Thanks, I used the windows equivalent, windump, and have added the dump to the issue I created.
Peter Shute Sent from my iPad > On 17 Aug 2016, at 7:36 PM, Luca Deri <[email protected]> wrote: > > Peter, > for dumping packets please use tcodump -s 0 -w my.pcap … or wireshark. > > Luca >> On 17 Aug 2016, at 11:28, Peter Shute <[email protected]> wrote: >> >> Thanks, should I generate the pcap file with the --dump-pkts parameter? I >> suspect with -i none that there will be nothing dumped, but I'll check. >> >> Sent from my iPad >> >>> On 17 Aug 2016, at 6:54 PM, Luca Deri <[email protected]> wrote: >>> >>> Peter >>> please file an issue on https://github.com/ntop/nProbe/issues and attach a >>> pcap file. I need to see what nprobe is receiving before commenting. Please >>> make sure you also add “-i none” >>> >>> Thanks Luca >>> >>>> On 17 Aug 2016, at 04:17, Peter Shute <[email protected]> wrote: >>>> >>>> I still haven't made any progress with this. I've now installed Wireshark, >>>> and followed these instructions to prove to myself that the NetFlow data >>>> is arriving at my PC: >>>> https://communities.ca.com/docs/DOC-231149629 >>>> >>>> So why does this command collect no data? >>>> nprobe /c -i none -n none --collector-port 9996 -V9 -P c:\temp\nprobe >>>> >>>>> -----Original Message----- >>>>> From: [email protected] [mailto:ntop-misc- >>>>> [email protected]] On Behalf Of Peter Shute >>>>> Sent: Monday, 15 August 2016 4:00 PM >>>>> To: '[email protected]' <[email protected]> >>>>> Subject: [Ntop-misc] Collecting NetFlow data with nprobe >>>>> >>>>> Our ISP has configured several internet routers to send NetFlow data on >>>>> port >>>>> 9996 to a particular machine. I have successfully configured PRTG to get >>>>> the >>>>> data to see lists of top recipients, etc, so I know this machine is >>>>> receiving the >>>>> NetFlow data ok, but it doesn't store the flows for later analysis, so >>>>> I've >>>>> disabled it. How do I configure nprobe to get the flow into a file I can >>>>> analyse? >>>>> >>>>> I'm confused about which mode nprobe needs to be used in to collect the >>>>> data. I've tried this: >>>>> nprobe /c --collector 192.168.0.203:9996 -V9 -P c:\temp\nprobe but it >>>>> seems >>>>> to be collecting local traffic. In among it, I can see that there are >>>>> flows from >>>>> the router to this machine on port 9996. What I need is the flow >>>>> information >>>>> inside those packets. >>>>> >>>>> I tried this: >>>>> nprobe /c -i none -n none --collector-port 9996 -V9 -P c:\temp\nprobe but >>>>> it >>>>> collects nothing. >>>>> >>>>> Where am I going wrong? I'm not sure if I usderstand the differences >>>>> between probe mode, collector mode and proxy mode. I need collector >>>>> mode, don't I? >>>>> >>>>> Peter Shute >>>>> _______________________________________________ >>>>> Ntop-misc mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>> _______________________________________________ >>>> Ntop-misc mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
