Felix
please see (-h) but in general the option below
[--biflows-export-policy|-N] <pol> | Bi-directional flows export policy:
| 1 - export bi-directional flows only
| 2 - export mono-directional flows only
allows you to export only biflows or uniflows. THis is not what you want to do
(export bi-directional flows). To do so please
1. in the -T use at lest the basic information elements such as protocols and
bytes. nprobe should have reported this in the startup log
2. you need to use both IN and OUT as in the example below
nprobe -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %IN_PKTS %IN_BYTES %OUT_PKTS
%OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS
%PROTOCOL ..."
Regards Luca
@Simone: please fix the nProbe manual
> On 23 Aug 2017, at 11:27, Felix Erlacher <[email protected]> wrote:
>
> Dear ntop team,
>
> I am using nprobe pro (8.1.170821) with the http plugin.
> The nprobe manual (8.1) states that to force flows to be bidirectional
> one should use the "--bi-directional" switch.
> If I run:
>
> sudo nprobe -n tcp://10.0.0.2:4740 -i /mynetworktrace.pcap
> --bi-directional -V10 -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %PROTOCOL
> %L4_SRC_PORT %L4_DST_PORT %FIRST_SWITCHED %LAST_SWITCHED %HTTP_URL
> %HTTP_METHOD"
>
> it works fine but no IPFIX biflows are exported and the output says
> "nprobe: unrecognized option '--bi-directional'".
> I also tried adding the "--biflows-export-policy 2" switch to the above
> command, but still the above "unrecognized option" error appears.
>
> Am I missing something obvious?
> Are there any other options to export IPFIX biflows?
>
> thanks and regards
>
> Felix
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
