Hi, see below inserted reply
On Fri, Jul 22, 2016 at 5:30 AM, <[email protected]> wrote:
> Hi Simone,
>
> Thank you again for your time.
>
> We have defined the local network and also the correct adapter on the
> service. We now have usable current data. Though we do notice ntop does not
> seem to be capturing any local SMB traffic. So if we copy a large file from
> 1 PC to another on the same subnet it doesn't seem to show anywhere in
> ntop. I see an old reference to IP Mon section with local to local traffics
> in help guides but i cannot find any such data when making the file copy.
> Also no flows or devices represent the amount of data or speed we are
> transferring.
>
If you are using ntopng in combination with nProbe, then this is normal.
File transfert are typically long-flows and nProbe will wait flow
completion before reporting that data to ntopng. You can tune nProbe export
frequency using :
[--lifetime-timeout|-t] <timeout> | It specifies the maximum (seconds)
flow
| lifetime [default=120]
[--idle-timeout|-d] <timeout> | It specifies the maximum (seconds)
flow
| idle lifetime [default=30]
>
> Small Business License: From looking it appears this is tied to the
> hardware? If we change the PC running ntop do we need to purchase another
> license? or just request a new key?
>
license is tied to the hardware. We may allow up to une hardware switch per
license but this has to be decided on a case-by-case basis.
>
> We want to use ntop on cheap a laptop for now until looking at embedded
> style devices.
>
that's fine. Did you know you can also run ntopng on embedded devices such
as ARM (raspberry pi), MIPSEL, etc.?
>
> Thank you
>
>
> CTSG
>
>
>
> Quoting Simone Mainardi <[email protected]>:
>
> Hi, see below
>>
>> On Thu, Jul 21, 2016 at 1:42 AM, <[email protected]> wrote:
>>
>> Hi Simone,
>>>
>>> Thank you for your time.
>>>
>>> Thank you. We would like the best possible data from the capture so we
>>> should at least check the outcome using nProbe.
>>>
>>> We are using version 2.4.270616
>>>
>>> I had a look through the interface to see if any configuration needed to
>>> be pointed to local network. Can you advise what config you were
>>> referring
>>> to please?
>>>
>>>
>> see option -m
>>
>>
>>
>>> If we would like to try nProbe using a Windows PC could you please
>>> provide
>>> the install commands to get both services talking on the same required
>>> port
>>> etc.
>>>
>>
>>
>> here is a good example
>>
>> http://www.ntop.org/ntopng/creating-a-hierarchical-cluster-of-ntopng-instances/
>> there are just few small differences in the way you execute the command on
>> windows. This is documented in the manual.
>>
>>
>> Will only mainly be used off mirror ports on a single subnet with both
>>> probe and ntopng on the same host. Rarely will we be looking at anything
>>> more than a single switch and network when using ntopng.
>>>
>>> Thank you again
>>>
>>> CTSG
>>>
>>>
>>>
>>>
>>>
>>> Quoting Simone Mainardi <[email protected]>:
>>>
>>> Hi, please see below
>>>
>>>>
>>>> On Wed, Jul 20, 2016 at 7:05 AM, <[email protected]> wrote:
>>>>
>>>> Hi All,
>>>>
>>>>>
>>>>> We would like to use ntopng installed on a windows laptop connected to
>>>>> a
>>>>> mirror port on a network switch to monitor and report on network
>>>>> traffic
>>>>> to
>>>>> determine issues across the network.
>>>>>
>>>>> Using ntopng connected to a switch port with mirror configured; is
>>>>> nProbe
>>>>> required?
>>>>>
>>>>>
>>>>> it is not strictly necessary in your case. Provided that you don't need
>>>> deep packet dissection features (e.g., to dissect DNSm BGP, VoIP, etc),
>>>> then ntopng may suffice.
>>>>
>>>>
>>>> We appear to still get some flows shown in ntopng with nprobe removed
>>>> but
>>>>
>>>>> i'm not positive the flow data is complete. Also I notice the interface
>>>>> total bandwidth graph at the bottom of the pages is not displaying any
>>>>> data.
>>>>>
>>>>>
>>>>> - update ntopng to version >= 2.4
>>>> - make sure to define local networks in the configuration
>>>>
>>>>
>>>>
>>>> Could someone please let us know the basic setup for a >Smart
>>>>> Switch>?nprobe?>ntopng>Windows laptop.
>>>>>
>>>>>
>>>>> if you are mirroring a switch port, then nprobe is not strictly
>>>> necessary
>>>> provided that you don't need information extracted by nprobe plugins
>>>> http://www.ntop.org/products/netflow/nprobe/
>>>>
>>>>
>>>>
>>>> Is nProbe only required when trying to source data from a netflow or
>>>>> sflow
>>>>> compatible router device?
>>>>>
>>>>>
>>>>> this is just one case. nprobe is required also for deep traffic
>>>> dissection
>>>> features. It is also useful to decouple monitoring from visualization.
>>>> For
>>>> example, you can deploy multiple nprobes on the vantage points of your
>>>> network and collect their results on a remote ntopng.
>>>>
>>>>
>>>>
>>>> Knowing the above intended use what would be the best install command
>>>>> for
>>>>> either service please?
>>>>>
>>>>>
>>>>
>>>>
>>>> Thank you
>>>>>
>>>>> CTSG
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Ntop mailing list
>>>>> [email protected]
>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>>
>>>>>
>>>>>
>>>
>>> _______________________________________________
>>> Ntop mailing list
>>> [email protected]
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>
>>>
>
>
> _______________________________________________
> Ntop mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
