Shahzada, Run nprobe in foreground and add options -b=2 and --debug to the configuration file:
/usr/local/bin/nprobe /etc/nprobe/nprobe-eth1.conf You should be able to see generated/exported flows in the command line if nprobe successfully captures the packets. Also please see below some configuration issues On Sun, Apr 2, 2017 at 3:31 AM, Shahzada Khurram <[email protected]> wrote: > hi, > below is my nprobe-eth1.conf information . i did as you mention but > still not working. Sir i told you that problem is ( nprobe) not capturing > packets on eth1. > > My scenario is very simple i just want traffic capturing on eth1 interface > through nprobe ( probe) and sent this traffic flows to collector (ntopng) > for analysis. Again i mention here nprobe not capturing traffic on > interface eth1. ( all i did on same machine) > > -n=none > -i=eth1 > -s=128 > -t=60 > -d=60 > -a=0 > -a not needed -e=1 > -B=10 > -w=128000 > -z=0 > -z not needed -S=1:1 > -E=0:0 > -g=/var/run/nprobe-eth1.pid > -p=1/0/0/0/0/1 > --zmq=tcp://127.0.0.1:5556 > --vlanid-as-iface-idx=none > -T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT > %IPV4_SRC_ADDR %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP > %LAST_SWITCHED %FIRST_SWITCHED > -V=9 > -V not needed --dump-stats=/var/log/nprobe/eth1-0_flows_stats.txt > > On Sat, Apr 1, 2017 at 5:49 PM, Simone Mainardi <[email protected]> wrote: > >> Hi, >> >> On Sat, Apr 1, 2017 at 7:24 AM, Shahzada Khurram <[email protected]> >> wrote: >> >>> hi Simone, >>> thanks for reply please find below detail >>> configuration, all configuration done by nbox web Gui mode. . >>> 1. independently ntopng working fine and traffic capturing working fine >>> 2. When we configure nprobe ( probe) with ntopng ( collector ) its not >>> working. >>> >>> (ntopng log ) >>> >>> 31/Mar/2017 22:17:32 Scripts/HTML pages directory: /usr/share/ntopng >>> 31/Mar/2017 22:17:32 Welcome to ntopng x86_64 v.2.4.170215 - (C) >>> 1998-2016 ntop.org >>> 31/Mar/2017 22:17:32 Built on Ubuntu 16.04.1 LTS >>> 31/Mar/2017 22:17:32 Started periodic activities loop... >>> 31/Mar/2017 22:17:32 Dumping alerts into syslog >>> 31/Mar/2017 22:17:32 [LICENSE] ntopng systemId: 3BD34B1A00660F0E >>> 31/Mar/2017 22:17:32 [LICENSE] ntopng license: 50FB086D8E0007E9944AAF3C6 >>> 31/Mar/2017 22:17:32 [LICENSE] Maintenance is available until Thu Mar >>> 29 01:48:45 2018 [362 days left] >>> 31/Mar/2017 22:17:32 Started packet polling on interface tcp:// >>> 127.0.0.1:5556 [id: 4]... >>> 31/Mar/2017 22:17:32 Collecting flows on tcp://127.0.0.1:5556 >>> [nprobe->ntopng] >>> >>> (nprobe log) >>> >>> 31/Mar/2017 22:19:07 Each flow is 63 bytes long >>> 31/Mar/2017 22:19:07 The # packets per flow has been set to 22 >>> 31/Mar/2017 22:19:07 Non IPv4/v6 traffic is discarded according to the >>> template >>> 31/Mar/2017 22:19:07 GeoIP: loaded AS config file >>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat >>> 31/Mar/2017 22:19:07 GeoIP: loaded AS IPv6 config file >>> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat >>> 31/Mar/2017 22:19:07 WARNING: Your template ignores IP addresses: your >>> collector might ignore these flows. >>> 31/Mar/2017 22:19:07 Using packet capture length 128 >>> 31/Mar/2017 22:19:07 Capturing packets from interface eth1 [snaplen: >>> 128 bytes] >>> 31/Mar/2017 22:19:07 nProbe changed user to 'nobody' >>> 31/Mar/2017 22:19:07 nProbe started successfully >>> >>> (nprobe-eth1-conf) >>> >>> -n=tcp://127.0.0.1:5556 >>> >> >> this is not OK. Collector should be empty (-n=none) or use another port >> as port 5556 is used by ntopng to listen for ZMQ packets. >> >> this option is missing: >> >> --zmq="tcp://127.0.0.1:5556" >> >> >>> -i=eth1 >>> -s=128 >>> -t=60 >>> -d=60 >>> -a=0 >>> -e=1 >>> -B=10 >>> -w=128000 >>> -z=0 >>> -S=1:1 >>> -E=0:0 >>> -g=/var/run/nprobe-eth1.pid >>> -p=1/0/0/0/0/1 >>> --zmq-probe-mode >>> >> >> If you want to use nprobe with --zmq-probe-mode then ntopng should be >> executed with -i tcp://127.0.0.1:5556c (see the c after the port). Your >> ntopng configuration doesn't have that. >> >> --vlanid-as-iface-idx=none >>> -T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT >>> %IPV4_SRC_ADDR %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP >>> %LAST_SWITCHED %FIRST_SWITCHED >>> -V=9 >>> --dump-stats=/var/log/nprobe/eth1-0_flows_stats.txt >>> >>> >>> The scenario is >>> >>> eth1 ----> nprobe (probe-Packet capturing on eth1) ------>ntopng ( >>> collector) ( all configuration on single machine) >>> >>> Problem: nprobe not capturing traffic. >>> >>> thanks in advance.. if you need further information letme know >>> >>> >>> khurram >>> >>> >>> >>> On Fri, Mar 31, 2017 at 3:51 PM, Simone Mainardi <[email protected]> >>> wrote: >>> >>>> Khurram >>>> >>>> Can you please post configurations used in both setups? >>>> >>>> On Fri, Mar 31, 2017 at 8:46 AM, Shahzada Khurram <[email protected]> >>>> wrote: >>>> >>>>> Hi, >>>>> I have installed both nprobe and ntopng at ubuntu 16.04. i want to >>>>> capture traffic on the same server on eth1 for research experimental >>>>> purpose. but the problem is when i run ntopng as interdependent its >>>>> working >>>>> fine and capturing the packet. but when i run ntopng as collector with >>>>> nprobe. nprobe not capturing traffic. is there any special setting for >>>>> nprobe. please help me for this regard. >>>>> >>>>> -- >>>>> >>>>> *Thanks & Regards,* >>>>> >>>>> * Khurram* >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ntop-misc mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Ntop-misc mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>> >>> >>> >>> >>> -- >>> >>> >>> >>> >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> > > > > -- > > *Thanks & Regards,* > > *Shahzada Khurram* | *Cell* # *0* | *Email* : *[email protected] > <[email protected]>* > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
