Mailing List Archive: ntopng + nProbe and softflowd

ntopng + nProbe and softflowd

matthias at brumm

Feb 7, 2019, 12:28 AM

Post #1 of 7 (847 views)

Hi!

At the moment I am trying to get the above setup running. softflowd is
an a PFsense, nProbe on a Raspberry and ntopng on a Debian 9 VM. I do
not get sufficiant data (only peaks of 20 to 200 Mbit/s and no stream of
traffic).

A ntopng on the PFsense is not working properly so I would like to try
this way.

Am I missing some options to calibrate the information? I left pretty
much all of it alone.

Matthias

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: ntopng + nProbe and softflowd [ In reply to ]

mainardi at ntop

Feb 7, 2019, 8:30 AM

Post #2 of 7 (846 views)

Hi Matt,

Please, show the nProbe and ntopng configurations used. Reported behavior can be normal as softflowd flow reports are periodic (eg. every minute) so it's normal if you see spiky traffic.

> On 7 Feb 2019, at 09:28, Matthias Brumm <matthias@brumm.net> wrote:
>
> Hi!
>
> At the moment I am trying to get the above setup running. softflowd is an a PFsense, nProbe on a Raspberry and ntopng on a Debian 9 VM. I do not get sufficiant data (only peaks of 20 to 200 Mbit/s and no stream of traffic).
>
> A ntopng on the PFsense is not working properly so I would like to try this way.
>
> Am I missing some options to calibrate the information? I left pretty much all of it alone.
>
> Matthias
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: ntopng + nProbe and softflowd [ In reply to ]

mainardi at ntop

Feb 7, 2019, 8:30 AM

Post #3 of 7 (846 views)

Hi Matt,

Please, show the nProbe and ntopng configurations used. Reported behavior can be normal as softflowd flow reports are periodic (eg. every minute) so it's normal if you see spiky traffic.

> On 7 Feb 2019, at 09:28, Matthias Brumm <matthias@brumm.net> wrote:
>
> Hi!
>
> At the moment I am trying to get the above setup running. softflowd is an a PFsense, nProbe on a Raspberry and ntopng on a Debian 9 VM. I do not get sufficiant data (only peaks of 20 to 200 Mbit/s and no stream of traffic).
>
> A ntopng on the PFsense is not working properly so I would like to try this way.
>
> Am I missing some options to calibrate the information? I left pretty much all of it alone.
>
> Matthias
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: ntopng + nProbe and softflowd [ In reply to ]

matthias at brumm

Feb 7, 2019, 9:33 AM

Post #4 of 7 (846 views)

Hi!

The configuration is quite minimalistic:

ntopng:

-G=/var/run/ntopng.pid
-i="tcp://192.168.224.10:5556"
-m="10.123.123.0/24,192.168.224.0/24"
--community

nprobe:

-G=/var/run/nprobe.pid
-i=none
-n=none
-3=6363
--zmq="tcp://*:5556"

For example I want to see the bandwith used by Netflix or IPTV or
something like that.

Matthias

Am 07.02.19 um 17:30 schrieb Simone Mainardi:
> Hi Matt,
>
> Please, show the nProbe and ntopng configurations used. Reported behavior can be normal as softflowd flow reports are periodic (eg. every minute) so it's normal if you see spiky traffic.
>
>> On 7 Feb 2019, at 09:28, Matthias Brumm <matthias@brumm.net> wrote:
>>
>> Hi!
>>
>> At the moment I am trying to get the above setup running. softflowd is an a PFsense, nProbe on a Raspberry and ntopng on a Debian 9 VM. I do not get sufficiant data (only peaks of 20 to 200 Mbit/s and no stream of traffic).
>>
>> A ntopng on the PFsense is not working properly so I would like to try this way.
>>
>> Am I missing some options to calibrate the information? I left pretty much all of it alone.
>>
>> Matthias
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

--
Unser Familien-Blog: https://brumm.family

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: ntopng + nProbe and softflowd [ In reply to ]

mainardi at ntop

Feb 7, 2019, 9:36 AM

Post #5 of 7 (846 views)

Everything seems OK.

You only have to keep in mind that when working with softflowd:
- flows are delayed and the traffic will look bursty as it is reported periodically
- you can't perform deep packet inspection as neither nProbe nor ntopng have access to the physical packets. This means that traffic detection will be less accurate.

> On 7 Feb 2019, at 18:33, Matthias Brumm <matthias@brumm.net> wrote:
>
> Hi!
>
> The configuration is quite minimalistic:
>
> ntopng:
>
> -G=/var/run/ntopng.pid
> -i="tcp://192.168.224.10:5556"
> -m="10.123.123.0/24,192.168.224.0/24"
> --community
>
> nprobe:
>
> -G=/var/run/nprobe.pid
> -i=none
> -n=none
> -3=6363
> --zmq="tcp://*:5556"
>
> For example I want to see the bandwith used by Netflix or IPTV or something like that.
>
> Matthias
>
> Am 07.02.19 um 17:30 schrieb Simone Mainardi:
>> Hi Matt,
>>
>> Please, show the nProbe and ntopng configurations used. Reported behavior can be normal as softflowd flow reports are periodic (eg. every minute) so it's normal if you see spiky traffic.
>>
>>> On 7 Feb 2019, at 09:28, Matthias Brumm <matthias@brumm.net> wrote:
>>>
>>> Hi!
>>>
>>> At the moment I am trying to get the above setup running. softflowd is an a PFsense, nProbe on a Raspberry and ntopng on a Debian 9 VM. I do not get sufficiant data (only peaks of 20 to 200 Mbit/s and no stream of traffic).
>>>
>>> A ntopng on the PFsense is not working properly so I would like to try this way.
>>>
>>> Am I missing some options to calibrate the information? I left pretty much all of it alone.
>>>
>>> Matthias
>>>
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>
> --
> Unser Familien-Blog: https://brumm.family
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: ntopng + nProbe and softflowd [ In reply to ]

mainardi at ntop

Feb 7, 2019, 9:36 AM

Post #6 of 7 (846 views)

Everything seems OK.

You only have to keep in mind that when working with softflowd:
- flows are delayed and the traffic will look bursty as it is reported periodically
- you can't perform deep packet inspection as neither nProbe nor ntopng have access to the physical packets. This means that traffic detection will be less accurate.

> On 7 Feb 2019, at 18:33, Matthias Brumm <matthias@brumm.net> wrote:
>
> Hi!
>
> The configuration is quite minimalistic:
>
> ntopng:
>
> -G=/var/run/ntopng.pid
> -i="tcp://192.168.224.10:5556"
> -m="10.123.123.0/24,192.168.224.0/24"
> --community
>
> nprobe:
>
> -G=/var/run/nprobe.pid
> -i=none
> -n=none
> -3=6363
> --zmq="tcp://*:5556"
>
> For example I want to see the bandwith used by Netflix or IPTV or something like that.
>
> Matthias
>
> Am 07.02.19 um 17:30 schrieb Simone Mainardi:
>> Hi Matt,
>>
>> Please, show the nProbe and ntopng configurations used. Reported behavior can be normal as softflowd flow reports are periodic (eg. every minute) so it's normal if you see spiky traffic.
>>
>>> On 7 Feb 2019, at 09:28, Matthias Brumm <matthias@brumm.net> wrote:
>>>
>>> Hi!
>>>
>>> At the moment I am trying to get the above setup running. softflowd is an a PFsense, nProbe on a Raspberry and ntopng on a Debian 9 VM. I do not get sufficiant data (only peaks of 20 to 200 Mbit/s and no stream of traffic).
>>>
>>> A ntopng on the PFsense is not working properly so I would like to try this way.
>>>
>>> Am I missing some options to calibrate the information? I left pretty much all of it alone.
>>>
>>> Matthias
>>>
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>
> --
> Unser Familien-Blog: https://brumm.family
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: ntopng + nProbe and softflowd [ In reply to ]

matthias at brumm

Feb 7, 2019, 9:39 AM

Post #7 of 7 (846 views)

Hi!

Thanks for the help. I think I will go after ntopng on the PFsense,
which is giving me pretty much everything I want, but is reporting
significant less traffic. But that could be a problem of PFsense.

Matthias

Am 07.02.19 um 18:36 schrieb Simone Mainardi:
> Everything seems OK.
>
> You only have to keep in mind that when working with softflowd:
> - flows are delayed and the traffic will look bursty as it is reported periodically
> - you can't perform deep packet inspection as neither nProbe nor ntopng have access to the physical packets. This means that traffic detection will be less accurate.
>
>
>> On 7 Feb 2019, at 18:33, Matthias Brumm <matthias@brumm.net> wrote:
>>
>> Hi!
>>
>> The configuration is quite minimalistic:
>>
>> ntopng:
>>
>> -G=/var/run/ntopng.pid
>> -i="tcp://192.168.224.10:5556"
>> -m="10.123.123.0/24,192.168.224.0/24"
>> --community
>>
>> nprobe:
>>
>> -G=/var/run/nprobe.pid
>> -i=none
>> -n=none
>> -3=6363
>> --zmq="tcp://*:5556"
>>
>> For example I want to see the bandwith used by Netflix or IPTV or something like that.
>>
>> Matthias
>>
>> Am 07.02.19 um 17:30 schrieb Simone Mainardi:
>>> Hi Matt,
>>>
>>> Please, show the nProbe and ntopng configurations used. Reported behavior can be normal as softflowd flow reports are periodic (eg. every minute) so it's normal if you see spiky traffic.
>>>
>>>> On 7 Feb 2019, at 09:28, Matthias Brumm <matthias@brumm.net> wrote:
>>>>
>>>> Hi!
>>>>
>>>> At the moment I am trying to get the above setup running. softflowd is an a PFsense, nProbe on a Raspberry and ntopng on a Debian 9 VM. I do not get sufficiant data (only peaks of 20 to 200 Mbit/s and no stream of traffic).
>>>>
>>>> A ntopng on the PFsense is not working properly so I would like to try this way.
>>>>
>>>> Am I missing some options to calibrate the information? I left pretty much all of it alone.
>>>>
>>>> Matthias
>>>>
>>>> _______________________________________________
>>>> Ntop mailing list
>>>> Ntop@listgateway.unipi.it
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>> --
>> Unser Familien-Blog: https://brumm.family
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

--
Unser Familien-Blog: https://brumm.family

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop