
>>> Would appreciate any help/suggestions.
>>>
>>> Thanks
>>>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: nprobe on Ubiquiti EdgeRouter [ In reply to ]
surajrai at icloud
Sep 3, 2016, 12:37 AM
Post #5 of 5 (2031 views)
Permalink
Thank you. It looks like this is the issue. Unfortunately does not work for me as this has pretty severe penalty on performance and also will not allow me redundant WAN connections.

> On 3 Sep 2016, at 3:58 AM, Luca Deri <deri@ntop.org> wrote:
>
> Rai
> can you please check if with tcpdump you all the traffic you expect? I think this is the problem. Probably you need to disable the switch (see http://www.ntop.org/nprobe/how-to-build-a-100e-augmented-netflowipfix-probe-ubiquity/ <http://www.ntop.org/nprobe/how-to-build-a-100e-augmented-netflowipfix-probe-ubiquity/>)
>
> Regards Luca
>
>> On 02 Sep 2016, at 21:26, Rai Suraj <surajrai@icloud.com <mailto:surajrai@icloud.com>> wrote:
>>
>> Hi,
>>
>> The internet interface is eth0. I tried it on eth0 but the traffic reported is relatively light. For e.g. on my internal machine 192.168.1.10 I am watching YouTube 4K video which should push at least 10 mbps traffic to YouTube servers but I don’t see much change on the bandwidth meter (shows about 300K). Mind you, some activity is being reported but not what I would expected.
>>
>> Thanks
>>
>>> On 3 Sep 2016, at 3:19 AM, Luca Deri <deri@ntop.org <mailto:deri@ntop.org>> wrote:
>>>
>>> Rai
>>> the command should be correct. I cannot comment on -i switch0 if it’s the right interface, but I would suggest to do -i ethX where ethX is the internet interface.
>>>
>>> Please let us know if it works
>>>
>>> Regards Luca
>>>
>>>> On 02 Sep 2016, at 20:42, Rai Suraj <surajrai@icloud.com <mailto:surajrai@icloud.com>> wrote:
>>>>
>>>> Hi,
>>>>
>>>> I have a 5 port POE Ubiquiti EdgeRouter. eth0 and eth1 are connected to external ISPs and is configured in redundant setup with eth0 as primary. eth2,3,4 are configured as a switch (router has hardware support for these 3 ports) with interface switch0.
>>>>
>>>> I setup nprobe listening to either eth0 or switch0 but am not really seeing the traffic I was expecting. For instance, I know I am browsing YouTube on one of my internal machines connected via switch0 but ntopng hardly shows any traffic going through.
>>>>
>>>> Any thoughts on what would be the best way to collect stats going through this router on my network? I want to be in a position to monitor traffic history across every device in my internal network.
>>>>
>>>> nprobe command: nprobe --zmq "tcp://*:5556 <tcp://*:5556>" -i switch0 -n none
>>>> ntopng command: ntopng -i "tcp://192.168.1.1:5556 <tcp://192.168.1.1:5556>"
>>>>
>>>> Would appreciate any help/suggestions.
>>>>
>>>> Thanks
>>>>
>>>> _______________________________________________
>>>> Ntop-misc mailing list
>>>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal