Hi, see below On Wed, Jul 27, 2016 at 4:04 PM, <[email protected]> wrote:
> Hi Simone, > > We've been able to get ntopng to work by bridging the two ethernet > interfaces using the raspbian operating system instead of through ntopng. > > We're able to get the correct data by running the following command line: > > ntopng -i br0 -m "192.168.99.0/24" > > We're now trying to get ntopng on the raspberry pi to send the data to an > offsite pc running ntopng as well (currently we're testing this locally > between a raspberry pi and a windows laptop). > > It appears we're able to get them to talk to each other but the data shown > on the windows laptop (receiver) is not showing all data while the > raspberry pi appears to be showing all data. It also takes a while to > update. > > The command we're running on the raspberry pi is: > > ntopng -i br0 -m "192.168.99.0/24" -I tcp://*3456 --zmq-encrypt-pwd > TestPass > > On the windows laptop the command we're running is: > > ntopng /c -i tcp://<local address of raspberry pi>:3456 --zmq-encrypt-pwd > TestPass > > Are these the correct commands to run so that the windows laptop receives > the data from the raspberry pi so that we can setup the raspberry pi onsite > and view the data via our windows laptop (keep in mind we would adjust the > address of the raspberry pi to the wan address of the site it's at when > onsite)? > Commands look correct. Also see this tutorial post: http://www.ntop.org/ntopng/creating-a-hierarchical-cluster-of-ntopng-instances/ Note that you should expect some delay on the windows ntopng as flows are exported once expired. This is natural and part of the design. > > If not can you provide the correct full command line to achieve this for > both the windows laptop and raspberry pi? > > We also noticed that while running it like this the windows laptop console > reports "Collecting flows on tcp://<local address of raspberry pi>:3456 > [ntopng->nprobe]" Does this mean it's expecting an nprobe on the raspberry > pi or is this information incorrect? > this is normal you don't have to worry > > It is possible to pull data from an offsite ntopng to a local ntopng, no > nprobes needed? > yes you already did that > > Is it possible to adjust how often the offsite ntopng updates it's > information to our ntopng install? > You don't have to tune this. Delays experienced are due to the fact that flows are exported once expired. > > > Thanks for the assistance. > > > CTSG > > > > Quoting Simone Mainardi <[email protected]>: > > Hi, >> >> On Mon, Jul 25, 2016 at 2:55 PM, <[email protected]> wrote: >> >> >>> Hi Simone, >>> >>> -Would the PI3 would be OK for a full 24mbps ADSL2+ connection if placed >>> between the modem and the first switch in series at full speed? >>> >>> >> I would say yes although I recommend you to do some testing. >> >> >> >>> -I understand the PI3 would work using mirror port on the switch, but for >>> customers without a managed switch what steps, if any are required to >>> make >>> the PI3 work in series like the EdgeRouter. I would add 2x ethernet >>> adapters. 1 for modem, 1 for switch and 1 for management if required and >>> any config steps? >>> >>> >> in that case, I would set the rpi with a bridge interface >> -i<modem>,<switch> so that you can intercept all internet traffic and use >> the management interface to control the rpi >> >> >> >>> -I plan on using only ntopng at all sites using PI3s with a licensed >>> version at our office with individual adapters configured for each >>> off-site >>> ntopng. >>> >>> -Im hoping the PI3 in series will not slow down connections up above >>> 100mbps? In which case it would be future proof for our up coming >>> national >>> internet connections upgrades and could be used in series between the >>> modem >>> and the switch. I guess the only way to achieve this, if a slow down is >>> present is using a managed switch and mirror port. >>> >>> -If a slow down is present as above, and the PI3 is used via a mirror >>> port >>> and not in series, does it provide a full ntopng experience or are the >>> flow >>> etc limited? >>> >>> >> if ntopng is used in passive mode, that is, it receives traffic from a >> mirror port, then it won't affect network performance at all. >> >> >> >>> -I notice the command for the PI3 starts nprobe also. I will be trying to >>> use ntopng on the PI3 without nprobe if possible. Is the paid nprobe >>> required for the ability to use the PI3 in series between the modem and >>> the >>> switch? >>> >>> >> no it is not required, you can just use ntopng. >> >> >> >>> Thank you! >>> >>> >>> CTSG >>> >>> >>> >>> Quoting Simone Mainardi <[email protected]>: >>> >>> Hi, >>> >>>> >>>> >>>> On Sat, Jul 23, 2016 at 4:10 PM, <[email protected]> wrote: >>>> >>>> Thank you very much Simone, >>>> >>>>> >>>>> Currently we are not using nProbe and did not see any SMB traffic. I >>>>> will >>>>> test this again on Monday but we have the ntopng installed on a 20+ PC >>>>> network and did not see any SMB traffic. >>>>> >>>>> OK Thank you 1 license move is allow. We better confirm the hardware we >>>>> would like to use as the server before purchasing. >>>>> >>>>> Our Goal is: >>>>> >>>>> We run a small business IT support company. I would like to put remote >>>>> probes at approx 5 to 10 customer locations to monitor their network as >>>>> they are often limited to 6 to 10mbps internet connections. We are >>>>> looking >>>>> to monitor high bandwidth users. >>>>> >>>>> -If ntopng is used at remote locations does it support encryption of >>>>> the >>>>> data like nprobe? >>>>> >>>>> >>>>> yes, see option >>>> --zmq-encrypt-pwd <pwd> | Encrypt the ZMQ data using the >>>> specified password >>>> >>>> >>>> >>>> -Would you recommend a pi3, UBNT EdgeRouter or a PC to be used for the >>>>> remote probes to provide a good full speed service? >>>>> >>>>> >>>>> for 6-10Mbps all the options are good. >>>> >>>> >>>> >>>> -I am assuming the EdgeRouter does not need a switch with a mirror port >>>>> and would act in series between the modem and the first switch? >>>>> >>>>> >>>> >>>> correct, this is a common way to place the edge router. In this way you >>>> will be able to catch all the traffic from (and to) the internet. Other >>>> additional setups are possible using the same edge router. >>>> >>>> Note that only nprobe is presently available for the edgerouters. >>>> >>>> >>>> Does the Pi3 with extra Ethernet adapters act the same or do they >>>> require >>>> >>>>> a mirror port attached? >>>>> >>>>> >>>>> You should be able to use the rpi3 as if it was an edgerouter provided >>>> you >>>> add an extra ethernet adapter. >>>> >>>> >>>> >>>> -When using a pi3 or UBNT EdgeRouter do they slow the network down? >>>>> >>>>> >>>>> Typically no. Clearly this depends on the traffic. For 6-10Mbps no slow >>>> down will be perceived. >>>> >>>> >>>> >>>> -If ntopng does support encryption and we are not needing flow data, do >>>>> we >>>>> use the community version on all of the remote sites and collect this >>>>> data >>>>> with a licensed version at our office? Or when using ntopng at remote >>>>> sites >>>>> instead of the nprobe is a license required? >>>>> >>>>> >>>>> you may want to use a licensed version of ntopng at your office to have >>>> extra features such as reporting and a realtime dashboard. However this >>>> is >>>> not strictly necessary and you can implement your solution using just >>>> community versions. >>>> >>>> >>>> >>>> I like the software and the output so i am just trying to sort out which >>>>> versions are best used and the hardware required. >>>>> >>>>> Once i have the remote sites planned and hardware selected what email >>>>> should i use to discuss license orders? >>>>> >>>>> >>>> >>>> you can use the contact form on the ntopng website. Your email will be >>>> routed properly. >>>> >>>> >>>> >>>> >>>>> Thank you >>>>> >>>>> CTSG >>>>> >>>>> >>>>> Quoting Simone Mainardi <[email protected]>: >>>>> >>>>> Hi, see below inserted reply >>>>> >>>>> >>>>>> On Fri, Jul 22, 2016 at 5:30 AM, <[email protected]> wrote: >>>>>> >>>>>> Hi Simone, >>>>>> >>>>>> >>>>>>> Thank you again for your time. >>>>>>> >>>>>>> We have defined the local network and also the correct adapter on the >>>>>>> service. We now have usable current data. Though we do notice ntop >>>>>>> does >>>>>>> not >>>>>>> seem to be capturing any local SMB traffic. So if we copy a large >>>>>>> file >>>>>>> from >>>>>>> 1 PC to another on the same subnet it doesn't seem to show anywhere >>>>>>> in >>>>>>> ntop. I see an old reference to IP Mon section with local to local >>>>>>> traffics >>>>>>> in help guides but i cannot find any such data when making the file >>>>>>> copy. >>>>>>> Also no flows or devices represent the amount of data or speed we are >>>>>>> transferring. >>>>>>> >>>>>>> >>>>>>> If you are using ntopng in combination with nProbe, then this is >>>>>>> >>>>>> normal. >>>>>> File transfert are typically long-flows and nProbe will wait flow >>>>>> completion before reporting that data to ntopng. You can tune nProbe >>>>>> export >>>>>> frequency using : >>>>>> >>>>>> [--lifetime-timeout|-t] <timeout> | It specifies the maximum >>>>>> (seconds) >>>>>> flow >>>>>> | lifetime [default=120] >>>>>> [--idle-timeout|-d] <timeout> | It specifies the maximum >>>>>> (seconds) >>>>>> flow >>>>>> | idle lifetime [default=30] >>>>>> >>>>>> >>>>>> >>>>>> Small Business License: From looking it appears this is tied to the >>>>>> >>>>>>> hardware? If we change the PC running ntop do we need to purchase >>>>>>> another >>>>>>> license? or just request a new key? >>>>>>> >>>>>>> >>>>>>> license is tied to the hardware. We may allow up to une hardware >>>>>>> switch >>>>>>> >>>>>> per >>>>>> license but this has to be decided on a case-by-case basis. >>>>>> >>>>>> >>>>>> >>>>>> We want to use ntop on cheap a laptop for now until looking at >>>>>> embedded >>>>>> >>>>>>> style devices. >>>>>>> >>>>>>> >>>>>>> that's fine. Did you know you can also run ntopng on embedded devices >>>>>>> >>>>>> such >>>>>> as ARM (raspberry pi), MIPSEL, etc.? >>>>>> >>>>>> >>>>>> >>>>>> Thank you >>>>>> >>>>>>> >>>>>>> >>>>>>> CTSG >>>>>>> >>>>>>> >>>>>>> >>>>>>> Quoting Simone Mainardi <[email protected]>: >>>>>>> >>>>>>> Hi, see below >>>>>>> >>>>>>> >>>>>>> On Thu, Jul 21, 2016 at 1:42 AM, <[email protected]> wrote: >>>>>>>> >>>>>>>> Hi Simone, >>>>>>>> >>>>>>>> >>>>>>>> Thank you for your time. >>>>>>>>> >>>>>>>>> Thank you. We would like the best possible data from the capture so >>>>>>>>> we >>>>>>>>> should at least check the outcome using nProbe. >>>>>>>>> >>>>>>>>> We are using version 2.4.270616 >>>>>>>>> >>>>>>>>> I had a look through the interface to see if any configuration >>>>>>>>> needed >>>>>>>>> to >>>>>>>>> be pointed to local network. Can you advise what config you were >>>>>>>>> referring >>>>>>>>> to please? >>>>>>>>> >>>>>>>>> >>>>>>>>> see option -m >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> If we would like to try nProbe using a Windows PC could you please >>>>>>>> >>>>>>>> provide >>>>>>>>> the install commands to get both services talking on the same >>>>>>>>> required >>>>>>>>> port >>>>>>>>> etc. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> here is a good example >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> http://www.ntop.org/ntopng/creating-a-hierarchical-cluster-of-ntopng-instances/ >>>>>>>> there are just few small differences in the way you execute the >>>>>>>> command >>>>>>>> on >>>>>>>> windows. This is documented in the manual. >>>>>>>> >>>>>>>> >>>>>>>> Will only mainly be used off mirror ports on a single subnet with >>>>>>>> both >>>>>>>> >>>>>>>> probe and ntopng on the same host. Rarely will we be looking at >>>>>>>> >>>>>>>>> anything >>>>>>>>> more than a single switch and network when using ntopng. >>>>>>>>> >>>>>>>>> Thank you again >>>>>>>>> >>>>>>>>> CTSG >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Quoting Simone Mainardi <[email protected]>: >>>>>>>>> >>>>>>>>> Hi, please see below >>>>>>>>> >>>>>>>>> >>>>>>>>> On Wed, Jul 20, 2016 at 7:05 AM, <[email protected]> wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Hi All, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> We would like to use ntopng installed on a windows laptop >>>>>>>>>> connected >>>>>>>>>> >>>>>>>>>>> to >>>>>>>>>>> a >>>>>>>>>>> mirror port on a network switch to monitor and report on network >>>>>>>>>>> traffic >>>>>>>>>>> to >>>>>>>>>>> determine issues across the network. >>>>>>>>>>> >>>>>>>>>>> Using ntopng connected to a switch port with mirror configured; >>>>>>>>>>> is >>>>>>>>>>> nProbe >>>>>>>>>>> required? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> it is not strictly necessary in your case. Provided that you >>>>>>>>>>> don't >>>>>>>>>>> need >>>>>>>>>>> >>>>>>>>>>> deep packet dissection features (e.g., to dissect DNSm BGP, VoIP, >>>>>>>>>>> >>>>>>>>>> etc), >>>>>>>>>> then ntopng may suffice. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> We appear to still get some flows shown in ntopng with nprobe >>>>>>>>>> removed >>>>>>>>>> but >>>>>>>>>> >>>>>>>>>> i'm not positive the flow data is complete. Also I notice the >>>>>>>>>> >>>>>>>>>> interface >>>>>>>>>>> total bandwidth graph at the bottom of the pages is not >>>>>>>>>>> displaying >>>>>>>>>>> any >>>>>>>>>>> data. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> - update ntopng to version >= 2.4 >>>>>>>>>>> >>>>>>>>>>> - make sure to define local networks in the configuration >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Could someone please let us know the basic setup for a >Smart >>>>>>>>>> >>>>>>>>>> Switch>?nprobe?>ntopng>Windows laptop. >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> if you are mirroring a switch port, then nprobe is not strictly >>>>>>>>>>> >>>>>>>>>>> necessary >>>>>>>>>>> >>>>>>>>>> provided that you don't need information extracted by nprobe >>>>>>>>>> plugins >>>>>>>>>> http://www.ntop.org/products/netflow/nprobe/ >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Is nProbe only required when trying to source data from a netflow >>>>>>>>>> or >>>>>>>>>> >>>>>>>>>> sflow >>>>>>>>>> >>>>>>>>>>> compatible router device? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> this is just one case. nprobe is required also for deep traffic >>>>>>>>>>> >>>>>>>>>>> dissection >>>>>>>>>>> >>>>>>>>>> features. It is also useful to decouple monitoring from >>>>>>>>>> visualization. >>>>>>>>>> For >>>>>>>>>> example, you can deploy multiple nprobes on the vantage points of >>>>>>>>>> your >>>>>>>>>> network and collect their results on a remote ntopng. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Knowing the above intended use what would be the best install >>>>>>>>>> command >>>>>>>>>> >>>>>>>>>> for >>>>>>>>>> >>>>>>>>>>> either service please? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Thank you >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> CTSG >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Ntop mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> >>>>>>>>>> Ntop mailing list >>>>>>>>> [email protected] >>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>> Ntop mailing list >>>>>>> [email protected] >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>> >>>>> >>>>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >>> > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
