Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NTop>
  3. Misc
nProbe -A option
pedrrodr at it
May 4, 2018, 9:20 AM
Post #1 of 5 (1118 views)
Permalink
Hello,

I am using nProbe Pro v.8.5.180504 ($Revision: 6149 $) for
x86_64-pc-linux-gnu with native PF_RING acceleration.

I am trying to use -A option with a data file like this:
$ head -n 5 ASList.dat
2116:212.89.60.0/24
2116:212.89.59.0/24
2116:212.89.58.0/24
2116:212.89.57.0/24
2116:212.89.56.0/24

The command line used to start nProbe is:
nprobe -V9 --pcap-file-list myfilelist.txt -A ASList.dat

I got this output:
...
04/May/2018 13:00:58 [util.c:465] GeoIP: loaded AS config file ASList.dat
04/May/2018 13:00:58 [util.c:479] WARNING: Unable to load AS IPv6 file
ASListv6.dat. AS IPv6 support disabled
...
04/May/2018 13:00:58 [nprobe.c:8925] nProbe started successfully


The problem is that the exported dump is not being modified to include
srcas, dstas, srcmsk, dstmsk.
(the mask is the most important for me). I double checked it in my
local collector (nfdump).
A strange thing happen when I stop the nProbe with ctrl-c. I lot of
messages like this are printed:

Invalid database type GeoIP Country Edition, expected GeoIP Organization
Edition

Yes, I could try to use the BGP Plugin, but currently I do not have a
easy BGP full routing router. :(

I appreciate any help,
Pedro

--
PEDRO RODRIGUES TORRES
Universidad Carlos III de Madrid
Re: nProbe -A option [ In reply to ]
deri at ntop
May 7, 2018, 3:51 AM
Post #2 of 5 (1115 views)
Permalink
Pedro,
the file specified with -A has to be in GeoIP format, not text as you did

Luca

> On 4 May 2018, at 18:20, PEDRO RODRIGUES TORRES <pedrrodr@it.uc3m.es> wrote:
>
> Hello,
>
> I am using nProbe Pro v.8.5.180504 ($Revision: 6149 $) for
> x86_64-pc-linux-gnu with native PF_RING acceleration.
>
> I am trying to use -A option with a data file like this:
> $ head -n 5 ASList.dat
> 2116:212.89.60.0/24 <http://212.89.60.0/24>
> 2116:212.89.59.0/24 <http://212.89.59.0/24>
> 2116:212.89.58.0/24 <http://212.89.58.0/24>
> 2116:212.89.57.0/24 <http://212.89.57.0/24>
> 2116:212.89.56.0/24 <http://212.89.56.0/24>
>
> The command line used to start nProbe is:
> nprobe -V9 --pcap-file-list myfilelist.txt -A ASList.dat
>
> I got this output:
> ...
> 04/May/2018 13:00:58 [util.c:465] GeoIP: loaded AS config file ASList.dat
> 04/May/2018 13:00:58 [util.c:479] WARNING: Unable to load AS IPv6 file
> ASListv6.dat. AS IPv6 support disabled
> ...
> 04/May/2018 13:00:58 [nprobe.c:8925] nProbe started successfully
>
>
> The problem is that the exported dump is not being modified to include
> srcas, dstas, srcmsk, dstmsk.
> (the mask is the most important for me). I double checked it in my
> local collector (nfdump).
> A strange thing happen when I stop the nProbe with ctrl-c. I lot of
> messages like this are printed:
>
> Invalid database type GeoIP Country Edition, expected GeoIP Organization Edition
>
> Yes, I could try to use the BGP Plugin, but currently I do not have a
> easy BGP full routing router. :(
>
> I appreciate any help,
> Pedro
>
> --
> PEDRO RODRIGUES TORRES
> Universidad Carlos III de Madrid
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: nProbe -A option [ In reply to ]
pedrrodr at it
May 7, 2018, 5:06 AM
Post #3 of 5 (1115 views)
Permalink
Hello Luca,

Possibly I read an old user guide:
https://www.ntop.org/wp-content/uploads/2013/03/nProbe_UserGuide.pdf

I think the problem to use de BGP Plugin in my scenery is due I need to
process pcap files. I am not sure if the full BGP table will be loaded in
nProbe prior to process the pcap files.
Other problem is that bgp_probe_client.pl is not working for me... I need
to debug it but if has some easy way to insert prefix/ASN in the probes,
let me know.

