I still haven't made any progress with this. I've now installed Wireshark, and followed these instructions to prove to myself that the NetFlow data is arriving at my PC: https://communities.ca.com/docs/DOC-231149629
So why does this command collect no data? nprobe /c -i none -n none --collector-port 9996 -V9 -P c:\temp\nprobe > -----Original Message----- > From: [email protected] [mailto:ntop-misc- > [email protected]] On Behalf Of Peter Shute > Sent: Monday, 15 August 2016 4:00 PM > To: '[email protected]' <[email protected]> > Subject: [Ntop-misc] Collecting NetFlow data with nprobe > > Our ISP has configured several internet routers to send NetFlow data on port > 9996 to a particular machine. I have successfully configured PRTG to get the > data to see lists of top recipients, etc, so I know this machine is receiving > the > NetFlow data ok, but it doesn't store the flows for later analysis, so I've > disabled it. How do I configure nprobe to get the flow into a file I can > analyse? > > I'm confused about which mode nprobe needs to be used in to collect the > data. I've tried this: > nprobe /c --collector 192.168.0.203:9996 -V9 -P c:\temp\nprobe but it seems > to be collecting local traffic. In among it, I can see that there are flows > from > the router to this machine on port 9996. What I need is the flow information > inside those packets. > > I tried this: > nprobe /c -i none -n none --collector-port 9996 -V9 -P c:\temp\nprobe but it > collects nothing. > > Where am I going wrong? I'm not sure if I usderstand the differences > between probe mode, collector mode and proxy mode. I need collector > mode, don't I? > > Peter Shute > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
