Mailing List Archive

Ntopng on Docker
Hi,

I am trying to setup ntopng on a docker container using:

docker run -d --net=host -t -p 3000:3000 lucaderi/ntopng-docker


I set my network devices (Router and Firewall) to send netflow traffic to
port (UDP) 2055.

The problem is that I am not seeing the traffic that is being received on
port udp 2055. The only traffic I see is the one that is being sent /
received / broadcast / multicast by my host (Docker server).

Can you help please?

Thank you.

Best Regards,

Athmane Bouazzouni
http://devops101.net
Re: Ntopng on Docker [ In reply to ]
Hi,

> On 15 May 2018, at 21:33, moi <athmane2dz@yahoo.fr> wrote:
>
> Hi,
>
> I am trying to setup ntopng on a docker container using:
>
> docker run -d --net=host -t -p 3000:3000 lucaderi/ntopng-docker
>
> I set my network devices (Router and Firewall) to send netflow traffic to port (UDP) 2055.
>
> The problem is that I am not seeing the traffic that is being received on port udp 2055. The only traffic I see is the one that is being sent / received / broadcast / multicast by my host (Docker server).

If your network devices are sending netflow on port 2055 to the host running the docker container, then you should see that traffic within the container since you used --net=host. You can check using tcpdump within the container:

my-container> tcpdump -i any port 2055

I've just tried with some sFlow traffic and it is visible in my container.

The point here is that maybe you don't want to simply capture netflow, what you want to do is to process the netflow traffic to view the actual flows. If that is the case, please, refer to https://www.ntop.org/nprobe/network-monitoring-101-a-beginners-guide-to-understanding-ntop-tools/ <https://www.ntop.org/nprobe/network-monitoring-101-a-beginners-guide-to-understanding-ntop-tools/>. Basically you need nProbe for the collection and ntopng for the visualization.

Regards,
Simone

>
> Can you help please?
>
> Thank you.
>
> Best Regards,
>
> Athmane Bouazzouni
> http://devops101.net <http://devops101.net/>_______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
Re: Ntopng on Docker [ In reply to ]
Hi,

> On 15 May 2018, at 21:33, moi <athmane2dz@yahoo.fr> wrote:
>
> Hi,
>
> I am trying to setup ntopng on a docker container using:
>
> docker run -d --net=host -t -p 3000:3000 lucaderi/ntopng-docker
>
> I set my network devices (Router and Firewall) to send netflow traffic to port (UDP) 2055.
>
> The problem is that I am not seeing the traffic that is being received on port udp 2055. The only traffic I see is the one that is being sent / received / broadcast / multicast by my host (Docker server).

If your network devices are sending netflow on port 2055 to the host running the docker container, then you should see that traffic within the container since you used --net=host. You can check using tcpdump within the container:

my-container> tcpdump -i any port 2055

I've just tried with some sFlow traffic and it is visible in my container.

The point here is that maybe you don't want to simply capture netflow, what you want to do is to process the netflow traffic to view the actual flows. If that is the case, please, refer to https://www.ntop.org/nprobe/network-monitoring-101-a-beginners-guide-to-understanding-ntop-tools/ <https://www.ntop.org/nprobe/network-monitoring-101-a-beginners-guide-to-understanding-ntop-tools/>. Basically you need nProbe for the collection and ntopng for the visualization.

Regards,
Simone

>
> Can you help please?
>
> Thank you.
>
> Best Regards,
>
> Athmane Bouazzouni
> http://devops101.net <http://devops101.net/>_______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop