Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NTop>
  3. Users
How to Analyse MikroTik Traffic Using nprobe -> ntopng on Windows
technical at mcw
Dec 23, 2018, 3:12 AM
Post #1 of 8 (1900 views)
Permalink
Hi there,

We have one simple requirement:

To accurately record how much bandwidth each user is using, across our
several sites, over a day / week / month / year. Realtime data nice to
have but not necessary.

I say 'simple requirement' however having tried many ways to achieve
this over years its been anything but simple. (For us anyhow.)

With ntopng now being able to record historical data we're feeling
encouraged to try ntop again.

As such we've acquired the needed licenses, instructed our Mikrotik to
send NetFlow to the Windows PC running nProbe & ntopng, and created the
needed license file.

However I cannot figure out how to start nprobe service to capture the
Mikrotik flows and send them to ntopng.

What are the correct Windows cmd's to start nprobe & ntopng, to capture
NetFlow from Mikrotik please?

Lots of tutorials like the one below for starting on Linux but no so
much on Windows:

https://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/

We seem to need the Windows equivalent of the below however:

nprobe -i none -n none -3 2055 --zmq tcp://127.0.0.1:1234
ntopng -i tcp://127.0.0.1:1234

Help greatly appreciated,

Best,

Johan.

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: How to Analyse MikroTik Traffic Using nprobe -> ntopng on Windows [ In reply to ]
technical at mcw
Dec 23, 2018, 3:17 PM
Post #2 of 8 (1897 views)
Permalink
Update to the below, as per what Ive posted to the mailing list:

We have Multiple nProbe sites with Mikrotik routers, and want to send
flows to one remote ntopng instance running on a Windows machine.

Starting with the local site all behind the same Firewall / on same LAN:

Mikrotik is setup to send NetFlow to the IP of the host running nprobe &
ntopng: 192.168.88.2

ntopng started as service with the below CMD:

ntopng /i -i tcp://*:5556c

And nprobe with:

nprobe /i my_nprobe --zmq "tcp://<192.168.88.2>:5556" --zmq-probe-mode
-i none -n none --collector-port 2055 -T "@NTOPNG@"

As per the steps outlined here:

https://www.ntop.org/nprobe/best-practices-for-the-collection-of-flows-with-ntopng-and-nprobe/

However ntopng when loaded shows only:

No packet has been received yet on interface tcp://*:5556c. Please wait
6 seconds until this page reloads.

Have also tried the steps outlined below to no avail:

https://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/

Any help greatly appreciated,

Johan.





On 2018-12-23 13:12, technical@mcw.org.za wrote:
> Hi there,
>
> We have one simple requirement:
>
> To accurately record how much bandwidth each user is using, across our
> several sites, over a day / week / month / year. Realtime data nice to
> have but not necessary.
>
> I say 'simple requirement' however having tried many ways to achieve
> this over years its been anything but simple. (For us anyhow.)
>
> With ntopng now being able to record historical data we're feeling
> encouraged to try ntop again.
>
> As such we've acquired the needed licenses, instructed our Mikrotik to
> send NetFlow to the Windows PC running nProbe & ntopng, and created
> the needed license file.
>
> However I cannot figure out how to start nprobe service to capture the
> Mikrotik flows and send them to ntopng.
>
> What are the correct Windows cmd's to start nprobe & ntopng, to
> capture NetFlow from Mikrotik please?
>
> Lots of tutorials like the one below for starting on Linux but no so
> much on Windows:
>
> https://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/
>
> We seem to need the Windows equivalent of the below however:
>
> nprobe -i none -n none -3 2055 --zmq tcp://127.0.0.1:1234
> ntopng -i tcp://127.0.0.1:1234
>
> Help greatly appreciated,
>
> Best,
>
> Johan.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: How to Analyse MikroTik Traffic Using nprobe -> ntopng on Windows [ In reply to ]
technical at mcw
Dec 23, 2018, 3:17 PM
Post #3 of 8 (1897 views)
Permalink
Update to the below, as per what Ive posted to the mailing list:

We have Multiple nProbe sites with Mikrotik routers, and want to send
flows to one remote ntopng instance running on a Windows machine.

Starting with the local site all behind the same Firewall / on same LAN:

Mikrotik is setup to send NetFlow to the IP of the host running nprobe &
ntopng: 192.168.88.2

ntopng started as service with the below CMD:

ntopng /i -i tcp://*:5556c

And nprobe with:

nprobe /i my_nprobe --zmq "tcp://<192.168.88.2>:5556" --zmq-probe-mode
-i none -n none --collector-port 2055 -T "@NTOPNG@"

As per the steps outlined here:

https://www.ntop.org/nprobe/best-practices-for-the-collection-of-flows-with-ntopng-and-nprobe/

However ntopng when loaded shows only:

No packet has been received yet on interface tcp://*:5556c. Please wait
6 seconds until this page reloads.

Have also tried the steps outlined below to no avail:

https://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/

Any help greatly appreciated,

Johan.





On 2018-12-23 13:12, technical@mcw.org.za wrote:
> Hi there,
>
> We have one simple requirement:
>
> To accurately record how much bandwidth each user is using, across our
> several sites, over a day / week / month / year. Realtime data nice to
> have but not necessary.
>
> I say 'simple requirement' however having tried many ways to achieve
> this over years its been anything but simple. (For us anyhow.)
>
> With ntopng now being able to record historical data we're feeling
> encouraged to try ntop again.
>
> As such we've acquired the needed licenses, instructed our Mikrotik to
> send NetFlow to the Windows PC running nProbe & ntopng, and created
> the needed license file.
>
> However I cannot figure out how to start nprobe service to capture the
> Mikrotik flows and send them to ntopng.
>
> What are the correct Windows cmd's to start nprobe & ntopng, to
> capture NetFlow from Mikrotik please?
>
> Lots of tutorials like the one below for starting on Linux but no so
> much on Windows:
>
> https://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/
>
> We seem to need the Windows equivalent of the below however:
>
> nprobe -i none -n none -3 2055 --zmq tcp://127.0.0.1:1234
> ntopng -i tcp://127.0.0.1:1234
>
> Help greatly appreciated,
>
> Best,
>
> Johan.
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: How to Analyse MikroTik Traffic Using nprobe -> ntopng on Windows [ In reply to ]
faranda at ntop
Dec 24, 2018, 6:02 AM
Post #4 of 8 (1894 views)
Permalink
Hi,

Please try to replace /i with /c so that you can see the commands output.

Regards,

Emanuele

On 12/24/18 12:17 AM, technical@mcw.org.za wrote:
> Update to the below, as per what Ive posted to the mailing list:
>
> We have Multiple nProbe sites with Mikrotik routers, and want to send
> flows to one remote ntopng instance running on a Windows machine.
>
> Starting with the local site all behind the same Firewall / on same LAN:
>
> Mikrotik is setup to send NetFlow to the IP of the host running nprobe
> & ntopng: 192.168.88.2
>
> ntopng started as service with the below CMD:
>
> ntopng /i -i tcp://*:5556c
>
> And nprobe with:
>
> nprobe /i my_nprobe --zmq "tcp://<192.168.88.2>:5556" --zmq-probe-mode
> -i none -n none --collector-port 2055 -T "@NTOPNG@"
>
> As per the steps outlined here:
>
> https://www.ntop.org/nprobe/best-practices-for-the-collection-of-flows-with-ntopng-and-nprobe/
>
>
> However ntopng when loaded shows only:
>
> No packet has been received yet on interface tcp://*:5556c. Please
> wait 6 seconds until this page reloads.
>
> Have also tried the steps outlined below to no avail:
>
> https://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/
>
> Any help greatly appreciated,
>
> Johan.
>
>
>
>
>
> On 2018-12-23 13:12, technical@mcw.org.za wrote:
>> Hi there,
>>
>> We have one simple requirement:
>>
>> To accurately record how much bandwidth each user is using, across our
>> several sites, over a day / week / month / year. Realtime data nice to
>> have but not necessary.
>>
>> I say 'simple requirement' however having tried many ways to achieve
>> this over years its been anything but simple. (For us anyhow.)
>>
>> With ntopng now being able to record historical data we're feeling
>> encouraged to try ntop again.
>>
>> As such we've acquired the needed licenses, instructed our Mikrotik to
>> send NetFlow to the Windows PC running nProbe & ntopng, and created
>> the needed license file.
>>
>> However I cannot figure out how to start nprobe service to capture the
>> Mikrotik flows and send them to ntopng.
>>
>> What are the correct Windows cmd's to start nprobe & ntopng, to
>> capture NetFlow from Mikrotik please?
>>
>> Lots of tutorials like the one below for starting on Linux but no so
>> much on Windows:
>>
>> https://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/
>>
>>
>> We seem to need the Windows equivalent of the below however:
>>
>> nprobe -i none -n none -3 2055 --zmq tcp://127.0.0.1:1234
>> ntopng -i tcp://127.0.0.1:1234
>>
>> Help greatly appreciated,
>>
>> Best,
>>
>> Johan.
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: How to Analyse MikroTik Traffic Using nprobe -> ntopng on Windows [ In reply to ]
technical at mcw
Dec 24, 2018, 10:50 AM
Post #5 of 8 (1893 views)
Permalink
Hi Emanuele,

Both below Windows CMD terminals run as Administrator:

C:\Program Files\ntopng>ntopng /c i -i tcp://*:5556c

=============================================
Starting ntopng
Running ntopng.
24/Dec/2018 20:39:33 [Ntop.cpp:1545] Setting local networks to
127.0.0.0/8
24/Dec/2018 20:39:33 [Redis.cpp:132] Successfully connected to redis
127.0.0.1@0
24/Dec/2018 20:39:33 [Redis.cpp:132] Successfully connected to redis
127.0.0.1@0
24/Dec/2018 20:39:33 [NtopPro.cpp:310] [LICENSE] Reading license from
Redis
24/Dec/2018 20:39:33 [NtopPro.cpp:451] WARNING: [LICENSE] Invalid or
missing license
24/Dec/2018 20:39:33 [NtopPro.cpp:468] WARNING: [LICENSE] ntopng will
now run in enterprise edition for 10 minutes
24/Dec/2018 20:39:33 [NtopPro.cpp:470] WARNING: [LICENSE] before
returning to community mode
24/Dec/2018 20:39:33 [NtopPro.cpp:472] WARNING: [LICENSE] You can buy a
permanent license at http://shop.ntop.org
24/Dec/2018 20:39:33 [NtopPro.cpp:474] WARNING: [LICENSE] or run ntopng
in community mode starting
24/Dec/2018 20:39:33 [NtopPro.cpp:475] WARNING: [LICENSE] ntopng
--community
24/Dec/2018 20:39:34 [CollectorInterface.cpp:66] ERROR: Unable to bind
to ZMQ endpoint tcp://*:5556 [collector]
24/Dec/2018 20:39:35 [main.cpp:239] ERROR: An exception occurred during
tcp://*:5556c interface creation[2]: No such file or directory
24/Dec/2018 20:39:35 [main.cpp:293] ERROR: Startup error: missing
super-user privileges ?

C:\Program Files\ntopng>ntopng /c i -i tcp://*:5556c
Starting ntopng
Running ntopng.
24/Dec/2018 20:40:36 [Ntop.cpp:1545] Setting local networks to
127.0.0.0/8
24/Dec/2018 20:40:36 [Redis.cpp:132] Successfully connected to redis
127.0.0.1@0
24/Dec/2018 20:40:36 [Redis.cpp:132] Successfully connected to redis
127.0.0.1@0
24/Dec/2018 20:40:36 [NtopPro.cpp:310] [LICENSE] Reading license from
Redis
24/Dec/2018 20:40:36 [NtopPro.cpp:451] WARNING: [LICENSE] Invalid or
missing license
24/Dec/2018 20:40:36 [NtopPro.cpp:468] WARNING: [LICENSE] ntopng will
now run in enterprise edition for 10 minutes
24/Dec/2018 20:40:36 [NtopPro.cpp:470] WARNING: [LICENSE] before
returning to community mode
24/Dec/2018 20:40:36 [NtopPro.cpp:472] WARNING: [LICENSE] You can buy a
permanent license at http://shop.ntop.org
24/Dec/2018 20:40:36 [NtopPro.cpp:474] WARNING: [LICENSE] or run ntopng
in community mode starting
24/Dec/2018 20:40:36 [NtopPro.cpp:475] WARNING: [LICENSE] ntopng
--community
24/Dec/2018 20:40:37 [CollectorInterface.cpp:66] ERROR: Unable to bind
to ZMQ endpoint tcp://*:5556 [collector]
24/Dec/2018 20:40:37 [main.cpp:239] ERROR: An exception occurred during
tcp://*:5556c interface creation[2]: No such file or directory
24/Dec/2018 20:40:37 [main.cpp:293] ERROR: Startup error: missing
super-user privileges ?
================================================

C:\Program Files\nProbe>nprobe /c my_nprobe --zmq
"tcp://<192.168.88.2>:5556" --zmq-probe-mode -i none -n none
--collector-port 2055 -T "@NTOPNG@"

============================================================
Running nProbe for Windows.
24/Dec/2018 20:41:38 [nprobe.c:4168] Valid nProbe license found
24/Dec/2018 20:41:38 [nprobe.c:6092] WARNING: The output interfaceId is
set to 0: did you forget to use -Q perhaps ?
24/Dec/2018 20:41:38 [nprobe.c:6095] WARNING: The input interfaceId is
set to 0: did you forget to use -u perhaps ?
24/Dec/2018 20:41:38 [nprobe.c:6182] Welcome to nProbe v.8.6.181004
($Revision: 4384 $) for Windows
24/Dec/2018 20:41:38 [nprobe.c:6192] Running on Windows
24/Dec/2018 20:41:38 [nprobe.c:6203] [LICENSE] nProbe SystemId:
2152224034-9206A1D8
24/Dec/2018 20:41:38 [nprobe.c:6270] Sample rate [packet: 1][flow
collection/export: 1/1]
24/Dec/2018 20:41:38 [nprobe.c:8966] Welcome to nProbe v.8.6.181004 for
Windows
24/Dec/2018 20:41:38 [nprobe.c:7870] WARNING: Adding
%EXPORTER_IPV4_ADDRESS to the template as nProbe is working as collector
24/Dec/2018 20:41:38 [nprobe.c:7976] Using NetFlow Packet Payload Len:
1472
24/Dec/2018 20:41:38 [nprobe.c:7906] @NTOPNG@ expanded to " %L7_PROTO
%IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_SRC_PORT %L4_DST_PORT %IPV6_SRC_ADDR
%IPV6_DST_ADDR %IP_PROTOCOL_VERSION %PROTOCOL %IN_BYTES %IN_PKTS
%OUT_BYTES %OUT_PKTS %FIRST_SWITCHED %LAST_SWITCHED %SRC_VLAN
%EXPORTER_IPV4_ADDRESS"
24/Dec/2018 20:41:38 [plugin.c:1238] 0 plugin(s) enabled
24/Dec/2018 20:41:38 [nprobe.c:8422] Each flow is 82 bytes long
24/Dec/2018 20:41:38 [nprobe.c:8423] The # flows per packet has been set
to 16
24/Dec/2018 20:41:38 [nprobe.c:8426] IP TOS is accounted
24/Dec/2018 20:41:38 [nprobe.c:8452] Non IPv4/v6 traffic is discarded
according to the template
24/Dec/2018 20:41:38 [nprobe.c:9231] Flows ASs will not be computed
(missing libmxminddb support)
24/Dec/2018 20:41:38 [nprobe.c:9334] Not capturing packet from interface
(collector mode)
24/Dec/2018 20:41:38 [util.c:4719] Initializing ZMQ as client
24/Dec/2018 20:41:38 [util.c:4736] ERROR: Unable to export flows towards
ZMQ endpoint tcp://<192.168.88.2>:5556: Invalid argument
24/Dec/2018 20:41:38 [collect.c:142] Flow collector listening on port
2055 (IPv4/v6)
24/Dec/2018 20:41:38 [nprobe.c:9582] nProbe started successfully
24/Dec/2018 20:46:29 [nprobe.c:567] Received shutdown request...
[signal: 2]
24/Dec/2018 20:46:29 [nprobe.c:6317] Flushing active flows
24/Dec/2018 20:46:31 [nprobe.c:3127] Processed packets: 0 (max bucket
search: 0)
24/Dec/2018 20:46:31 [nprobe.c:3110] Fragment queue length: 0
24/Dec/2018 20:46:31 [nprobe.c:3137] Flow collection stats: [collected
pkts: 0][processed flows: 0]
24/Dec/2018 20:46:31 [nprobe.c:3140] Flow export stats: [0 bytes/0
pkts][0 flows/0 pkts sent]
24/Dec/2018 20:46:31 [nprobe.c:3146] Flow export drop stats: [0 bytes/0
pkts][0 flows]
24/Dec/2018 20:46:31 [nprobe.c:3151] Total flow stats: [0 bytes/0
pkts][0 flows/0 pkts sent]
====================================================================

Am not sure what to do / try form here, assistance appreciated,

Best,

Johan.


On 2018-12-24 16:02, Emanuele Faranda wrote:
> Hi,
>
> Please try to replace /i with /c so that you can see the commands
> output.
>
> Regards,
>
> Emanuele
>
> On 12/24/18 12:17 AM, technical@mcw.org.za wrote:
>> Update to the below, as per what Ive posted to the mailing list:
>>
>> We have Multiple nProbe sites with Mikrotik routers, and want to send
>> flows to one remote ntopng instance running on a Windows machine.
>>
>> Starting with the local site all behind the same Firewall / on same
>> LAN:
>>
>> Mikrotik is setup to send NetFlow to the IP of the host running nprobe
>> & ntopng: 192.168.88.2
>>
>> ntopng started as service with the below CMD:
>>
>> ntopng /i -i tcp://*:5556c
>>
>> And nprobe with:
>>
>> nprobe /i my_nprobe --zmq "tcp://<192.168.88.2>:5556" --zmq-probe-mode
>> -i none -n none --collector-port 2055 -T "@NTOPNG@"
>>
>> As per the steps outlined here:
>>
>> https://www.ntop.org/nprobe/best-practices-for-the-collection-of-flows-with-ntopng-and-nprobe/
>> However ntopng when loaded shows only:
>>
>> No packet has been received yet on interface tcp://*:5556c. Please
>> wait 6 seconds until this page reloads.
>>
>> Have also tried the steps outlined below to no avail:
>>
>> https://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/
>>
>> Any help greatly appreciated,
>>
>> Johan.
>>
>>
>>
>>
>>
>> On 2018-12-23 13:12, technical@mcw.org.za wrote:
>>> Hi there,
>>>
>>> We have one simple requirement:
>>>
>>> To accurately record how much bandwidth each user is using, across
>>> our
>>> several sites, over a day / week / month / year. Realtime data nice
>>> to
>>> have but not necessary.
>>>
>>> I say 'simple requirement' however having tried many ways to achieve
>>> this over years its been anything but simple. (For us anyhow.)
>>>
>>> With ntopng now being able to record historical data we're feeling
>>> encouraged to try ntop again.
>>>
>>> As such we've acquired the needed licenses, instructed our Mikrotik
>>> to
>>> send NetFlow to the Windows PC running nProbe & ntopng, and created
>>> the needed license file.
>>>
>>> However I cannot figure out how to start nprobe service to capture
>>> the
>>> Mikrotik flows and send them to ntopng.
>>>
>>> What are the correct Windows cmd's to start nprobe & ntopng, to
>>> capture NetFlow from Mikrotik please?
>>>
>>> Lots of tutorials like the one below for starting on Linux but no so
>>> much on Windows:
>>>
>>> https://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/
>>> We seem to need the Windows equivalent of the below however:
>>>
>>> nprobe -i none -n none -3 2055 --zmq tcp://127.0.0.1:1234
>>> ntopng -i tcp://127.0.0.1:1234
>>>
>>> Help greatly appreciated,
>>>
>>> Best,
>>>
>>> Johan.
>>>
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: How to Analyse MikroTik Traffic Using nprobe -> ntopng on Windows [ In reply to ]
technical at mcw
Dec 24, 2018, 1:32 PM
Post #6 of 8 (1893 views)
Permalink
Update to prev mail:

Starting ntopng with:

ntopng /c -i tcp://*:5556c

and nprobe with:

nprobe /c --zmq "tcp://127.0.0.1:5556" --zmq-probe-mode -i none -n none
--collector-port 2055 -T "@NTOPNG@"

Results in traffic being parsed to GUI running on:

http://127.0.0.1:3000/lua/hosts_stats.lua

However when selecting Hosts, Filter Hosts, Local Hosts, it outputs: No
results found, yet we can see some of our local IPs listed under Hosts
(main menu).

Our primary requirement right now is analyzing / recording LAN users
internet bandwidth usage.

C:\Program Files\ntopng>ntopng /c -i tcp://*:5556c

===================================================================
Starting ntopng
Running ntopng.
24/Dec/2018 23:26:30 [Ntop.cpp:1545] Setting local networks to
127.0.0.0/8
24/Dec/2018 23:26:30 [Redis.cpp:132] Successfully connected to redis
127.0.0.1@0
24/Dec/2018 23:26:30 [Redis.cpp:132] Successfully connected to redis
127.0.0.1@0
24/Dec/2018 23:26:30 [NtopPro.cpp:310] [LICENSE] Reading license from
Redis
24/Dec/2018 23:26:30 [NtopPro.cpp:451] WARNING: [LICENSE] Invalid or
missing license
24/Dec/2018 23:26:30 [NtopPro.cpp:468] WARNING: [LICENSE] ntopng will
now run in enterprise edition for 10 minutes
24/Dec/2018 23:26:30 [NtopPro.cpp:470] WARNING: [LICENSE] before
returning to community mode
24/Dec/2018 23:26:30 [NtopPro.cpp:472] WARNING: [LICENSE] You can buy a
permanent license at http://shop.ntop.org
24/Dec/2018 23:26:30 [NtopPro.cpp:474] WARNING: [LICENSE] or run ntopng
in community mode starting
24/Dec/2018 23:26:30 [NtopPro.cpp:475] WARNING: [LICENSE] ntopng
--community
24/Dec/2018 23:26:30 [Ntop.cpp:1639] Registered interface tcp://*:5556c
[id: 9]
24/Dec/2018 23:26:31 [HTTPserver.cpp:945] HTTPS Disabled: missing SSL
certificate C:\Program Files\ntopng\httpdocs/ssl/ntopng-cert.pem
24/Dec/2018 23:26:31 [HTTPserver.cpp:947] Please read
https://github.com/ntop/ntopng/blob/dev/doc/README.SSL if you want to
enable SSL.
24/Dec/2018 23:26:31 [HTTPserver.cpp:1114] Web server dirs [C:\Program
Files\ntopng\httpdocs][C:\Program Files\ntopng\scripts]
24/Dec/2018 23:26:31 [HTTPserver.cpp:1117] HTTP server listening on 3000
24/Dec/2018 23:26:31 [main.cpp:393] Working directory:
Z:\Cloud\OneDrive\MyPC\Documents\ntopng
24/Dec/2018 23:26:31 [main.cpp:395] Scripts/HTML pages directory:
C:\Program Files\ntopng
24/Dec/2018 23:26:31 [Ntop.cpp:390] Welcome to ntopng x64 v.3.7.180929 -
(C) 1998-18 ntop.org
24/Dec/2018 23:26:31 [Ntop.cpp:400] Built on Windows
24/Dec/2018 23:26:31 [NtopPro.cpp:633] [LICENSE] System Id:
2152224034-9206A1D8
24/Dec/2018 23:26:31 [NtopPro.cpp:634] [LICENSE] Edition:
Enterprise
24/Dec/2018 23:26:31 [NtopPro.cpp:635] [LICENSE] License Type:
Time-Limited License
24/Dec/2018 23:26:31 [NtopPro.cpp:644] [LICENSE] Validity: Until
Mon Dec 24 23:36:30 2018
24/Dec/2018 23:26:31 [PeriodicActivities.cpp:68] Started periodic
activities loop...
24/Dec/2018 23:26:32 [PeriodicActivities.cpp:109] Each periodic activity
script will use 2 threads
24/Dec/2018 23:26:32 [NetworkInterface.cpp:2581] Started packet polling
on interface tcp://*:5556c [id: 9]...
24/Dec/2018 23:26:32 [CollectorInterface.cpp:122] Collecting flows on
tcp://*:5556c
======================================================================================

C:\Program Files\nProbe>nprobe /c --zmq "tcp://127.0.0.1:5556"
--zmq-probe-mode -i none -n none --collector-port 2055 -T "@NTOPNG@"

==============================================================================
Running nProbe for Windows.
24/Dec/2018 23:26:40 [nprobe.c:4168] Valid nProbe license found
24/Dec/2018 23:26:40 [nprobe.c:6092] WARNING: The output interfaceId is
set to 0: did you forget to use -Q perhaps ?
24/Dec/2018 23:26:40 [nprobe.c:6095] WARNING: The input interfaceId is
set to 0: did you forget to use -u perhaps ?
24/Dec/2018 23:26:40 [nprobe.c:6182] Welcome to nProbe v.8.6.181004
($Revision: 4384 $) for Windows
24/Dec/2018 23:26:40 [nprobe.c:6192] Running on Windows
24/Dec/2018 23:26:40 [nprobe.c:6203] [LICENSE] nProbe SystemId:
2152224034-9206A1D8
24/Dec/2018 23:26:40 [nprobe.c:6270] Sample rate [packet: 1][flow
collection/export: 1/1]
24/Dec/2018 23:26:40 [nprobe.c:8966] Welcome to nProbe v.8.6.181004 for
Windows
24/Dec/2018 23:26:40 [nprobe.c:7870] WARNING: Adding
%EXPORTER_IPV4_ADDRESS to the template as nProbe is working as collector
24/Dec/2018 23:26:40 [nprobe.c:7976] Using NetFlow Packet Payload Len:
1472
24/Dec/2018 23:26:40 [nprobe.c:7906] @NTOPNG@ expanded to " %L7_PROTO
%IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_SRC_PORT %L4_DST_PORT %IPV6_SRC_ADDR
%IPV6_DST_ADDR %IP_PROTOCOL_VERSION %PROTOCOL %IN_BYTES %IN_PKTS
%OUT_BYTES %OUT_PKTS %FIRST_SWITCHED %LAST_SWITCHED %SRC_VLAN
%EXPORTER_IPV4_ADDRESS"
24/Dec/2018 23:26:40 [plugin.c:1238] 0 plugin(s) enabled
24/Dec/2018 23:26:40 [nprobe.c:8422] Each flow is 82 bytes long
24/Dec/2018 23:26:40 [nprobe.c:8423] The # flows per packet has been set
to 16
24/Dec/2018 23:26:40 [nprobe.c:8426] IP TOS is accounted
24/Dec/2018 23:26:40 [nprobe.c:8452] Non IPv4/v6 traffic is discarded
according to the template
24/Dec/2018 23:26:40 [nprobe.c:9231] Flows ASs will not be computed
(missing libmxminddb support)
24/Dec/2018 23:26:40 [nprobe.c:9334] Not capturing packet from interface
(collector mode)
24/Dec/2018 23:26:40 [util.c:4719] Initializing ZMQ as client
24/Dec/2018 23:26:40 [util.c:4738] Exporting flows towards ZMQ endpoint
tcp://127.0.0.1:5556
24/Dec/2018 23:26:40 [collect.c:142] Flow collector listening on port
2055 (IPv4/v6)
24/Dec/2018 23:26:40 [nprobe.c:9582] nProbe started successfully
24/Dec/2018 23:30:26 [nprobe.c:567] Received shutdown request...
[signal: 2]
24/Dec/2018 23:30:27 [nprobe.c:6317] Flushing active flows
24/Dec/2018 23:30:27 [engine.c:3169] About to flush hash (threadId 0)
24/Dec/2018 23:30:27 [engine.c:3171] Completed hash walk (thread 0)
==================================================================================

Assistance greatly appreciated.

Best,

Johan.


On 2018-12-24 20:50, technical@mcw.org.za wrote:
> Hi Emanuele,
>
> Both below Windows CMD terminals run as Administrator:
>
> C:\Program Files\ntopng>ntopng /c i -i tcp://*:5556c
>
> =============================================
> Starting ntopng
> Running ntopng.
> 24/Dec/2018 20:39:33 [Ntop.cpp:1545] Setting local networks to
> 127.0.0.0/8
> 24/Dec/2018 20:39:33 [Redis.cpp:132] Successfully connected to redis
> 127.0.0.1@0
> 24/Dec/2018 20:39:33 [Redis.cpp:132] Successfully connected to redis
> 127.0.0.1@0
> 24/Dec/2018 20:39:33 [NtopPro.cpp:310] [LICENSE] Reading license from
> Redis
> 24/Dec/2018 20:39:33 [NtopPro.cpp:451] WARNING: [LICENSE] Invalid or
> missing license
> 24/Dec/2018 20:39:33 [NtopPro.cpp:468] WARNING: [LICENSE] ntopng will
> now run in enterprise edition for 10 minutes
> 24/Dec/2018 20:39:33 [NtopPro.cpp:470] WARNING: [LICENSE] before
> returning to community mode
> 24/Dec/2018 20:39:33 [NtopPro.cpp:472] WARNING: [LICENSE] You can buy
> a permanent license at http://shop.ntop.org
> 24/Dec/2018 20:39:33 [NtopPro.cpp:474] WARNING: [LICENSE] or run
> ntopng in community mode starting
> 24/Dec/2018 20:39:33 [NtopPro.cpp:475] WARNING: [LICENSE] ntopng
> --community
> 24/Dec/2018 20:39:34 [CollectorInterface.cpp:66] ERROR: Unable to bind
> to ZMQ endpoint tcp://*:5556 [collector]
> 24/Dec/2018 20:39:35 [main.cpp:239] ERROR: An exception occurred
> during tcp://*:5556c interface creation[2]: No such file or directory
> 24/Dec/2018 20:39:35 [main.cpp:293] ERROR: Startup error: missing
> super-user privileges ?
>
> C:\Program Files\ntopng>ntopng /c i -i tcp://*:5556c
> Starting ntopng
> Running ntopng.
> 24/Dec/2018 20:40:36 [Ntop.cpp:1545] Setting local networks to
> 127.0.0.0/8
> 24/Dec/2018 20:40:36 [Redis.cpp:132] Successfully connected to redis
> 127.0.0.1@0
> 24/Dec/2018 20:40:36 [Redis.cpp:132] Successfully connected to redis
> 127.0.0.1@0
> 24/Dec/2018 20:40:36 [NtopPro.cpp:310] [LICENSE] Reading license from
> Redis
> 24/Dec/2018 20:40:36 [NtopPro.cpp:451] WARNING: [LICENSE] Invalid or
> missing license
> 24/Dec/2018 20:40:36 [NtopPro.cpp:468] WARNING: [LICENSE] ntopng will
> now run in enterprise edition for 10 minutes
> 24/Dec/2018 20:40:36 [NtopPro.cpp:470] WARNING: [LICENSE] before
> returning to community mode
> 24/Dec/2018 20:40:36 [NtopPro.cpp:472] WARNING: [LICENSE] You can buy
> a permanent license at http://shop.ntop.org
> 24/Dec/2018 20:40:36 [NtopPro.cpp:474] WARNING: [LICENSE] or run
> ntopng in community mode starting
> 24/Dec/2018 20:40:36 [NtopPro.cpp:475] WARNING: [LICENSE] ntopng
> --community
> 24/Dec/2018 20:40:37 [CollectorInterface.cpp:66] ERROR: Unable to bind
> to ZMQ endpoint tcp://*:5556 [collector]
> 24/Dec/2018 20:40:37 [main.cpp:239] ERROR: An exception occurred
> during tcp://*:5556c interface creation[2]: No such file or directory
> 24/Dec/2018 20:40:37 [main.cpp:293] ERROR: Startup error: missing
> super-user privileges ?
> ================================================
>
> C:\Program Files\nProbe>nprobe /c my_nprobe --zmq
> "tcp://<192.168.88.2>:5556" --zmq-probe-mode -i none -n none
> --collector-port 2055 -T "@NTOPNG@"
>
> ============================================================
> Running nProbe for Windows.
> 24/Dec/2018 20:41:38 [nprobe.c:4168] Valid nProbe license found
> 24/Dec/2018 20:41:38 [nprobe.c:6092] WARNING: The output interfaceId
> is set to 0: did you forget to use -Q perhaps ?
> 24/Dec/2018 20:41:38 [nprobe.c:6095] WARNING: The input interfaceId is
> set to 0: did you forget to use -u perhaps ?
> 24/Dec/2018 20:41:38 [nprobe.c:6182] Welcome to nProbe v.8.6.181004
> ($Revision: 4384 $) for Windows
> 24/Dec/2018 20:41:38 [nprobe.c:6192] Running on Windows
> 24/Dec/2018 20:41:38 [nprobe.c:6203] [LICENSE] nProbe SystemId:
> 2152224034-9206A1D8
> 24/Dec/2018 20:41:38 [nprobe.c:6270] Sample rate [packet: 1][flow
> collection/export: 1/1]
> 24/Dec/2018 20:41:38 [nprobe.c:8966] Welcome to nProbe v.8.6.181004 for
> Windows
> 24/Dec/2018 20:41:38 [nprobe.c:7870] WARNING: Adding
> %EXPORTER_IPV4_ADDRESS to the template as nProbe is working as
> collector
> 24/Dec/2018 20:41:38 [nprobe.c:7976] Using NetFlow Packet Payload Len:
> 1472
> 24/Dec/2018 20:41:38 [nprobe.c:7906] @NTOPNG@ expanded to " %L7_PROTO
> %IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_SRC_PORT %L4_DST_PORT %IPV6_SRC_ADDR
> %IPV6_DST_ADDR %IP_PROTOCOL_VERSION %PROTOCOL %IN_BYTES %IN_PKTS
> %OUT_BYTES %OUT_PKTS %FIRST_SWITCHED %LAST_SWITCHED %SRC_VLAN
> %EXPORTER_IPV4_ADDRESS"
> 24/Dec/2018 20:41:38 [plugin.c:1238] 0 plugin(s) enabled
> 24/Dec/2018 20:41:38 [nprobe.c:8422] Each flow is 82 bytes long
> 24/Dec/2018 20:41:38 [nprobe.c:8423] The # flows per packet has been
> set to 16
> 24/Dec/2018 20:41:38 [nprobe.c:8426] IP TOS is accounted
> 24/Dec/2018 20:41:38 [nprobe.c:8452] Non IPv4/v6 traffic is discarded
> according to the template
> 24/Dec/2018 20:41:38 [nprobe.c:9231] Flows ASs will not be computed
> (missing libmxminddb support)
> 24/Dec/2018 20:41:38 [nprobe.c:9334] Not capturing packet from
> interface (collector mode)
> 24/Dec/2018 20:41:38 [util.c:4719] Initializing ZMQ as client
> 24/Dec/2018 20:41:38 [util.c:4736] ERROR: Unable to export flows
> towards ZMQ endpoint tcp://<192.168.88.2>:5556: Invalid argument
> 24/Dec/2018 20:41:38 [collect.c:142] Flow collector listening on port
> 2055 (IPv4/v6)
> 24/Dec/2018 20:41:38 [nprobe.c:9582] nProbe started successfully
> 24/Dec/2018 20:46:29 [nprobe.c:567] Received shutdown request...
> [signal: 2]
> 24/Dec/2018 20:46:29 [nprobe.c:6317] Flushing active flows
> 24/Dec/2018 20:46:31 [nprobe.c:3127] Processed packets: 0 (max bucket
> search: 0)
> 24/Dec/2018 20:46:31 [nprobe.c:3110] Fragment queue length: 0
> 24/Dec/2018 20:46:31 [nprobe.c:3137] Flow collection stats:
> [collected pkts: 0][processed flows: 0]
> 24/Dec/2018 20:46:31 [nprobe.c:3140] Flow export stats: [0
> bytes/0 pkts][0 flows/0 pkts sent]
> 24/Dec/2018 20:46:31 [nprobe.c:3146] Flow export drop stats: [0
> bytes/0 pkts][0 flows]
> 24/Dec/2018 20:46:31 [nprobe.c:3151] Total flow stats: [0
> bytes/0 pkts][0 flows/0 pkts sent]
> ====================================================================
>
> Am not sure what to do / try form here, assistance appreciated,
>
> Best,
>
> Johan.
>
>
> On 2018-12-24 16:02, Emanuele Faranda wrote:
>> Hi,
>>
>> Please try to replace /i with /c so that you can see the commands
>> output.
>>
>> Regards,
>>
>> Emanuele
>>
>> On 12/24/18 12:17 AM, technical@mcw.org.za wrote:
>>> Update to the below, as per what Ive posted to the mailing list:
>>>
>>> We have Multiple nProbe sites with Mikrotik routers, and want to send
>>> flows to one remote ntopng instance running on a Windows machine.
>>>
>>> Starting with the local site all behind the same Firewall / on same
>>> LAN:
>>>
>>> Mikrotik is setup to send NetFlow to the IP of the host running
>>> nprobe & ntopng: 192.168.88.2
>>>
>>> ntopng started as service with the below CMD:
>>>
>>> ntopng /i -i tcp://*:5556c
>>>
>>> And nprobe with:
>>>
>>> nprobe /i my_nprobe --zmq "tcp://<192.168.88.2>:5556"
>>> --zmq-probe-mode -i none -n none --collector-port 2055 -T "@NTOPNG@"
>>>
>>> As per the steps outlined here:
>>>
>>> https://www.ntop.org/nprobe/best-practices-for-the-collection-of-flows-with-ntopng-and-nprobe/
>>> However ntopng when loaded shows only:
>>>
>>> No packet has been received yet on interface tcp://*:5556c. Please
>>> wait 6 seconds until this page reloads.
>>>
>>> Have also tried the steps outlined below to no avail:
>>>
>>> https://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/
>>>
>>> Any help greatly appreciated,
>>>
>>> Johan.
>>>
>>>
>>>
>>>
>>>
>>> On 2018-12-23 13:12, technical@mcw.org.za wrote:
>>>> Hi there,
>>>>
>>>> We have one simple requirement:
>>>>
>>>> To accurately record how much bandwidth each user is using, across
>>>> our
>>>> several sites, over a day / week / month / year. Realtime data nice
>>>> to
>>>> have but not necessary.
>>>>
>>>> I say 'simple requirement' however having tried many ways to achieve
>>>> this over years its been anything but simple. (For us anyhow.)
>>>>
>>>> With ntopng now being able to record historical data we're feeling
>>>> encouraged to try ntop again.
>>>>
>>>> As such we've acquired the needed licenses, instructed our Mikrotik
>>>> to
>>>> send NetFlow to the Windows PC running nProbe & ntopng, and created
>>>> the needed license file.
>>>>
>>>> However I cannot figure out how to start nprobe service to capture
>>>> the
>>>> Mikrotik flows and send them to ntopng.
>>>>
>>>> What are the correct Windows cmd's to start nprobe & ntopng, to
>>>> capture NetFlow from Mikrotik please?
>>>>
>>>> Lots of tutorials like the one below for starting on Linux but no so
>>>> much on Windows:
>>>>
>>>> https://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/
>>>> We seem to need the Windows equivalent of the below however:
>>>>
>>>> nprobe -i none -n none -3 2055 --zmq tcp://127.0.0.1:1234
>>>> ntopng -i tcp://127.0.0.1:1234
>>>>
>>>> Help greatly appreciated,
>>>>
>>>> Best,
>>>>
>>>> Johan.
>>>>
>>>> _______________________________________________
>>>> Ntop mailing list
>>>> Ntop@listgateway.unipi.it
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: How to Analyse MikroTik Traffic Using nprobe -> ntopng on Windows [ In reply to ]
faranda at ntop
Dec 26, 2018, 5:46 AM
Post #7 of 8 (1889 views)
Permalink
Hi,

This could be a timeout issue. Please try to add the following options
to nprobe:

    --disable-cache

    --zmq-disable-buffering

Please also review the flow timeout in the ntopng cache preferences.

Regards,

Emanuele

On 12/24/18 10:32 PM, technical@mcw.org.za wrote:
> Update to prev mail:
>
> Starting ntopng with:
>
> ntopng /c -i tcp://*:5556c
>
> and nprobe with:
>
> nprobe /c --zmq "tcp://127.0.0.1:5556" --zmq-probe-mode -i none -n
> none --collector-port 2055 -T "@NTOPNG@"
>
> Results in traffic being parsed to GUI running on:
>
> http://127.0.0.1:3000/lua/hosts_stats.lua
>
> However when selecting Hosts, Filter Hosts, Local Hosts, it outputs:
> No results found, yet we can see some of our local IPs listed under
> Hosts (main menu).
>
> Our primary requirement right now is analyzing / recording LAN users
> internet bandwidth usage.
>
> C:\Program Files\ntopng>ntopng /c -i tcp://*:5556c
>
> ===================================================================
> Starting ntopng
> Running ntopng.
> 24/Dec/2018 23:26:30 [Ntop.cpp:1545] Setting local networks to
> 127.0.0.0/8
> 24/Dec/2018 23:26:30 [Redis.cpp:132] Successfully connected to redis
> 127.0.0.1@0
> 24/Dec/2018 23:26:30 [Redis.cpp:132] Successfully connected to redis
> 127.0.0.1@0
> 24/Dec/2018 23:26:30 [NtopPro.cpp:310] [LICENSE] Reading license from
> Redis
> 24/Dec/2018 23:26:30 [NtopPro.cpp:451] WARNING: [LICENSE] Invalid or
> missing license
> 24/Dec/2018 23:26:30 [NtopPro.cpp:468] WARNING: [LICENSE] ntopng will
> now run in enterprise edition for 10 minutes
> 24/Dec/2018 23:26:30 [NtopPro.cpp:470] WARNING: [LICENSE] before
> returning to community mode
> 24/Dec/2018 23:26:30 [NtopPro.cpp:472] WARNING: [LICENSE] You can buy
> a permanent license at http://shop.ntop.org
> 24/Dec/2018 23:26:30 [NtopPro.cpp:474] WARNING: [LICENSE] or run
> ntopng in community mode starting
> 24/Dec/2018 23:26:30 [NtopPro.cpp:475] WARNING: [LICENSE] ntopng
> --community
> 24/Dec/2018 23:26:30 [Ntop.cpp:1639] Registered interface
> tcp://*:5556c [id: 9]
> 24/Dec/2018 23:26:31 [HTTPserver.cpp:945] HTTPS Disabled: missing SSL
> certificate C:\Program Files\ntopng\httpdocs/ssl/ntopng-cert.pem
> 24/Dec/2018 23:26:31 [HTTPserver.cpp:947] Please read
> https://github.com/ntop/ntopng/blob/dev/doc/README.SSL if you want to
> enable SSL.
> 24/Dec/2018 23:26:31 [HTTPserver.cpp:1114] Web server dirs [C:\Program
> Files\ntopng\httpdocs][C:\Program Files\ntopng\scripts]
> 24/Dec/2018 23:26:31 [HTTPserver.cpp:1117] HTTP server listening on 3000
> 24/Dec/2018 23:26:31 [main.cpp:393] Working directory:
> Z:\Cloud\OneDrive\MyPC\Documents\ntopng
> 24/Dec/2018 23:26:31 [main.cpp:395] Scripts/HTML pages directory:
> C:\Program Files\ntopng
> 24/Dec/2018 23:26:31 [Ntop.cpp:390] Welcome to ntopng x64 v.3.7.180929
> - (C) 1998-18 ntop.org
> 24/Dec/2018 23:26:31 [Ntop.cpp:400] Built on Windows
> 24/Dec/2018 23:26:31 [NtopPro.cpp:633] [LICENSE] System Id:
> 2152224034-9206A1D8
> 24/Dec/2018 23:26:31 [NtopPro.cpp:634] [LICENSE] Edition: Enterprise
> 24/Dec/2018 23:26:31 [NtopPro.cpp:635] [LICENSE] License Type:
> Time-Limited License
> 24/Dec/2018 23:26:31 [NtopPro.cpp:644] [LICENSE] Validity: Until Mon
> Dec 24 23:36:30 2018
> 24/Dec/2018 23:26:31 [PeriodicActivities.cpp:68] Started periodic
> activities loop...
> 24/Dec/2018 23:26:32 [PeriodicActivities.cpp:109] Each periodic
> activity script will use 2 threads
> 24/Dec/2018 23:26:32 [NetworkInterface.cpp:2581] Started packet
> polling on interface tcp://*:5556c [id: 9]...
> 24/Dec/2018 23:26:32 [CollectorInterface.cpp:122] Collecting flows on
> tcp://*:5556c
> ======================================================================================
>
>
> C:\Program Files\nProbe>nprobe /c --zmq "tcp://127.0.0.1:5556"
> --zmq-probe-mode -i none -n none --collector-port 2055 -T "@NTOPNG@"
>
> ==============================================================================
>
> Running nProbe for Windows.
> 24/Dec/2018 23:26:40 [nprobe.c:4168] Valid nProbe license found
> 24/Dec/2018 23:26:40 [nprobe.c:6092] WARNING: The output interfaceId
> is set to 0: did you forget to use -Q perhaps ?
> 24/Dec/2018 23:26:40 [nprobe.c:6095] WARNING: The input interfaceId is
> set to 0: did you forget to use -u perhaps ?
> 24/Dec/2018 23:26:40 [nprobe.c:6182] Welcome to nProbe v.8.6.181004
> ($Revision: 4384 $) for Windows
> 24/Dec/2018 23:26:40 [nprobe.c:6192] Running on Windows
> 24/Dec/2018 23:26:40 [nprobe.c:6203] [LICENSE] nProbe SystemId:
> 2152224034-9206A1D8
> 24/Dec/2018 23:26:40 [nprobe.c:6270] Sample rate [packet: 1][flow
> collection/export: 1/1]
> 24/Dec/2018 23:26:40 [nprobe.c:8966] Welcome to nProbe v.8.6.181004
> for Windows
> 24/Dec/2018 23:26:40 [nprobe.c:7870] WARNING: Adding
> %EXPORTER_IPV4_ADDRESS to the template as nProbe is working as collector
> 24/Dec/2018 23:26:40 [nprobe.c:7976] Using NetFlow Packet Payload Len:
> 1472
> 24/Dec/2018 23:26:40 [nprobe.c:7906] @NTOPNG@ expanded to " %L7_PROTO
> %IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_SRC_PORT %L4_DST_PORT %IPV6_SRC_ADDR
> %IPV6_DST_ADDR %IP_PROTOCOL_VERSION %PROTOCOL %IN_BYTES %IN_PKTS
> %OUT_BYTES %OUT_PKTS %FIRST_SWITCHED %LAST_SWITCHED %SRC_VLAN 
> %EXPORTER_IPV4_ADDRESS"
> 24/Dec/2018 23:26:40 [plugin.c:1238] 0 plugin(s) enabled
> 24/Dec/2018 23:26:40 [nprobe.c:8422] Each flow is 82 bytes long
> 24/Dec/2018 23:26:40 [nprobe.c:8423] The # flows per packet has been
> set to 16
> 24/Dec/2018 23:26:40 [nprobe.c:8426] IP TOS is accounted
> 24/Dec/2018 23:26:40 [nprobe.c:8452] Non IPv4/v6 traffic is discarded
> according to the template
> 24/Dec/2018 23:26:40 [nprobe.c:9231] Flows ASs will not be computed
> (missing libmxminddb support)
> 24/Dec/2018 23:26:40 [nprobe.c:9334] Not capturing packet from
> interface (collector mode)
> 24/Dec/2018 23:26:40 [util.c:4719] Initializing ZMQ as client
> 24/Dec/2018 23:26:40 [util.c:4738] Exporting flows towards ZMQ
> endpoint tcp://127.0.0.1:5556
> 24/Dec/2018 23:26:40 [collect.c:142] Flow collector listening on port
> 2055 (IPv4/v6)
> 24/Dec/2018 23:26:40 [nprobe.c:9582] nProbe started successfully
> 24/Dec/2018 23:30:26 [nprobe.c:567] Received shutdown request...
> [signal: 2]
> 24/Dec/2018 23:30:27 [nprobe.c:6317] Flushing active flows
> 24/Dec/2018 23:30:27 [engine.c:3169] About to flush hash (threadId 0)
> 24/Dec/2018 23:30:27 [engine.c:3171] Completed hash walk (thread 0)
> ==================================================================================
>
>
> Assistance greatly appreciated.
>
> Best,
>
> Johan.
>
>
> On 2018-12-24 20:50, technical@mcw.org.za wrote:
>> Hi Emanuele,
>>
>> Both below Windows CMD terminals run as Administrator:
>>
>> C:\Program Files\ntopng>ntopng /c i -i tcp://*:5556c
>>
>> =============================================
>> Starting ntopng
>> Running ntopng.
>> 24/Dec/2018 20:39:33 [Ntop.cpp:1545] Setting local networks to
>> 127.0.0.0/8
>> 24/Dec/2018 20:39:33 [Redis.cpp:132] Successfully connected to redis
>> 127.0.0.1@0
>> 24/Dec/2018 20:39:33 [Redis.cpp:132] Successfully connected to redis
>> 127.0.0.1@0
>> 24/Dec/2018 20:39:33 [NtopPro.cpp:310] [LICENSE] Reading license from
>> Redis
>> 24/Dec/2018 20:39:33 [NtopPro.cpp:451] WARNING: [LICENSE] Invalid or
>> missing license
>> 24/Dec/2018 20:39:33 [NtopPro.cpp:468] WARNING: [LICENSE] ntopng will
>> now run in enterprise edition for 10 minutes
>> 24/Dec/2018 20:39:33 [NtopPro.cpp:470] WARNING: [LICENSE] before
>> returning to community mode
>> 24/Dec/2018 20:39:33 [NtopPro.cpp:472] WARNING: [LICENSE] You can buy
>> a permanent license at http://shop.ntop.org
>> 24/Dec/2018 20:39:33 [NtopPro.cpp:474] WARNING: [LICENSE] or run
>> ntopng in community mode starting
>> 24/Dec/2018 20:39:33 [NtopPro.cpp:475] WARNING: [LICENSE] ntopng
>> --community
>> 24/Dec/2018 20:39:34 [CollectorInterface.cpp:66] ERROR: Unable to bind
>> to ZMQ endpoint tcp://*:5556 [collector]
>> 24/Dec/2018 20:39:35 [main.cpp:239] ERROR: An exception occurred
>> during tcp://*:5556c interface creation[2]: No such file or directory
>> 24/Dec/2018 20:39:35 [main.cpp:293] ERROR: Startup error: missing
>> super-user privileges ?
>>
>> C:\Program Files\ntopng>ntopng /c i -i tcp://*:5556c
>> Starting ntopng
>> Running ntopng.
>> 24/Dec/2018 20:40:36 [Ntop.cpp:1545] Setting local networks to
>> 127.0.0.0/8
>> 24/Dec/2018 20:40:36 [Redis.cpp:132] Successfully connected to redis
>> 127.0.0.1@0
>> 24/Dec/2018 20:40:36 [Redis.cpp:132] Successfully connected to redis
>> 127.0.0.1@0
>> 24/Dec/2018 20:40:36 [NtopPro.cpp:310] [LICENSE] Reading license from
>> Redis
>> 24/Dec/2018 20:40:36 [NtopPro.cpp:451] WARNING: [LICENSE] Invalid or
>> missing license
>> 24/Dec/2018 20:40:36 [NtopPro.cpp:468] WARNING: [LICENSE] ntopng will
>> now run in enterprise edition for 10 minutes
>> 24/Dec/2018 20:40:36 [NtopPro.cpp:470] WARNING: [LICENSE] before
>> returning to community mode
>> 24/Dec/2018 20:40:36 [NtopPro.cpp:472] WARNING: [LICENSE] You can buy
>> a permanent license at http://shop.ntop.org
>> 24/Dec/2018 20:40:36 [NtopPro.cpp:474] WARNING: [LICENSE] or run
>> ntopng in community mode starting
>> 24/Dec/2018 20:40:36 [NtopPro.cpp:475] WARNING: [LICENSE] ntopng
>> --community
>> 24/Dec/2018 20:40:37 [CollectorInterface.cpp:66] ERROR: Unable to bind
>> to ZMQ endpoint tcp://*:5556 [collector]
>> 24/Dec/2018 20:40:37 [main.cpp:239] ERROR: An exception occurred
>> during tcp://*:5556c interface creation[2]: No such file or directory
>> 24/Dec/2018 20:40:37 [main.cpp:293] ERROR: Startup error: missing
>> super-user privileges ?
>> ================================================
>>
>> C:\Program Files\nProbe>nprobe /c my_nprobe --zmq
>> "tcp://<192.168.88.2>:5556" --zmq-probe-mode -i none -n none
>> --collector-port 2055 -T "@NTOPNG@"
>>
>> ============================================================
>> Running nProbe for Windows.
>> 24/Dec/2018 20:41:38 [nprobe.c:4168] Valid nProbe license found
>> 24/Dec/2018 20:41:38 [nprobe.c:6092] WARNING: The output interfaceId
>> is set to 0: did you forget to use -Q perhaps ?
>> 24/Dec/2018 20:41:38 [nprobe.c:6095] WARNING: The input interfaceId is
>> set to 0: did you forget to use -u perhaps ?
>> 24/Dec/2018 20:41:38 [nprobe.c:6182] Welcome to nProbe v.8.6.181004
>> ($Revision: 4384 $) for Windows
>> 24/Dec/2018 20:41:38 [nprobe.c:6192] Running on Windows
>> 24/Dec/2018 20:41:38 [nprobe.c:6203] [LICENSE] nProbe SystemId:
>> 2152224034-9206A1D8
>> 24/Dec/2018 20:41:38 [nprobe.c:6270] Sample rate [packet: 1][flow
>> collection/export: 1/1]
>> 24/Dec/2018 20:41:38 [nprobe.c:8966] Welcome to nProbe v.8.6.181004
>> for Windows
>> 24/Dec/2018 20:41:38 [nprobe.c:7870] WARNING: Adding
>> %EXPORTER_IPV4_ADDRESS to the template as nProbe is working as
>> collector
>> 24/Dec/2018 20:41:38 [nprobe.c:7976] Using NetFlow Packet Payload
>> Len: 1472
>> 24/Dec/2018 20:41:38 [nprobe.c:7906] @NTOPNG@ expanded to " %L7_PROTO
>> %IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_SRC_PORT %L4_DST_PORT %IPV6_SRC_ADDR
>> %IPV6_DST_ADDR %IP_PROTOCOL_VERSION %PROTOCOL %IN_BYTES %IN_PKTS
>> %OUT_BYTES %OUT_PKTS %FIRST_SWITCHED %LAST_SWITCHED %SRC_VLAN
>> %EXPORTER_IPV4_ADDRESS"
>> 24/Dec/2018 20:41:38 [plugin.c:1238] 0 plugin(s) enabled
>> 24/Dec/2018 20:41:38 [nprobe.c:8422] Each flow is 82 bytes long
>> 24/Dec/2018 20:41:38 [nprobe.c:8423] The # flows per packet has been
>> set to 16
>> 24/Dec/2018 20:41:38 [nprobe.c:8426] IP TOS is accounted
>> 24/Dec/2018 20:41:38 [nprobe.c:8452] Non IPv4/v6 traffic is discarded
>> according to the template
>> 24/Dec/2018 20:41:38 [nprobe.c:9231] Flows ASs will not be computed
>> (missing libmxminddb support)
>> 24/Dec/2018 20:41:38 [nprobe.c:9334] Not capturing packet from
>> interface (collector mode)
>> 24/Dec/2018 20:41:38 [util.c:4719] Initializing ZMQ as client
>> 24/Dec/2018 20:41:38 [util.c:4736] ERROR: Unable to export flows
>> towards ZMQ endpoint tcp://<192.168.88.2>:5556: Invalid argument
>> 24/Dec/2018 20:41:38 [collect.c:142] Flow collector listening on port
>> 2055 (IPv4/v6)
>> 24/Dec/2018 20:41:38 [nprobe.c:9582] nProbe started successfully
>> 24/Dec/2018 20:46:29 [nprobe.c:567] Received shutdown request...
>> [signal: 2]
>> 24/Dec/2018 20:46:29 [nprobe.c:6317] Flushing active flows
>> 24/Dec/2018 20:46:31 [nprobe.c:3127] Processed packets: 0 (max bucket
>> search: 0)
>> 24/Dec/2018 20:46:31 [nprobe.c:3110] Fragment queue length: 0
>> 24/Dec/2018 20:46:31 [nprobe.c:3137] Flow collection stats:
>> [collected pkts: 0][processed flows: 0]
>> 24/Dec/2018 20:46:31 [nprobe.c:3140] Flow export stats:      [0
>> bytes/0 pkts][0 flows/0 pkts sent]
>> 24/Dec/2018 20:46:31 [nprobe.c:3146] Flow export drop stats: [0
>> bytes/0 pkts][0 flows]
>> 24/Dec/2018 20:46:31 [nprobe.c:3151] Total flow stats:       [0
>> bytes/0 pkts][0 flows/0 pkts sent]
>> ====================================================================
>>
>> Am not sure what to do / try form here, assistance appreciated,
>>
>> Best,
>>
>> Johan.
>>
>>
>> On 2018-12-24 16:02, Emanuele Faranda wrote:
>>> Hi,
>>>
>>> Please try to replace /i with /c so that you can see the commands
>>> output.
>>>
>>> Regards,
>>>
>>> Emanuele
>>>
>>> On 12/24/18 12:17 AM, technical@mcw.org.za wrote:
>>>> Update to the below, as per what Ive posted to the mailing list:
>>>>
>>>> We have Multiple nProbe sites with Mikrotik routers, and want to
>>>> send flows to one remote ntopng instance running on a Windows machine.
>>>>
>>>> Starting with the local site all behind the same Firewall / on same
>>>> LAN:
>>>>
>>>> Mikrotik is setup to send NetFlow to the IP of the host running
>>>> nprobe & ntopng: 192.168.88.2
>>>>
>>>> ntopng started as service with the below CMD:
>>>>
>>>> ntopng /i -i tcp://*:5556c
>>>>
>>>> And nprobe with:
>>>>
>>>> nprobe /i my_nprobe --zmq "tcp://<192.168.88.2>:5556"
>>>> --zmq-probe-mode -i none -n none --collector-port 2055 -T "@NTOPNG@"
>>>>
>>>> As per the steps outlined here:
>>>>
>>>> https://www.ntop.org/nprobe/best-practices-for-the-collection-of-flows-with-ntopng-and-nprobe/
>>>> However ntopng when loaded shows only:
>>>>
>>>> No packet has been received yet on interface tcp://*:5556c. Please
>>>> wait 6 seconds until this page reloads.
>>>>
>>>> Have also tried the steps outlined below to no avail:
>>>>
>>>> https://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/
>>>>
>>>>
>>>> Any help greatly appreciated,
>>>>
>>>> Johan.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 2018-12-23 13:12, technical@mcw.org.za wrote:
>>>>> Hi there,
>>>>>
>>>>> We have one simple requirement:
>>>>>
>>>>> To accurately record how much bandwidth each user is using, across
>>>>> our
>>>>> several sites, over a day / week / month / year. Realtime data
>>>>> nice to
>>>>> have but not necessary.
>>>>>
>>>>> I say 'simple requirement' however having tried many ways to achieve
>>>>> this over years its been anything but simple. (For us anyhow.)
>>>>>
>>>>> With ntopng now being able to record historical data we're feeling
>>>>> encouraged to try ntop again.
>>>>>
>>>>> As such we've acquired the needed licenses, instructed our
>>>>> Mikrotik to
>>>>> send NetFlow to the Windows PC running nProbe & ntopng, and created
>>>>> the needed license file.
>>>>>
>>>>> However I cannot figure out how to start nprobe service to capture
>>>>> the
>>>>> Mikrotik flows and send them to ntopng.
>>>>>
>>>>> What are the correct Windows cmd's to start nprobe & ntopng, to
>>>>> capture NetFlow from Mikrotik please?
>>>>>
>>>>> Lots of tutorials like the one below for starting on Linux but no so
>>>>> much on Windows:
>>>>>
>>>>> https://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/
>>>>> We seem to need the Windows equivalent of the below however:
>>>>>
>>>>> nprobe -i none -n none -3 2055 --zmq tcp://127.0.0.1:1234
>>>>> ntopng -i tcp://127.0.0.1:1234
>>>>>
>>>>> Help greatly appreciated,
>>>>>
>>>>> Best,
>>>>>
>>>>> Johan.
>>>>>
>>>>> _______________________________________________
>>>>> Ntop mailing list
>>>>> Ntop@listgateway.unipi.it
>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>> _______________________________________________
>>>> Ntop mailing list
>>>> Ntop@listgateway.unipi.it
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: How to Analyse MikroTik Traffic Using nprobe -> ntopng on Windows [ In reply to ]
mainardi at ntop
Dec 27, 2018, 1:34 AM
Post #8 of 8 (1888 views)
Permalink
> On 24 Dec 2018, at 22:32, technical@mcw.org.za wrote:
>
> Update to prev mail:
>
> Starting ntopng with:
>
> ntopng /c -i tcp://*:5556c
>
> and nprobe with:
>
> nprobe /c --zmq "tcp://127.0.0.1:5556" --zmq-probe-mode -i none -n none --collector-port 2055 -T "@NTOPNG@"
>
> Results in traffic being parsed to GUI running on:
>
> http://127.0.0.1:3000/lua/hosts_stats.lua
>
> However when selecting Hosts, Filter Hosts, Local Hosts, it outputs: No results found, yet we can see some of our local IPs listed under Hosts (main menu).


use ntopng option -m to list your local networks.

For example, if your local addresses are 192.168.1.0/24 use -m 192.168.1.0/24

a comma-separated list is accepted as well.

Finally, do NOT cross-post in the ML and on GitHub (https://github.com/ntop/ntopng/issues/2268 <https://github.com/ntop/ntopng/issues/2268>). Community people do not need to read the same thing more than 1 time.

>
> Our primary requirement right now is analyzing / recording LAN users internet bandwidth usage.
>
> C:\Program Files\ntopng>ntopng /c -i tcp://*:5556c
>
> ===================================================================
> Starting ntopng
> Running ntopng.
> 24/Dec/2018 23:26:30 [Ntop.cpp:1545] Setting local networks to 127.0.0.0/8
> 24/Dec/2018 23:26:30 [Redis.cpp:132] Successfully connected to redis 127.0.0.1@0
> 24/Dec/2018 23:26:30 [Redis.cpp:132] Successfully connected to redis 127.0.0.1@0
> 24/Dec/2018 23:26:30 [NtopPro.cpp:310] [LICENSE] Reading license from Redis
> 24/Dec/2018 23:26:30 [NtopPro.cpp:451] WARNING: [LICENSE] Invalid or missing license
> 24/Dec/2018 23:26:30 [NtopPro.cpp:468] WARNING: [LICENSE] ntopng will now run in enterprise edition for 10 minutes
> 24/Dec/2018 23:26:30 [NtopPro.cpp:470] WARNING: [LICENSE] before returning to community mode
> 24/Dec/2018 23:26:30 [NtopPro.cpp:472] WARNING: [LICENSE] You can buy a permanent license at http://shop.ntop.org
> 24/Dec/2018 23:26:30 [NtopPro.cpp:474] WARNING: [LICENSE] or run ntopng in community mode starting
> 24/Dec/2018 23:26:30 [NtopPro.cpp:475] WARNING: [LICENSE] ntopng --community
> 24/Dec/2018 23:26:30 [Ntop.cpp:1639] Registered interface tcp://*:5556c [id: 9]
> 24/Dec/2018 23:26:31 [HTTPserver.cpp:945] HTTPS Disabled: missing SSL certificate C:\Program Files\ntopng\httpdocs/ssl/ntopng-cert.pem
> 24/Dec/2018 23:26:31 [HTTPserver.cpp:947] Please read https://github.com/ntop/ntopng/blob/dev/doc/README.SSL if you want to enable SSL.
> 24/Dec/2018 23:26:31 [HTTPserver.cpp:1114] Web server dirs [C:\Program Files\ntopng\httpdocs][C:\Program Files\ntopng\scripts]
> 24/Dec/2018 23:26:31 [HTTPserver.cpp:1117] HTTP server listening on 3000
> 24/Dec/2018 23:26:31 [main.cpp:393] Working directory: Z:\Cloud\OneDrive\MyPC\Documents\ntopng
> 24/Dec/2018 23:26:31 [main.cpp:395] Scripts/HTML pages directory: C:\Program Files\ntopng
> 24/Dec/2018 23:26:31 [Ntop.cpp:390] Welcome to ntopng x64 v.3.7.180929 - (C) 1998-18 ntop.org
> 24/Dec/2018 23:26:31 [Ntop.cpp:400] Built on Windows
> 24/Dec/2018 23:26:31 [NtopPro.cpp:633] [LICENSE] System Id: 2152224034-9206A1D8
> 24/Dec/2018 23:26:31 [NtopPro.cpp:634] [LICENSE] Edition: Enterprise
> 24/Dec/2018 23:26:31 [NtopPro.cpp:635] [LICENSE] License Type: Time-Limited License
> 24/Dec/2018 23:26:31 [NtopPro.cpp:644] [LICENSE] Validity: Until Mon Dec 24 23:36:30 2018
> 24/Dec/2018 23:26:31 [PeriodicActivities.cpp:68] Started periodic activities loop...
> 24/Dec/2018 23:26:32 [PeriodicActivities.cpp:109] Each periodic activity script will use 2 threads
> 24/Dec/2018 23:26:32 [NetworkInterface.cpp:2581] Started packet polling on interface tcp://*:5556c [id: 9]...
> 24/Dec/2018 23:26:32 [CollectorInterface.cpp:122] Collecting flows on tcp://*:5556c
> ======================================================================================
>
> C:\Program Files\nProbe>nprobe /c --zmq "tcp://127.0.0.1:5556" --zmq-probe-mode -i none -n none --collector-port 2055 -T "@NTOPNG@"
>
> ==============================================================================
> Running nProbe for Windows.
> 24/Dec/2018 23:26:40 [nprobe.c:4168] Valid nProbe license found
> 24/Dec/2018 23:26:40 [nprobe.c:6092] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ?
> 24/Dec/2018 23:26:40 [nprobe.c:6095] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ?
> 24/Dec/2018 23:26:40 [nprobe.c:6182] Welcome to nProbe v.8.6.181004 ($Revision: 4384 $) for Windows
> 24/Dec/2018 23:26:40 [nprobe.c:6192] Running on Windows
> 24/Dec/2018 23:26:40 [nprobe.c:6203] [LICENSE] nProbe SystemId: 2152224034-9206A1D8
> 24/Dec/2018 23:26:40 [nprobe.c:6270] Sample rate [packet: 1][flow collection/export: 1/1]
> 24/Dec/2018 23:26:40 [nprobe.c:8966] Welcome to nProbe v.8.6.181004 for Windows
> 24/Dec/2018 23:26:40 [nprobe.c:7870] WARNING: Adding %EXPORTER_IPV4_ADDRESS to the template as nProbe is working as collector
> 24/Dec/2018 23:26:40 [nprobe.c:7976] Using NetFlow Packet Payload Len: 1472
> 24/Dec/2018 23:26:40 [nprobe.c:7906] @NTOPNG@ expanded to " %L7_PROTO %IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_SRC_PORT %L4_DST_PORT %IPV6_SRC_ADDR %IPV6_DST_ADDR %IP_PROTOCOL_VERSION %PROTOCOL %IN_BYTES %IN_PKTS %OUT_BYTES %OUT_PKTS %FIRST_SWITCHED %LAST_SWITCHED %SRC_VLAN %EXPORTER_IPV4_ADDRESS"
> 24/Dec/2018 23:26:40 [plugin.c:1238] 0 plugin(s) enabled
> 24/Dec/2018 23:26:40 [nprobe.c:8422] Each flow is 82 bytes long
> 24/Dec/2018 23:26:40 [nprobe.c:8423] The # flows per packet has been set to 16
> 24/Dec/2018 23:26:40 [nprobe.c:8426] IP TOS is accounted
> 24/Dec/2018 23:26:40 [nprobe.c:8452] Non IPv4/v6 traffic is discarded according to the template
> 24/Dec/2018 23:26:40 [nprobe.c:9231] Flows ASs will not be computed (missing libmxminddb support)
> 24/Dec/2018 23:26:40 [nprobe.c:9334] Not capturing packet from interface (collector mode)
> 24/Dec/2018 23:26:40 [util.c:4719] Initializing ZMQ as client
> 24/Dec/2018 23:26:40 [util.c:4738] Exporting flows towards ZMQ endpoint tcp://127.0.0.1:5556
> 24/Dec/2018 23:26:40 [collect.c:142] Flow collector listening on port 2055 (IPv4/v6)
> 24/Dec/2018 23:26:40 [nprobe.c:9582] nProbe started successfully
> 24/Dec/2018 23:30:26 [nprobe.c:567] Received shutdown request... [signal: 2]
> 24/Dec/2018 23:30:27 [nprobe.c:6317] Flushing active flows
> 24/Dec/2018 23:30:27 [engine.c:3169] About to flush hash (threadId 0)
> 24/Dec/2018 23:30:27 [engine.c:3171] Completed hash walk (thread 0)
> ==================================================================================
>
> Assistance greatly appreciated.
>
> Best,
>
> Johan.
>
>
> On 2018-12-24 20:50, technical@mcw.org.za wrote:
>> Hi Emanuele,
>> Both below Windows CMD terminals run as Administrator:
>> C:\Program Files\ntopng>ntopng /c i -i tcp://*:5556c
>> =============================================
>> Starting ntopng
>> Running ntopng.
>> 24/Dec/2018 20:39:33 [Ntop.cpp:1545] Setting local networks to 127.0.0.0/8
>> 24/Dec/2018 20:39:33 [Redis.cpp:132] Successfully connected to redis 127.0.0.1@0
>> 24/Dec/2018 20:39:33 [Redis.cpp:132] Successfully connected to redis 127.0.0.1@0
>> 24/Dec/2018 20:39:33 [NtopPro.cpp:310] [LICENSE] Reading license from Redis
>> 24/Dec/2018 20:39:33 [NtopPro.cpp:451] WARNING: [LICENSE] Invalid or
>> missing license
>> 24/Dec/2018 20:39:33 [NtopPro.cpp:468] WARNING: [LICENSE] ntopng will
>> now run in enterprise edition for 10 minutes
>> 24/Dec/2018 20:39:33 [NtopPro.cpp:470] WARNING: [LICENSE] before
>> returning to community mode
>> 24/Dec/2018 20:39:33 [NtopPro.cpp:472] WARNING: [LICENSE] You can buy
>> a permanent license at http://shop.ntop.org
>> 24/Dec/2018 20:39:33 [NtopPro.cpp:474] WARNING: [LICENSE] or run
>> ntopng in community mode starting
>> 24/Dec/2018 20:39:33 [NtopPro.cpp:475] WARNING: [LICENSE] ntopng --community
>> 24/Dec/2018 20:39:34 [CollectorInterface.cpp:66] ERROR: Unable to bind
>> to ZMQ endpoint tcp://*:5556 [collector]
>> 24/Dec/2018 20:39:35 [main.cpp:239] ERROR: An exception occurred
>> during tcp://*:5556c interface creation[2]: No such file or directory
>> 24/Dec/2018 20:39:35 [main.cpp:293] ERROR: Startup error: missing
>> super-user privileges ?
>> C:\Program Files\ntopng>ntopng /c i -i tcp://*:5556c
>> Starting ntopng
>> Running ntopng.
>> 24/Dec/2018 20:40:36 [Ntop.cpp:1545] Setting local networks to 127.0.0.0/8
>> 24/Dec/2018 20:40:36 [Redis.cpp:132] Successfully connected to redis 127.0.0.1@0
>> 24/Dec/2018 20:40:36 [Redis.cpp:132] Successfully connected to redis 127.0.0.1@0
>> 24/Dec/2018 20:40:36 [NtopPro.cpp:310] [LICENSE] Reading license from Redis
>> 24/Dec/2018 20:40:36 [NtopPro.cpp:451] WARNING: [LICENSE] Invalid or
>> missing license
>> 24/Dec/2018 20:40:36 [NtopPro.cpp:468] WARNING: [LICENSE] ntopng will
>> now run in enterprise edition for 10 minutes
>> 24/Dec/2018 20:40:36 [NtopPro.cpp:470] WARNING: [LICENSE] before
>> returning to community mode
>> 24/Dec/2018 20:40:36 [NtopPro.cpp:472] WARNING: [LICENSE] You can buy
>> a permanent license at http://shop.ntop.org
>> 24/Dec/2018 20:40:36 [NtopPro.cpp:474] WARNING: [LICENSE] or run
>> ntopng in community mode starting
>> 24/Dec/2018 20:40:36 [NtopPro.cpp:475] WARNING: [LICENSE] ntopng --community
>> 24/Dec/2018 20:40:37 [CollectorInterface.cpp:66] ERROR: Unable to bind
>> to ZMQ endpoint tcp://*:5556 [collector]
>> 24/Dec/2018 20:40:37 [main.cpp:239] ERROR: An exception occurred
>> during tcp://*:5556c interface creation[2]: No such file or directory
>> 24/Dec/2018 20:40:37 [main.cpp:293] ERROR: Startup error: missing
>> super-user privileges ?
>> ================================================
>> C:\Program Files\nProbe>nprobe /c my_nprobe --zmq
>> "tcp://<192.168.88.2>:5556" --zmq-probe-mode -i none -n none
>> --collector-port 2055 -T "@NTOPNG@"
>> ============================================================
>> Running nProbe for Windows.
>> 24/Dec/2018 20:41:38 [nprobe.c:4168] Valid nProbe license found
>> 24/Dec/2018 20:41:38 [nprobe.c:6092] WARNING: The output interfaceId
>> is set to 0: did you forget to use -Q perhaps ?
>> 24/Dec/2018 20:41:38 [nprobe.c:6095] WARNING: The input interfaceId is
>> set to 0: did you forget to use -u perhaps ?
>> 24/Dec/2018 20:41:38 [nprobe.c:6182] Welcome to nProbe v.8.6.181004
>> ($Revision: 4384 $) for Windows
>> 24/Dec/2018 20:41:38 [nprobe.c:6192] Running on Windows
>> 24/Dec/2018 20:41:38 [nprobe.c:6203] [LICENSE] nProbe SystemId:
>> 2152224034-9206A1D8
>> 24/Dec/2018 20:41:38 [nprobe.c:6270] Sample rate [packet: 1][flow
>> collection/export: 1/1]
>> 24/Dec/2018 20:41:38 [nprobe.c:8966] Welcome to nProbe v.8.6.181004 for Windows
>> 24/Dec/2018 20:41:38 [nprobe.c:7870] WARNING: Adding
>> %EXPORTER_IPV4_ADDRESS to the template as nProbe is working as
>> collector
>> 24/Dec/2018 20:41:38 [nprobe.c:7976] Using NetFlow Packet Payload Len: 1472
>> 24/Dec/2018 20:41:38 [nprobe.c:7906] @NTOPNG@ expanded to " %L7_PROTO
>> %IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_SRC_PORT %L4_DST_PORT %IPV6_SRC_ADDR
>> %IPV6_DST_ADDR %IP_PROTOCOL_VERSION %PROTOCOL %IN_BYTES %IN_PKTS
>> %OUT_BYTES %OUT_PKTS %FIRST_SWITCHED %LAST_SWITCHED %SRC_VLAN
>> %EXPORTER_IPV4_ADDRESS"
>> 24/Dec/2018 20:41:38 [plugin.c:1238] 0 plugin(s) enabled
>> 24/Dec/2018 20:41:38 [nprobe.c:8422] Each flow is 82 bytes long
>> 24/Dec/2018 20:41:38 [nprobe.c:8423] The # flows per packet has been set to 16
>> 24/Dec/2018 20:41:38 [nprobe.c:8426] IP TOS is accounted
>> 24/Dec/2018 20:41:38 [nprobe.c:8452] Non IPv4/v6 traffic is discarded
>> according to the template
>> 24/Dec/2018 20:41:38 [nprobe.c:9231] Flows ASs will not be computed
>> (missing libmxminddb support)
>> 24/Dec/2018 20:41:38 [nprobe.c:9334] Not capturing packet from
>> interface (collector mode)
>> 24/Dec/2018 20:41:38 [util.c:4719] Initializing ZMQ as client
>> 24/Dec/2018 20:41:38 [util.c:4736] ERROR: Unable to export flows
>> towards ZMQ endpoint tcp://<192.168.88.2>:5556: Invalid argument
>> 24/Dec/2018 20:41:38 [collect.c:142] Flow collector listening on port
>> 2055 (IPv4/v6)
>> 24/Dec/2018 20:41:38 [nprobe.c:9582] nProbe started successfully
>> 24/Dec/2018 20:46:29 [nprobe.c:567] Received shutdown request... [signal: 2]
>> 24/Dec/2018 20:46:29 [nprobe.c:6317] Flushing active flows
>> 24/Dec/2018 20:46:31 [nprobe.c:3127] Processed packets: 0 (max bucket search: 0)
>> 24/Dec/2018 20:46:31 [nprobe.c:3110] Fragment queue length: 0
>> 24/Dec/2018 20:46:31 [nprobe.c:3137] Flow collection stats:
>> [collected pkts: 0][processed flows: 0]
>> 24/Dec/2018 20:46:31 [nprobe.c:3140] Flow export stats: [0
>> bytes/0 pkts][0 flows/0 pkts sent]
>> 24/Dec/2018 20:46:31 [nprobe.c:3146] Flow export drop stats: [0
>> bytes/0 pkts][0 flows]
>> 24/Dec/2018 20:46:31 [nprobe.c:3151] Total flow stats: [0
>> bytes/0 pkts][0 flows/0 pkts sent]
>> ====================================================================
>> Am not sure what to do / try form here, assistance appreciated,
>> Best,
>> Johan.
>> On 2018-12-24 16:02, Emanuele Faranda wrote:
>>> Hi,
>>> Please try to replace /i with /c so that you can see the commands output.
>>> Regards,
>>> Emanuele
>>> On 12/24/18 12:17 AM, technical@mcw.org.za wrote:
>>>> Update to the below, as per what Ive posted to the mailing list:
>>>> We have Multiple nProbe sites with Mikrotik routers, and want to send flows to one remote ntopng instance running on a Windows machine.
>>>> Starting with the local site all behind the same Firewall / on same LAN:
>>>> Mikrotik is setup to send NetFlow to the IP of the host running nprobe & ntopng: 192.168.88.2
>>>> ntopng started as service with the below CMD:
>>>> ntopng /i -i tcp://*:5556c
>>>> And nprobe with:
>>>> nprobe /i my_nprobe --zmq "tcp://<192.168.88.2>:5556" --zmq-probe-mode -i none -n none --collector-port 2055 -T "@NTOPNG@"
>>>> As per the steps outlined here:
>>>> https://www.ntop.org/nprobe/best-practices-for-the-collection-of-flows-with-ntopng-and-nprobe/ However ntopng when loaded shows only:
>>>> No packet has been received yet on interface tcp://*:5556c. Please wait 6 seconds until this page reloads.
>>>> Have also tried the steps outlined below to no avail:
>>>> https://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/
>>>> Any help greatly appreciated,
>>>> Johan.
>>>> On 2018-12-23 13:12, technical@mcw.org.za wrote:
>>>>> Hi there,
>>>>> We have one simple requirement:
>>>>> To accurately record how much bandwidth each user is using, across our
>>>>> several sites, over a day / week / month / year. Realtime data nice to
>>>>> have but not necessary.
>>>>> I say 'simple requirement' however having tried many ways to achieve
>>>>> this over years its been anything but simple. (For us anyhow.)
>>>>> With ntopng now being able to record historical data we're feeling
>>>>> encouraged to try ntop again.
>>>>> As such we've acquired the needed licenses, instructed our Mikrotik to
>>>>> send NetFlow to the Windows PC running nProbe & ntopng, and created
>>>>> the needed license file.
>>>>> However I cannot figure out how to start nprobe service to capture the
>>>>> Mikrotik flows and send them to ntopng.
>>>>> What are the correct Windows cmd's to start nprobe & ntopng, to
>>>>> capture NetFlow from Mikrotik please?
>>>>> Lots of tutorials like the one below for starting on Linux but no so
>>>>> much on Windows:
>>>>> https://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/ We seem to need the Windows equivalent of the below however:
>>>>> nprobe -i none -n none -3 2055 --zmq tcp://127.0.0.1:1234
>>>>> ntopng -i tcp://127.0.0.1:1234
>>>>> Help greatly appreciated,
>>>>> Best,
>>>>> Johan.
>>>>> _______________________________________________
>>>>> Ntop mailing list
>>>>> Ntop@listgateway.unipi.it
>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>> _______________________________________________
>>>> Ntop mailing list
>>>> Ntop@listgateway.unipi.it
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal