[Ntop] Poblems with port 2055 using ntopng as a flow collector for nProbe

Sat, 04 Jan 2014 16:42:14 -0800 

Hi Everyone,

I have installed "pfring nprobe ntopng ntopng-data n2disk nbox" using the
example here http://www.nmon.net/apt/. After some trial an error I have
also found that additionally I needed rrdtool and libpcap0.8.

My server is an Ubuntu 12.04 LTS: Linux flowCollector 3.8.0-35-generic
#50~precise1-Ubuntu SMP Wed Dec 4 17:25:51 UTC 2013 x86_64 x86_64 x86_64
GNU/Linux

I have configured everything using nBox. nProbe and ntopng are running
(green light), but nProbe is not starting on port 2055.

I am sending flows from 4 Cisco 2600 to the IP 10.11.11.30:2055, but
because there is no daemon on that port, nothing is receiving the flows.

On ntopng:3000 and when I move the interface "[email protected]:5556",
the web interface is showing:

No packet has been received yet on interface [email protected]:5556.
Please wait 7 seconds until this page reloads

but if I select the interface eth1 with ip 10.11.11.30 I am seeing some
local traffic. Using wireshark I can see periodically the udp packets going
towards port 2055.

netstat -anptu

Proto Recv-Q Send-Q Local Address           Foreign Address         State
    PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN
     1455/mysqld
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN
     3661/redis-server
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
     1764/apache2
tcp        0      0 10.11.11.30:5556        0.0.0.0:*               LISTEN
     9158/nprobe
tcp        0      0 10.11.11.30:54333       10.11.11.30:5556
 ESTABLISHED 5064/ntopng
tcp        0      0 10.11.11.30:5556        10.11.11.30:54333
ESTABLISHED 9158/nprobe
tcp        0      0 127.0.0.1:35392         127.0.0.1:6379
 ESTABLISHED 5064/ntopng
tcp        0      0 127.0.0.1:6379          127.0.0.1:35392
ESTABLISHED 3661/redis-server
udp        0      0 0.0.0.0:50177           0.0.0.0:*
    9158/nprobe
udp        0      0 127.0.0.1:161           0.0.0.0:*
    1694/snmpd
udp        0      0 0.0.0.0:50467           0.0.0.0:*
    1694/snmpd


Correct me if I am wrong but the connection should be something like this,
right? :

Cisco ----------> nProbe ---------> ZeroMQ Endpoint <--------------- ntopng
(0MQ Subscriber/flow collector)

with IPs

Cisco ----------> udp:10.11.11.30:2055 ------->
tcp:10.11.11.30:5556<---------- ntopng

Thanks in Advance,

Daniel Gomez

-- 
*The Flow is a mystery to many, and it may only be visible when it is not
presen*t.

_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

Reply via email to