--
Pedro


2018-05-07 12:51 GMT+02:00 Luca Deri <deri@ntop.org>:
>
> Pedro,
> the file specified with -A has to be in GeoIP format, not text as you did
>
> Luca
>
> On 4 May 2018, at 18:20, PEDRO RODRIGUES TORRES <pedrrodr@it.uc3m.es>
wrote:
>
> Hello,
>
> I am using nProbe Pro v.8.5.180504 ($Revision: 6149 $) for
> x86_64-pc-linux-gnu with native PF_RING acceleration.
>
> I am trying to use -A option with a data file like this:
> $ head -n 5 ASList.dat
> 2116:212.89.60.0/24
> 2116:212.89.59.0/24
> 2116:212.89.58.0/24
> 2116:212.89.57.0/24
> 2116:212.89.56.0/24
>
> The command line used to start nProbe is:
> nprobe -V9 --pcap-file-list myfilelist.txt -A ASList.dat
>
> I got this output:
> ...
> 04/May/2018 13:00:58 [util.c:465] GeoIP: loaded AS config file ASList.dat
> 04/May/2018 13:00:58 [util.c:479] WARNING: Unable to load AS IPv6 file
> ASListv6.dat. AS IPv6 support disabled
> ...
> 04/May/2018 13:00:58 [nprobe.c:8925] nProbe started successfully
>
>
> The problem is that the exported dump is not being modified to include
> srcas, dstas, srcmsk, dstmsk.
> (the mask is the most important for me). I double checked it in my
> local collector (nfdump).
> A strange thing happen when I stop the nProbe with ctrl-c. I lot of
> messages like this are printed:
>
> Invalid database type GeoIP Country Edition, expected GeoIP Organization
Edition
>
> Yes, I could try to use the BGP Plugin, but currently I do not have a
> easy BGP full routing router. :(
>
> I appreciate any help,
> Pedro
>
> --
> PEDRO RODRIGUES TORRES
> Universidad Carlos III de Madrid
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc




--
PEDRO RODRIGUES TORRES
Universidad Carlos III de Madrid
Re: nProbe -A option [ In reply to ]
deri at ntop
May 7, 2018, 6:42 AM
Post #4 of 5 (1115 views)
Permalink
Pedro
yes we moved to geoid in recent versions. Please see https://blog.maxmind.com/2015/09/29/building-your-own-mmdb-database-for-fun-and-profit/ <https://blog.maxmind.com/2015/09/29/building-your-own-mmdb-database-for-fun-and-profit/> that explains you how to create your custom dat files

Lyca

> On 7 May 2018, at 14:06, PEDRO RODRIGUES TORRES <pedrrodr@it.uc3m.es> wrote:
>
> Hello Luca,
>
> Possibly I read an old user guide:
> https://www.ntop.org/wp-content/uploads/2013/03/nProbe_UserGuide.pdf <https://www.ntop.org/wp-content/uploads/2013/03/nProbe_UserGuide.pdf>
>
> I think the problem to use de BGP Plugin in my scenery is due I need to process pcap files. I am not sure if the full BGP table will be loaded in nProbe prior to process the pcap files.
> Other problem is that bgp_probe_client.pl <http://bgp_probe_client.pl/> is not working for me... I need to debug it but if has some easy way to insert prefix/ASN in the probes, let me know.
>
> --
> Pedro
>
>
> 2018-05-07 12:51 GMT+02:00 Luca Deri <deri@ntop.org <mailto:deri@ntop.org>>:
> >
> > Pedro,
> > the file specified with -A has to be in GeoIP format, not text as you did
> >
> > Luca
> >
> > On 4 May 2018, at 18:20, PEDRO RODRIGUES TORRES <pedrrodr@it.uc3m.es <mailto:pedrrodr@it.uc3m.es>> wrote:
> >
> > Hello,
> >
> > I am using nProbe Pro v.8.5.180504 ($Revision: 6149 $) for
> > x86_64-pc-linux-gnu with native PF_RING acceleration.
> >
> > I am trying to use -A option with a data file like this:
> > $ head -n 5 ASList.dat
> > 2116:212.89.60.0/24 <http://212.89.60.0/24>
> > 2116:212.89.59.0/24 <http://212.89.59.0/24>
> > 2116:212.89.58.0/24 <http://212.89.58.0/24>
> > 2116:212.89.57.0/24 <http://212.89.57.0/24>
> > 2116:212.89.56.0/24 <http://212.89.56.0/24>
> >
> > The command line used to start nProbe is:
> > nprobe -V9 --pcap-file-list myfilelist.txt -A ASList.dat
> >
> > I got this output:
> > ...
> > 04/May/2018 13:00:58 [util.c:465] GeoIP: loaded AS config file ASList.dat
> > 04/May/2018 13:00:58 [util.c:479] WARNING: Unable to load AS IPv6 file
> > ASListv6.dat. AS IPv6 support disabled
> > ...
> > 04/May/2018 13:00:58 [nprobe.c:8925] nProbe started successfully
> >
> >
> > The problem is that the exported dump is not being modified to include
> > srcas, dstas, srcmsk, dstmsk.
> > (the mask is the most important for me). I double checked it in my
> > local collector (nfdump).
> > A strange thing happen when I stop the nProbe with ctrl-c. I lot of
> > messages like this are printed:
> >
> > Invalid database type GeoIP Country Edition, expected GeoIP Organization Edition
> >
> > Yes, I could try to use the BGP Plugin, but currently I do not have a
> > easy BGP full routing router. :(
> >
> > I appreciate any help,
> > Pedro
> >
> > --
> > PEDRO RODRIGUES TORRES
> > Universidad Carlos III de Madrid
> > _______________________________________________
> > Ntop-misc mailing list
> > Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
> >
> >
> >
> > _______________________________________________
> > Ntop-misc mailing list
> > Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>
>
>
>
> --
> PEDRO RODRIGUES TORRES
> Universidad Carlos III de Madrid
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: nProbe -A option [ In reply to ]
pedrrodr at it
May 7, 2018, 12:52 PM
Post #5 of 5 (1115 views)
Permalink
Hello Luca,

The -A option is able to change only src/dst ASN, right?
Even if a create a custom MMDB may I change de src/dst mask?

--
Pedro

2018-05-07 15:42 GMT+02:00 Luca Deri <deri@ntop.org>:

> Pedro
> yes we moved to geoid in recent versions. Please see
> https://blog.maxmind.com/2015/09/29/building-your-own-
> mmdb-database-for-fun-and-profit/ that explains you how to create your
> custom dat files
>
> Lyca
>
>
> On 7 May 2018, at 14:06, PEDRO RODRIGUES TORRES <pedrrodr@it.uc3m.es>
> wrote:
>
> Hello Luca,
>
> Possibly I read an old user guide:
> https://www.ntop.org/wp-content/uploads/2013/03/nProbe_UserGuide.pdf
>
> I think the problem to use de BGP Plugin in my scenery is due I need to
> process pcap files. I am not sure if the full BGP table will be loaded in
> nProbe prior to process the pcap files.
> Other problem is that bgp_probe_client.pl is not working for me... I need
> to debug it but if has some easy way to insert prefix/ASN in the probes,
> let me know.
>
> --
> Pedro
>
>
> 2018-05-07 12:51 GMT+02:00 Luca Deri <deri@ntop.org>:
> >
> > Pedro,
> > the file specified with -A has to be in GeoIP format, not text as you did
> >
> > Luca
> >
> > On 4 May 2018, at 18:20, PEDRO RODRIGUES TORRES <pedrrodr@it.uc3m.es>
> wrote:
> >
> > Hello,
> >
> > I am using nProbe Pro v.8.5.180504 ($Revision: 6149 $) for
> > x86_64-pc-linux-gnu with native PF_RING acceleration.
> >
> > I am trying to use -A option with a data file like this:
> > $ head -n 5 ASList.dat
> > 2116:212.89.60.0/24
> > 2116:212.89.59.0/24
> > 2116:212.89.58.0/24
> > 2116:212.89.57.0/24
> > 2116:212.89.56.0/24
> >
> > The command line used to start nProbe is:
> > nprobe -V9 --pcap-file-list myfilelist.txt -A ASList.dat
> >
> > I got this output:
> > ...
> > 04/May/2018 13:00:58 [util.c:465] GeoIP: loaded AS config file ASList.dat
> > 04/May/2018 13:00:58 [util.c:479] WARNING: Unable to load AS IPv6 file
> > ASListv6.dat. AS IPv6 support disabled
> > ...
> > 04/May/2018 13:00:58 [nprobe.c:8925] nProbe started successfully
> >
> >
> > The problem is that the exported dump is not being modified to include
> > srcas, dstas, srcmsk, dstmsk.
> > (the mask is the most important for me). I double checked it in my
> > local collector (nfdump).
> > A strange thing happen when I stop the nProbe with ctrl-c. I lot of
> > messages like this are printed:
> >
> > Invalid database type GeoIP Country Edition, expected GeoIP Organization
> Edition
> >
> > Yes, I could try to use the BGP Plugin, but currently I do not have a
> > easy BGP full routing router. :(
> >
> > I appreciate any help,
> > Pedro
> >
> > --
> > PEDRO RODRIGUES TORRES
> > Universidad Carlos III de Madrid
> > _______________________________________________
> > Ntop-misc mailing list
> > Ntop-misc@listgateway.unipi.it
> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
> >
> >
> >
> > _______________________________________________
> > Ntop-misc mailing list
> > Ntop-misc@listgateway.unipi.it
> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
>
>
> --
> PEDRO RODRIGUES TORRES
> Universidad Carlos III de Madrid
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>



--
PEDRO RODRIGUES TORRES
Universidad Carlos III de Madrid

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal