Re: [Ntop-misc] nProbe and Andrisoft compatibility

Mon, 12 Mar 2018 03:56:15 -0700

Benjamin
all I did is this:

I have started "nprobe nprobe.conf” (basically is your config file) and sent some flows to nprobe, then captured the emitted flows with wireshark. I enclose the pcap with such flows. If you open them with wireshark everything looks good with no decoding errors whatsoever.

Please tell the Wansight folks to contact us and report the exact issue (so that we can reproduce it an fix it), so we can use to reproduce the issues they mentioned you.

Regards Luca
 


Attachment: nprobe.tgz
Description: Binary data




On 12 Mar 2018, at 11:18, Benjamin Weik <[email protected]> wrote:

Hi,
 
I am trying to use nProbe as a flow filter & forwarder to filter out flows for customer prefixes and forward those flows to the customers Wansight but I am unable to get something useful on Wansight.
Sometimes a few flows are recieved and a little bit is graphed but with each flow received, the timeout is increased until Wansight says the flow is too old and discards it.
..
Andrisoft support says that nProbe is at fault:
 
>If the flow exporter respects the RFC and it's configured to export long flows periodically, you only need to adjust the Flow Timeout(s) parameter from the Flow Sensor configuration window to the same value. 
>All flows will be accepted, even if the start time is very long in the past.
 
>We don't have a nProbe license to be able to test it, but not even Wireshark can properly decode the start/end time of flows generated by it. So we can only conclude that it's a nProbe issue.
>We do have customers that are monitoring their routers with Netflow v9 and IPFIX without any issues from Wanguard.
 
Am I missing any parameters for nProbe? Am I misthinking something?
 

_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Reply via email to