Mailing List Archive

Khurram

Can you please post configurations used in both setups?

On Fri, Mar 31, 2017 at 8:46 AM, Shahzada Khurram <khurram@iub.edu.pk>
wrote:

> Hi,
> I have installed both nprobe and ntopng at ubuntu 16.04. i want to
> capture traffic on the same server on eth1 for research experimental
> purpose. but the problem is when i run ntopng as interdependent its working
> fine and capturing the packet. but when i run ntopng as collector with
> nprobe. nprobe not capturing traffic. is there any special setting for
> nprobe. please help me for this regard.
>
> --
>
> *Thanks & Regards,*
>
> * Khurram*
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>

hi Simone,
thanks for reply please find below detail configuration,
all configuration done by nbox web Gui mode. .
1. independently ntopng working fine and traffic capturing working fine
2. When we configure nprobe ( probe) with ntopng ( collector ) its not
working.

(ntopng log )

31/Mar/2017 22:17:32 Scripts/HTML pages directory: /usr/share/ntopng
31/Mar/2017 22:17:32 Welcome to ntopng x86_64 v.2.4.170215 - (C) 1998-2016
ntop.org
31/Mar/2017 22:17:32 Built on Ubuntu 16.04.1 LTS
31/Mar/2017 22:17:32 Started periodic activities loop...
31/Mar/2017 22:17:32 Dumping alerts into syslog
31/Mar/2017 22:17:32 [LICENSE] ntopng systemId: 3BD34B1A00660F0E
31/Mar/2017 22:17:32 [LICENSE] ntopng license: 50FB086D8E0007E9944AAF3C6
31/Mar/2017 22:17:32 [LICENSE] Maintenance is available until Thu Mar 29
01:48:45 2018 [362 days left]
31/Mar/2017 22:17:32 Started packet polling on interface tcp://
127.0.0.1:5556 [id: 4]...
31/Mar/2017 22:17:32 Collecting flows on tcp://127.0.0.1:5556
[nprobe->ntopng]

(nprobe log)

31/Mar/2017 22:19:07 Each flow is 63 bytes long
31/Mar/2017 22:19:07 The # packets per flow has been set to 22
31/Mar/2017 22:19:07 Non IPv4/v6 traffic is discarded according to the
template
31/Mar/2017 22:19:07 GeoIP: loaded AS config file
/usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
31/Mar/2017 22:19:07 GeoIP: loaded AS IPv6 config file
/usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
31/Mar/2017 22:19:07 WARNING: Your template ignores IP addresses: your
collector might ignore these flows.
31/Mar/2017 22:19:07 Using packet capture length 128
31/Mar/2017 22:19:07 Capturing packets from interface eth1 [snaplen: 128
bytes]
31/Mar/2017 22:19:07 nProbe changed user to 'nobody'
31/Mar/2017 22:19:07 nProbe started successfully

(nprobe-eth1-conf)

-n=tcp://127.0.0.1:5556
-i=eth1
-s=128
-t=60
-d=60
-a=0
-e=1
-B=10
-w=128000
-z=0
-S=1:1
-E=0:0
-g=/var/run/nprobe-eth1.pid
-p=1/0/0/0/0/1
--zmq-probe-mode
--vlanid-as-iface-idx=none
-T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT
%IPV4_SRC_ADDR %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP
%LAST_SWITCHED %FIRST_SWITCHED
-V=9
--dump-stats=/var/log/nprobe/eth1-0_flows_stats.txt


The scenario is

eth1 ----> nprobe (probe-Packet capturing on eth1) ------>ntopng (
collector) ( all configuration on single machine)

Problem: nprobe not capturing traffic.

thanks in advance.. if you need further information letme know


khurram



On Fri, Mar 31, 2017 at 3:51 PM, Simone Mainardi <mainardi@ntop.org> wrote:

> Khurram
>
> Can you please post configurations used in both setups?
>
> On Fri, Mar 31, 2017 at 8:46 AM, Shahzada Khurram <khurram@iub.edu.pk>
> wrote:
>
>> Hi,
>> I have installed both nprobe and ntopng at ubuntu 16.04. i want to
>> capture traffic on the same server on eth1 for research experimental
>> purpose. but the problem is when i run ntopng as interdependent its working
>> fine and capturing the packet. but when i run ntopng as collector with
>> nprobe. nprobe not capturing traffic. is there any special setting for
>> nprobe. please help me for this regard.
>>
>> --
>>
>> *Thanks & Regards,*
>>
>> * Khurram*
>>
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>



--

Hi Shahzada,
can you please submit an issue on ntopng’s github page so we can track this issue?

Luca

> On 1 Apr 2017, at 07:24, Shahzada Khurram <khurram@iub.edu.pk> wrote:
>
> hi Simone,
> thanks for reply please find below detail configuration, all configuration done by nbox web Gui mode. .
> 1. independently ntopng working fine and traffic capturing working fine
> 2. When we configure nprobe ( probe) with ntopng ( collector ) its not working.
>
> (ntopng log )
>
> 31/Mar/2017 22:17:32 Scripts/HTML pages directory: /usr/share/ntopng
> 31/Mar/2017 22:17:32 Welcome to ntopng x86_64 v.2.4.170215 - (C) 1998-2016 ntop.org <http://ntop.org/>
> 31/Mar/2017 22:17:32 Built on Ubuntu 16.04.1 LTS
> 31/Mar/2017 22:17:32 Started periodic activities loop...
> 31/Mar/2017 22:17:32 Dumping alerts into syslog
> 31/Mar/2017 22:17:32 [LICENSE] ntopng systemId: 3BD34B1A00660F0E
> 31/Mar/2017 22:17:32 [LICENSE] ntopng license: 50FB086D8E0007E9944AAF3C6
> 31/Mar/2017 22:17:32 [LICENSE] Maintenance is available until Thu Mar 29 01:48:45 2018 [362 days left]
> 31/Mar/2017 22:17:32 Started packet polling on interface tcp://127.0.0.1:5556 <http://127.0.0.1:5556/> [id: 4]...
> 31/Mar/2017 22:17:32 Collecting flows on tcp://127.0.0.1:5556 <http://127.0.0.1:5556/> [nprobe->ntopng]
>
> (nprobe log)
>
> 31/Mar/2017 22:19:07 Each flow is 63 bytes long
> 31/Mar/2017 22:19:07 The # packets per flow has been set to 22
> 31/Mar/2017 22:19:07 Non IPv4/v6 traffic is discarded according to the template
> 31/Mar/2017 22:19:07 GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
> 31/Mar/2017 22:19:07 GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
> 31/Mar/2017 22:19:07 WARNING: Your template ignores IP addresses: your collector might ignore these flows.
> 31/Mar/2017 22:19:07 Using packet capture length 128
> 31/Mar/2017 22:19:07 Capturing packets from interface eth1 [snaplen: 128 bytes]
> 31/Mar/2017 22:19:07 nProbe changed user to 'nobody'
> 31/Mar/2017 22:19:07 nProbe started successfully
>
> (nprobe-eth1-conf)
>
> -n=tcp://127.0.0.1:5556 <http://127.0.0.1:5556/>
> -i=eth1
> -s=128
> -t=60
> -d=60
> -a=0
> -e=1
> -B=10
> -w=128000
> -z=0
> -S=1:1
> -E=0:0
> -g=/var/run/nprobe-eth1.pid
> -p=1/0/0/0/0/1
> --zmq-probe-mode
> --vlanid-as-iface-idx=none
> -T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT %IPV4_SRC_ADDR %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP %LAST_SWITCHED %FIRST_SWITCHED
> -V=9
> --dump-stats=/var/log/nprobe/eth1-0_flows_stats.txt
>
>
> The scenario is
>
> eth1 ----> nprobe (probe-Packet capturing on eth1) ------>ntopng ( collector) ( all configuration on single machine)
>
> Problem: nprobe not capturing traffic.
>
> thanks in advance.. if you need further information letme know
>
>
> khurram
>
>
>
> On Fri, Mar 31, 2017 at 3:51 PM, Simone Mainardi <mainardi@ntop.org <mailto:mainardi@ntop.org>> wrote:
> Khurram
>
> Can you please post configurations used in both setups?
>
> On Fri, Mar 31, 2017 at 8:46 AM, Shahzada Khurram <khurram@iub.edu.pk <mailto:khurram@iub.edu.pk>> wrote:
> Hi,
> I have installed both nprobe and ntopng at ubuntu 16.04. i want to capture traffic on the same server on eth1 for research experimental purpose. but the problem is when i run ntopng as interdependent its working fine and capturing the packet. but when i run ntopng as collector with nprobe. nprobe not capturing traffic. is there any special setting for nprobe. please help me for this regard.
>
> --
> Thanks & Regards,
>
> Khurram
>
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>
>
>
> --
>
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Hi,

On Sat, Apr 1, 2017 at 7:24 AM, Shahzada Khurram <khurram@iub.edu.pk> wrote:

> hi Simone,
> thanks for reply please find below detail configuration,
> all configuration done by nbox web Gui mode. .
> 1. independently ntopng working fine and traffic capturing working fine
> 2. When we configure nprobe ( probe) with ntopng ( collector ) its not
> working.
>
> (ntopng log )
>
> 31/Mar/2017 22:17:32 Scripts/HTML pages directory: /usr/share/ntopng
> 31/Mar/2017 22:17:32 Welcome to ntopng x86_64 v.2.4.170215 - (C)
> 1998-2016 ntop.org
> 31/Mar/2017 22:17:32 Built on Ubuntu 16.04.1 LTS
> 31/Mar/2017 22:17:32 Started periodic activities loop...
> 31/Mar/2017 22:17:32 Dumping alerts into syslog
> 31/Mar/2017 22:17:32 [LICENSE] ntopng systemId: 3BD34B1A00660F0E
> 31/Mar/2017 22:17:32 [LICENSE] ntopng license: 50FB086D8E0007E9944AAF3C6
> 31/Mar/2017 22:17:32 [LICENSE] Maintenance is available until Thu Mar 29
> 01:48:45 2018 [362 days left]
> 31/Mar/2017 22:17:32 Started packet polling on interface tcp://
> 127.0.0.1:5556 [id: 4]...
> 31/Mar/2017 22:17:32 Collecting flows on tcp://127.0.0.1:5556
> [nprobe->ntopng]
>
> (nprobe log)
>
> 31/Mar/2017 22:19:07 Each flow is 63 bytes long
> 31/Mar/2017 22:19:07 The # packets per flow has been set to 22
> 31/Mar/2017 22:19:07 Non IPv4/v6 traffic is discarded according to the
> template
> 31/Mar/2017 22:19:07 GeoIP: loaded AS config file
> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
> 31/Mar/2017 22:19:07 GeoIP: loaded AS IPv6 config file
> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
> 31/Mar/2017 22:19:07 WARNING: Your template ignores IP addresses: your
> collector might ignore these flows.
> 31/Mar/2017 22:19:07 Using packet capture length 128
> 31/Mar/2017 22:19:07 Capturing packets from interface eth1 [snaplen: 128
> bytes]
> 31/Mar/2017 22:19:07 nProbe changed user to 'nobody'
> 31/Mar/2017 22:19:07 nProbe started successfully
>
> (nprobe-eth1-conf)
>
> -n=tcp://127.0.0.1:5556
>

this is not OK. Collector should be empty (-n=none) or use another port as
port 5556 is used by ntopng to listen for ZMQ packets.

this option is missing:

--zmq="tcp://127.0.0.1:5556"


> -i=eth1
> -s=128
> -t=60
> -d=60
> -a=0
> -e=1
> -B=10
> -w=128000
> -z=0
> -S=1:1
> -E=0:0
> -g=/var/run/nprobe-eth1.pid
> -p=1/0/0/0/0/1
> --zmq-probe-mode
>

If you want to use nprobe with --zmq-probe-mode then ntopng should be
executed with -i tcp://127.0.0.1:5556c (see the c after the port). Your
ntopng configuration doesn't have that.

--vlanid-as-iface-idx=none
> -T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT
> %IPV4_SRC_ADDR %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP
> %LAST_SWITCHED %FIRST_SWITCHED
> -V=9
> --dump-stats=/var/log/nprobe/eth1-0_flows_stats.txt
>
>
> The scenario is
>
> eth1 ----> nprobe (probe-Packet capturing on eth1) ------>ntopng (
> collector) ( all configuration on single machine)
>
> Problem: nprobe not capturing traffic.
>
> thanks in advance.. if you need further information letme know
>
>
> khurram
>
>
>
> On Fri, Mar 31, 2017 at 3:51 PM, Simone Mainardi <mainardi@ntop.org>
> wrote:
>
>> Khurram
>>
>> Can you please post configurations used in both setups?
>>
>> On Fri, Mar 31, 2017 at 8:46 AM, Shahzada Khurram <khurram@iub.edu.pk>
>> wrote:
>>
>>> Hi,
>>> I have installed both nprobe and ntopng at ubuntu 16.04. i want to
>>> capture traffic on the same server on eth1 for research experimental
>>> purpose. but the problem is when i run ntopng as interdependent its working
>>> fine and capturing the packet. but when i run ntopng as collector with
>>> nprobe. nprobe not capturing traffic. is there any special setting for
>>> nprobe. please help me for this regard.
>>>
>>> --
>>>
>>> *Thanks & Regards,*
>>>
>>> * Khurram*
>>>
>>>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> Ntop-misc@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>
>>
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>
>
>
> --
>
>
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>

hi,
below is my nprobe-eth1.conf information . i did as you mention but
still not working. Sir i told you that problem is ( nprobe) not capturing
packets on eth1.

My scenario is very simple i just want traffic capturing on eth1 interface
through nprobe ( probe) and sent this traffic flows to collector (ntopng)
for analysis. Again i mention here nprobe not capturing traffic on
interface eth1. ( all i did on same machine)

-n=none
-i=eth1
-s=128
-t=60
-d=60
-a=0
-e=1
-B=10
-w=128000
-z=0
-S=1:1
-E=0:0
-g=/var/run/nprobe-eth1.pid
-p=1/0/0/0/0/1
--zmq=tcp://127.0.0.1:5556
--vlanid-as-iface-idx=none
-T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT
%IPV4_SRC_ADDR %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP
%LAST_SWITCHED %FIRST_SWITCHED
-V=9
--dump-stats=/var/log/nprobe/eth1-0_flows_stats.txt

On Sat, Apr 1, 2017 at 5:49 PM, Simone Mainardi <mainardi@ntop.org> wrote:

> Hi,
>
> On Sat, Apr 1, 2017 at 7:24 AM, Shahzada Khurram <khurram@iub.edu.pk>
> wrote:
>
>> hi Simone,
>> thanks for reply please find below detail configuration,
>> all configuration done by nbox web Gui mode. .
>> 1. independently ntopng working fine and traffic capturing working fine
>> 2. When we configure nprobe ( probe) with ntopng ( collector ) its not
>> working.
>>
>> (ntopng log )
>>
>> 31/Mar/2017 22:17:32 Scripts/HTML pages directory: /usr/share/ntopng
>> 31/Mar/2017 22:17:32 Welcome to ntopng x86_64 v.2.4.170215 - (C)
>> 1998-2016 ntop.org
>> 31/Mar/2017 22:17:32 Built on Ubuntu 16.04.1 LTS
>> 31/Mar/2017 22:17:32 Started periodic activities loop...
>> 31/Mar/2017 22:17:32 Dumping alerts into syslog
>> 31/Mar/2017 22:17:32 [LICENSE] ntopng systemId: 3BD34B1A00660F0E
>> 31/Mar/2017 22:17:32 [LICENSE] ntopng license: 50FB086D8E0007E9944AAF3C6
>> 31/Mar/2017 22:17:32 [LICENSE] Maintenance is available until Thu Mar 29
>> 01:48:45 2018 [362 days left]
>> 31/Mar/2017 22:17:32 Started packet polling on interface tcp://
>> 127.0.0.1:5556 [id: 4]...
>> 31/Mar/2017 22:17:32 Collecting flows on tcp://127.0.0.1:5556
>> [nprobe->ntopng]
>>
>> (nprobe log)
>>
>> 31/Mar/2017 22:19:07 Each flow is 63 bytes long
>> 31/Mar/2017 22:19:07 The # packets per flow has been set to 22
>> 31/Mar/2017 22:19:07 Non IPv4/v6 traffic is discarded according to the
>> template
>> 31/Mar/2017 22:19:07 GeoIP: loaded AS config file
>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
>> 31/Mar/2017 22:19:07 GeoIP: loaded AS IPv6 config file
>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
>> 31/Mar/2017 22:19:07 WARNING: Your template ignores IP addresses: your
>> collector might ignore these flows.
>> 31/Mar/2017 22:19:07 Using packet capture length 128
>> 31/Mar/2017 22:19:07 Capturing packets from interface eth1 [snaplen: 128
>> bytes]
>> 31/Mar/2017 22:19:07 nProbe changed user to 'nobody'
>> 31/Mar/2017 22:19:07 nProbe started successfully
>>
>> (nprobe-eth1-conf)
>>
>> -n=tcp://127.0.0.1:5556
>>
>
> this is not OK. Collector should be empty (-n=none) or use another port as
> port 5556 is used by ntopng to listen for ZMQ packets.
>
> this option is missing:
>
> --zmq="tcp://127.0.0.1:5556"
>
>
>> -i=eth1
>> -s=128
>> -t=60
>> -d=60
>> -a=0
>> -e=1
>> -B=10
>> -w=128000
>> -z=0
>> -S=1:1
>> -E=0:0
>> -g=/var/run/nprobe-eth1.pid
>> -p=1/0/0/0/0/1
>> --zmq-probe-mode
>>
>
> If you want to use nprobe with --zmq-probe-mode then ntopng should be
> executed with -i tcp://127.0.0.1:5556c (see the c after the port). Your
> ntopng configuration doesn't have that.
>
> --vlanid-as-iface-idx=none
>> -T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT
>> %IPV4_SRC_ADDR %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP
>> %LAST_SWITCHED %FIRST_SWITCHED
>> -V=9
>> --dump-stats=/var/log/nprobe/eth1-0_flows_stats.txt
>>
>>
>> The scenario is
>>
>> eth1 ----> nprobe (probe-Packet capturing on eth1) ------>ntopng (
>> collector) ( all configuration on single machine)
>>
>> Problem: nprobe not capturing traffic.
>>
>> thanks in advance.. if you need further information letme know
>>
>>
>> khurram
>>
>>
>>
>> On Fri, Mar 31, 2017 at 3:51 PM, Simone Mainardi <mainardi@ntop.org>
>> wrote:
>>
>>> Khurram
>>>
>>> Can you please post configurations used in both setups?
>>>
>>> On Fri, Mar 31, 2017 at 8:46 AM, Shahzada Khurram <khurram@iub.edu.pk>
>>> wrote:
>>>
>>>> Hi,
>>>> I have installed both nprobe and ntopng at ubuntu 16.04. i want to
>>>> capture traffic on the same server on eth1 for research experimental
>>>> purpose. but the problem is when i run ntopng as interdependent its working
>>>> fine and capturing the packet. but when i run ntopng as collector with
>>>> nprobe. nprobe not capturing traffic. is there any special setting for
>>>> nprobe. please help me for this regard.
>>>>
>>>> --
>>>>
>>>> *Thanks & Regards,*
>>>>
>>>> * Khurram*
>>>>
>>>>
>>>> _______________________________________________
>>>> Ntop-misc mailing list
>>>> Ntop-misc@listgateway.unipi.it
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>>
>>>
>>>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> Ntop-misc@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>
>>
>>
>>
>> --
>>
>>
>>
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>



--

*Thanks & Regards,*

*Shahzada Khurram* | *Cell* # *0* | *Email* : *khurram@iub.edu.pk
<khurram@iub.edu.pk>*

hi,
My scenario is very simple and all configuration on single machine i
have done.

Scenario 1 : Stand alone ntopng for packet capturing and analysis

|-------------------------------------------------------------------------------------------|
|
|
| eth1
------------------------------------------------------> ntopng
| Packet capturing and ntopng working fine.
|
|

|-------------------------------------------------------------------------------------------|

Scenario 2 : nprobe for packet capturing and forward flows to ntopng for
analysis purpose

|--------------------------------------------------------------------------------------------|
|
|
| eth1 ---------------------> nprobe
-----------------------> ntopng | nprobe not capturing
packets
|
|

|--------------------------------------------------------------------------------------------|

( because its not capturing packets therefore its not forwarding flows to
ntopng so the problem is nprobe.) which is not capturing packets

Problem with nprobe.

Please help me on this regards.

Khurram


On Sat, Apr 1, 2017 at 5:49 PM, Simone Mainardi <mainardi@ntop.org> wrote:

> Hi,
>
> On Sat, Apr 1, 2017 at 7:24 AM, Shahzada Khurram <khurram@iub.edu.pk>
> wrote:
>
>> hi Simone,
>> thanks for reply please find below detail configuration,
>> all configuration done by nbox web Gui mode. .
>> 1. independently ntopng working fine and traffic capturing working fine
>> 2. When we configure nprobe ( probe) with ntopng ( collector ) its not
>> working.
>>
>> (ntopng log )
>>
>> 31/Mar/2017 22:17:32 Scripts/HTML pages directory: /usr/share/ntopng
>> 31/Mar/2017 22:17:32 Welcome to ntopng x86_64 v.2.4.170215 - (C)
>> 1998-2016 ntop.org
>> 31/Mar/2017 22:17:32 Built on Ubuntu 16.04.1 LTS
>> 31/Mar/2017 22:17:32 Started periodic activities loop...
>> 31/Mar/2017 22:17:32 Dumping alerts into syslog
>> 31/Mar/2017 22:17:32 [LICENSE] ntopng systemId: 3BD34B1A00660F0E
>> 31/Mar/2017 22:17:32 [LICENSE] ntopng license: 50FB086D8E0007E9944AAF3C6
>> 31/Mar/2017 22:17:32 [LICENSE] Maintenance is available until Thu Mar 29
>> 01:48:45 2018 [362 days left]
>> 31/Mar/2017 22:17:32 Started packet polling on interface tcp://
>> 127.0.0.1:5556 [id: 4]...
>> 31/Mar/2017 22:17:32 Collecting flows on tcp://127.0.0.1:5556
>> [nprobe->ntopng]
>>
>> (nprobe log)
>>
>> 31/Mar/2017 22:19:07 Each flow is 63 bytes long
>> 31/Mar/2017 22:19:07 The # packets per flow has been set to 22
>> 31/Mar/2017 22:19:07 Non IPv4/v6 traffic is discarded according to the
>> template
>> 31/Mar/2017 22:19:07 GeoIP: loaded AS config file
>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
>> 31/Mar/2017 22:19:07 GeoIP: loaded AS IPv6 config file
>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
>> 31/Mar/2017 22:19:07 WARNING: Your template ignores IP addresses: your
>> collector might ignore these flows.
>> 31/Mar/2017 22:19:07 Using packet capture length 128
>> 31/Mar/2017 22:19:07 Capturing packets from interface eth1 [snaplen: 128
>> bytes]
>> 31/Mar/2017 22:19:07 nProbe changed user to 'nobody'
>> 31/Mar/2017 22:19:07 nProbe started successfully
>>
>> (nprobe-eth1-conf)
>>
>> -n=tcp://127.0.0.1:5556
>>
>
> this is not OK. Collector should be empty (-n=none) or use another port as
> port 5556 is used by ntopng to listen for ZMQ packets.
>
> this option is missing:
>
> --zmq="tcp://127.0.0.1:5556"
>
>
>> -i=eth1
>> -s=128
>> -t=60
>> -d=60
>> -a=0
>> -e=1
>> -B=10
>> -w=128000
>> -z=0
>> -S=1:1
>> -E=0:0
>> -g=/var/run/nprobe-eth1.pid
>> -p=1/0/0/0/0/1
>> --zmq-probe-mode
>>
>
> If you want to use nprobe with --zmq-probe-mode then ntopng should be
> executed with -i tcp://127.0.0.1:5556c (see the c after the port). Your
> ntopng configuration doesn't have that.
>
> --vlanid-as-iface-idx=none
>> -T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT
>> %IPV4_SRC_ADDR %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP
>> %LAST_SWITCHED %FIRST_SWITCHED
>> -V=9
>> --dump-stats=/var/log/nprobe/eth1-0_flows_stats.txt
>>
>>
>> The scenario is
>>
>> eth1 ----> nprobe (probe-Packet capturing on eth1) ------>ntopng (
>> collector) ( all configuration on single machine)
>>
>> Problem: nprobe not capturing traffic.
>>
>> thanks in advance.. if you need further information letme know
>>
>>
>> khurram
>>
>>
>>
>> On Fri, Mar 31, 2017 at 3:51 PM, Simone Mainardi <mainardi@ntop.org>
>> wrote:
>>
>>> Khurram
>>>
>>> Can you please post configurations used in both setups?
>>>
>>> On Fri, Mar 31, 2017 at 8:46 AM, Shahzada Khurram <khurram@iub.edu.pk>
>>> wrote:
>>>
>>>> Hi,
>>>> I have installed both nprobe and ntopng at ubuntu 16.04. i want to
>>>> capture traffic on the same server on eth1 for research experimental
>>>> purpose. but the problem is when i run ntopng as interdependent its working
>>>> fine and capturing the packet. but when i run ntopng as collector with
>>>> nprobe. nprobe not capturing traffic. is there any special setting for
>>>> nprobe. please help me for this regard.
>>>>
>>>> --
>>>>
>>>> *Thanks & Regards,*
>>>>
>>>> * Khurram*
>>>>
>>>>
>>>> _______________________________________________
>>>> Ntop-misc mailing list
>>>> Ntop-misc@listgateway.unipi.it
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>>
>>>
>>>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> Ntop-misc@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>
>>
>>
>>
>> --
>>
>>
>>
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>



--

Shahzada,

Run nprobe in foreground and add options -b=2 and --debug to the
configuration file:

/usr/local/bin/nprobe /etc/nprobe/nprobe-eth1.conf

You should be able to see generated/exported flows in the command line if
nprobe successfully captures the packets.

Also please see below some configuration issues

On Sun, Apr 2, 2017 at 3:31 AM, Shahzada Khurram <khurram@iub.edu.pk> wrote:

> hi,
> below is my nprobe-eth1.conf information . i did as you mention but
> still not working. Sir i told you that problem is ( nprobe) not capturing
> packets on eth1.
>
> My scenario is very simple i just want traffic capturing on eth1 interface
> through nprobe ( probe) and sent this traffic flows to collector (ntopng)
> for analysis. Again i mention here nprobe not capturing traffic on
> interface eth1. ( all i did on same machine)
>
> -n=none
> -i=eth1
> -s=128
> -t=60
> -d=60
> -a=0
>

-a not needed

-e=1
> -B=10
> -w=128000
> -z=0
>

-z not needed

-S=1:1
> -E=0:0
> -g=/var/run/nprobe-eth1.pid
> -p=1/0/0/0/0/1
> --zmq=tcp://127.0.0.1:5556
> --vlanid-as-iface-idx=none
> -T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT
> %IPV4_SRC_ADDR %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP
> %LAST_SWITCHED %FIRST_SWITCHED
> -V=9
>

