Hello everybody,
i have build up a virtual test environment to get familiar with flow
monitoring. I installed ntop on a server and nprobe on a gateway
(provides access to the internet). I hoped that nprobe is collecting all
the traffic/flows and send it to the ntop server. But it does not work
work me. I don't see any flows if i check it on the ntop web gui. Both
machines could ping each other and no firewall is between them.
I used the following configuration:
Ntop-server (ip-address: 194.95.66.100, interface: enp0s8):
- ntopng -i enp0s8 -i tcp://8.8.8.1:5556
Gateway (ip-address: 8.8.8.1, interface: enp0s8):
- nprobe --zmq tcp://8.8.8.1:5556 -i enp0s8 -n none -T @NTOPNG@
If i check the sockets with "ss" there is a established zmq connection
listed between this to server. I also can choose the interface
"tcp://8.8.8.1:5556" in the ntop web gui. But no traffic will be
reported to ntop. I generated traffic with iperf, which comes from a
third server. This traffic transited the gateway interface enp0s8 with
the ip address 8.8.8.1.
It is possible that i missundertood the function of nprobe? Can i use
only nprobe instead of sflow to collect flows or it is necessary to
combine them? I hope anyone could help me. Thank you very much in advance.
Regard,
Andreas
<https://dict.leo.org/german-english/misunderstood>
i have build up a virtual test environment to get familiar with flow
monitoring. I installed ntop on a server and nprobe on a gateway
(provides access to the internet). I hoped that nprobe is collecting all
the traffic/flows and send it to the ntop server. But it does not work
work me. I don't see any flows if i check it on the ntop web gui. Both
machines could ping each other and no firewall is between them.
I used the following configuration:
Ntop-server (ip-address: 194.95.66.100, interface: enp0s8):
- ntopng -i enp0s8 -i tcp://8.8.8.1:5556
Gateway (ip-address: 8.8.8.1, interface: enp0s8):
- nprobe --zmq tcp://8.8.8.1:5556 -i enp0s8 -n none -T @NTOPNG@
If i check the sockets with "ss" there is a established zmq connection
listed between this to server. I also can choose the interface
"tcp://8.8.8.1:5556" in the ntop web gui. But no traffic will be
reported to ntop. I generated traffic with iperf, which comes from a
third server. This traffic transited the gateway interface enp0s8 with
the ip address 8.8.8.1.
It is possible that i missundertood the function of nprobe? Can i use
only nprobe instead of sflow to collect flows or it is necessary to
combine them? I hope anyone could help me. Thank you very much in advance.
Regard,
Andreas
<https://dict.leo.org/german-english/misunderstood>