I am currently working with nprobe - a new user.
nProbe v.7.4.160623 (r4597) for WindowsI am specifically interested in capturing the snmp index number associated with flows
My startup:
C:\Program Files\nProbe>nprobe /c -nf-collector-port 2055 -D t
-P E:\nprobe
Running nProbe for Windows.
31/Oct/2016 13:05:57 [nprobe.c:3404] Valid nProbe Pro license found
31/Oct/2016 13:05:57 [nprobe.c:4867] WARNING: The output
interfaceId is set to 0: did you forget to use -Q perhaps ?
31/Oct/2016 13:05:57 [nprobe.c:4870] WARNING: The input
interfaceId is set to 0: did you forget to use -u perhaps ?
31/Oct/2016 13:05:57 [nprobe.c:4970] Welcome to nProbe Pro
v.7.4.160623 ($Revision: 4384 $) for Windows
31/Oct/2016 13:05:57 [nprobe.c:4980] Running on Windows
31/Oct/2016 13:05:57 [nprobe.c:4991] [LICENSE] nProbe SystemId:
2364757858-76046ad1
31/Oct/2016 13:05:57 [nprobe.c:50http://listgateway.unipi.it/75]
Dumping flow files every 60 sec into directory E:\nprobe
31/Oct/2016 13:05:57 [nprobe.c:5080] WARNING: -n parameter is
missing. 127.0.0.1:2055 will be used.
31/Oct/2016 13:05:57 [nprobe.c:7307] Welcome to nProbe
v.7.4.160623 for Windows
31/Oct/2016 13:05:57 [plugin.c:1030] 0 plugin(s) enabled
31/Oct/2016 13:05:57 [nprobe.c:6833] Non IPv4/v6 traffic is
discarded according to the template
31/Oct/2016 13:05:57 [nprobe.c:5490] Using packet capture length 128
31/Oct/2016 13:05:57 [nprobe.c:7483] IPv6 traffic will NOT be
exported/accounted by this probe
31/Oct/2016 13:05:57 [nprobe.c:7484] due to configuration
options (e.g. use NetFlow v9)
31/Oct/2016 13:05:57 [nprobe.c:7529] Flows ASs will not be
computed (missing GeoIP support)
31/Oct/2016 13:05:57 [nprobe.c:7632] Capturing packets from
interface \Device\NPF_{1AECA7A0-923C-4ADF-BB31-46E5A3C131F7}
[snaplen: 128 bytes]
31/Oct/2016 13:05:57 [nprobe.c:7855] nProbe started successfully
The resulting text files look like below:
IPV4_SRC_ADDR IPV4_DST_ADDR IPV4_NEXT_HOP INPUT_SNMP
OUTPUT_SNMP IN_PKTS IN_BYTES FIRST_SWITCHED
LAST_SWITCHED L4_SRC_PORT
10.x.x.x 10.x.x.x 0.0.0.0
0 0 2 1314
1477937430 1477937430 64567
10.x.x.x 10.x.x.x 0.0.0.0
0 0 1 132
1477937430 1477937430 1918
...... continues ......
ALL input interfaces show as "0"
Using wireshark I have verified the V9/IPFIX netflow data IS being
delivered and the interface information is in the flowsets.
>> Cisco NetFlow/IPFIX
>> Version: 9
>> Count: 38
>> SysUptime: 261103507
>> Timestamp: Oct 28, 2016 21:12:22.000000000 EDT
>> CurrentSecs: 1477703542
>> FlowSequence: 159997
>> SourceId: 2304
>> FlowSet 1
>> FlowSet Id: (Data) (264)
>> FlowSet Length: 1336
>> Flow 1
>> SrcAddr: 122.x.x.x.(122.x.x.x)
>> DstAddr: 122.x.x.x (122.x.x.x)
>> IP ToS: 0x68
>> Protocol: 17
>> SrcPort: 20903
>> DstPort: 53
>> OutputInt: 9 ===> interface
number appears (and interface is in fact active )
>> Direction: Egress (1)
>> Octets: 79
>> Packets: 1
What's required to get the interface numbers to be recognized and
recorded by nprobe?
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