-V not needed

--dump-stats=/var/log/nprobe/eth1-0_flows_stats.txt
>
> On Sat, Apr 1, 2017 at 5:49 PM, Simone Mainardi <mainardi@ntop.org> wrote:
>
>> Hi,
>>
>> On Sat, Apr 1, 2017 at 7:24 AM, Shahzada Khurram <khurram@iub.edu.pk>
>> wrote:
>>
>>> hi Simone,
>>> thanks for reply please find below detail
>>> configuration, all configuration done by nbox web Gui mode. .
>>> 1. independently ntopng working fine and traffic capturing working fine
>>> 2. When we configure nprobe ( probe) with ntopng ( collector ) its not
>>> working.
>>>
>>> (ntopng log )
>>>
>>> 31/Mar/2017 22:17:32 Scripts/HTML pages directory: /usr/share/ntopng
>>> 31/Mar/2017 22:17:32 Welcome to ntopng x86_64 v.2.4.170215 - (C)
>>> 1998-2016 ntop.org
>>> 31/Mar/2017 22:17:32 Built on Ubuntu 16.04.1 LTS
>>> 31/Mar/2017 22:17:32 Started periodic activities loop...
>>> 31/Mar/2017 22:17:32 Dumping alerts into syslog
>>> 31/Mar/2017 22:17:32 [LICENSE] ntopng systemId: 3BD34B1A00660F0E
>>> 31/Mar/2017 22:17:32 [LICENSE] ntopng license: 50FB086D8E0007E9944AAF3C6
>>> 31/Mar/2017 22:17:32 [LICENSE] Maintenance is available until Thu Mar
>>> 29 01:48:45 2018 [362 days left]
>>> 31/Mar/2017 22:17:32 Started packet polling on interface tcp://
>>> 127.0.0.1:5556 [id: 4]...
>>> 31/Mar/2017 22:17:32 Collecting flows on tcp://127.0.0.1:5556
>>> [nprobe->ntopng]
>>>
>>> (nprobe log)
>>>
>>> 31/Mar/2017 22:19:07 Each flow is 63 bytes long
>>> 31/Mar/2017 22:19:07 The # packets per flow has been set to 22
>>> 31/Mar/2017 22:19:07 Non IPv4/v6 traffic is discarded according to the
>>> template
>>> 31/Mar/2017 22:19:07 GeoIP: loaded AS config file
>>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
>>> 31/Mar/2017 22:19:07 GeoIP: loaded AS IPv6 config file
>>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
>>> 31/Mar/2017 22:19:07 WARNING: Your template ignores IP addresses: your
>>> collector might ignore these flows.
>>> 31/Mar/2017 22:19:07 Using packet capture length 128
>>> 31/Mar/2017 22:19:07 Capturing packets from interface eth1 [snaplen:
>>> 128 bytes]
>>> 31/Mar/2017 22:19:07 nProbe changed user to 'nobody'
>>> 31/Mar/2017 22:19:07 nProbe started successfully
>>>
>>> (nprobe-eth1-conf)
>>>
>>> -n=tcp://127.0.0.1:5556
>>>
>>
>> this is not OK. Collector should be empty (-n=none) or use another port
>> as port 5556 is used by ntopng to listen for ZMQ packets.
>>
>> this option is missing:
>>
>> --zmq="tcp://127.0.0.1:5556"
>>
>>
>>> -i=eth1
>>> -s=128
>>> -t=60
>>> -d=60
>>> -a=0
>>> -e=1
>>> -B=10
>>> -w=128000
>>> -z=0
>>> -S=1:1
>>> -E=0:0
>>> -g=/var/run/nprobe-eth1.pid
>>> -p=1/0/0/0/0/1
>>> --zmq-probe-mode
>>>
>>
>> If you want to use nprobe with --zmq-probe-mode then ntopng should be
>> executed with -i tcp://127.0.0.1:5556c (see the c after the port). Your
>> ntopng configuration doesn't have that.
>>
>> --vlanid-as-iface-idx=none
>>> -T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT
>>> %IPV4_SRC_ADDR %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP
>>> %LAST_SWITCHED %FIRST_SWITCHED
>>> -V=9
>>> --dump-stats=/var/log/nprobe/eth1-0_flows_stats.txt
>>>
>>>
>>> The scenario is
>>>
>>> eth1 ----> nprobe (probe-Packet capturing on eth1) ------>ntopng (
>>> collector) ( all configuration on single machine)
>>>
>>> Problem: nprobe not capturing traffic.
>>>
>>> thanks in advance.. if you need further information letme know
>>>
>>>
>>> khurram
>>>
>>>
>>>
>>> On Fri, Mar 31, 2017 at 3:51 PM, Simone Mainardi <mainardi@ntop.org>
>>> wrote:
>>>
>>>> Khurram
>>>>
>>>> Can you please post configurations used in both setups?
>>>>
>>>> On Fri, Mar 31, 2017 at 8:46 AM, Shahzada Khurram <khurram@iub.edu.pk>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>> I have installed both nprobe and ntopng at ubuntu 16.04. i want to
>>>>> capture traffic on the same server on eth1 for research experimental
>>>>> purpose. but the problem is when i run ntopng as interdependent its working
>>>>> fine and capturing the packet. but when i run ntopng as collector with
>>>>> nprobe. nprobe not capturing traffic. is there any special setting for
>>>>> nprobe. please help me for this regard.
>>>>>
>>>>> --
>>>>>
>>>>> *Thanks & Regards,*
>>>>>
>>>>> * Khurram*
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Ntop-misc mailing list
>>>>> Ntop-misc@listgateway.unipi.it
>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Ntop-misc mailing list
>>>> Ntop-misc@listgateway.unipi.it
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>>
>>>
>>>
>>>
>>> --
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> Ntop-misc@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>
>>
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>
>
>
> --
>
> *Thanks & Regards,*
>
> *Shahzada Khurram* | *Cell* # *0* | *Email* : *khurram@iub.edu.pk
> <khurram@iub.edu.pk>*
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>