Re: [Ntop-misc] nProbe configuration issues

2015-06-02 Thread Luca Deri 
Matt
you have
> -n=udp://127.0.0.1:2055 -3=2055

this means that (-3) you want to collect flows on port 2055 and (-n) export 
flows to localhost port 2055. nProbe detects that and disables this.

If your intention is to collect flows on port 2055 and let ntopng attach to it, 
do -n=none and it should work.

Regards Luca


> On 02 Jun 2015, at 12:50, Matt Thompson  wrote:
> 
> Hi Yuri,
> 
> the ntopng and nprobe config files are below, respectively:
> 
>  
> -n=3
> -m="10.20.70.0/24 "
> -G=/var/tmp/ntopng.pid
> -i=tcp://127.0.0.1:5556 
> 
> 
> 
> -n=udp://127.0.0.1:2055 
> -i=none
> -t=60
> -d=60
> -a=0
> -e=1
> -B=10
> -w=128000
> -z=0
> -S=1:1
> -E=0:0
> -m=15
> -g=/var/run/nprobe-none.pid
> -3=2055
> --zmq=tcp://*:5556
> --vlanid-as-iface-idx=none
> -T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT 
> %IPV4_SRC_ADDR
>  %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP %LAST_SWITCHED 
> %FIRST_SWI
> TCHED
> -V=9
> --dump-stats=/var/log/nprobe/none-0_flows_stats.txt
> 
> 
> I have also tried changing the various IPs to the Eth0 address with no change.
> 
> 
> Regards,
> 
> Matt
> 
> 
> 
> 
> -- Forwarded message --
> From: Francalacci Yuri mailto:y...@ntop.org>>
> To: "ntop-misc@listgateway.unipi.it " 
> mailto:ntop-misc@listgateway.unipi.it>>
> Cc: 
> Date: Sun, 31 May 2015 17:15:01 +0200
> Subject: Re: [Ntop-misc] Ntop-misc Digest, Vol 131, Issue 13
> Could you please post the nprobe and ntopng config file (in /etc/ntopng and 
> /etc/nprobe)
> Yuri
> 
> Sent from my iPhone
> 
> Il giorno 31/mag/2015, alle ore 16:10, Matt Thompson  > ha scritto:
> 
>> Hi Yuri,
>> 
>> I am starting and stopping it within the GUI. It all starts up OK, but it 
>> only reports traffic directed at the server itself (my client connecting) 
>> and broadcast traffic on its subnet.
>> 
>> 
>> Regards,
>> 
>> Matt
>> 
>> On 30 May 2015 at 11:00, > > wrote:
>> Send Ntop-misc mailing list submissions to
>> ntop-misc@listgateway.unipi.it 
>> 
>> 
>> To subscribe or unsubscribe via the World Wide Web, visit
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc 
>> 
>> or, via email, send a message with subject or body 'help' to
>> ntop-misc-requ...@listgateway.unipi.it 
>> 
>> 
>> You can reach the person managing the list at
>> ntop-misc-ow...@listgateway.unipi.it 
>> 
>> 
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Ntop-misc digest..."
>> 
>> Today's Topics:
>> 
>>1. nProbe configuration (Matt Thompson)
>>2. Re: nProbe configuration (Yuri Francalacci)
>> 
>> 
>> -- Forwarded message --
>> From: Matt Thompson mailto:sir.vegas...@gmail.com>>
>> To: ntop-misc@listgateway.unipi.it 
>> Cc: 
>> Date: Fri, 29 May 2015 14:49:05 +0100
>> Subject: [Ntop-misc] nProbe configuration
>> I'm hoping somebody can help what is probably a simple issue.
>> 
>> I have installed the trial licence successfully but am struggling to 
>> configure ntop/nprobe to get useful data, despite following the 
>> documentation and some related YouTube videos.
>> 
>> I have a simple setup:
>> 
>> (Firewall 1)
>> 
>> <>
>> 
>> (Firewall 2)
>> 
>> <>
>> 
>> (Ntop/nprobe installation server)
>> 
>> 
>> Firewall 1 is where I have Netflow exporting configured. The server has all 
>> the relevant roles installed on the one box. Firewall 2 has all relevant 
>> traffic allowed through it, but a packet capture on there shows the server 
>> is sending udp port 2055 unreachable ICMP messages back to firewall 1.
>> 
>> I use the GUI to configure so should I be using the Eth0 or Proxy setup and 
>> what settings should I be tweaking? I can only see traffic destined for the 
>> server or broadcast traffic on that subnet.
>> 
>> 
>> TIA
>> 
>> Matt
>> 
>> 
>> 
>> -- Forwarded message --
>> From: Yuri Francalacci mailto:y...@ntop.org>>
>> To: ntop-misc@listgateway.unipi.it 
>> Cc: 
>> Date: Fri, 29 May 2015 16:16:32 +0200
>> Subject: Re: [Ntop-misc] nProbe configuration
>> Matt,
>> could you post the way you are starting either ntopng and nprobe?
>> Yuri
>> ###
>> Yuri Francalacci   -   y...@ntop.org    -   
>> http://www.ntop.org 
>> "Simplicity is the ultimate sophistication" - Leonardo da Vinci
>> ###
>> 
>>> On 29 May 2015, at 15:49, Matt Thompson >> > wrote:
>>> 
>>> I'm hoping somebody can hel

[Ntop-misc] nProbe configuration issues

2015-06-02 Thread Matt Thompson 
>
> Hi Yuri,
>

the ntopng and nprobe config files are below, respectively:


-n=3
-m="10.20.70.0/24"
-G=/var/tmp/ntopng.pid
-i=tcp://127.0.0.1:5556



-n=udp://127.0.0.1:2055
-i=none
-t=60
-d=60
-a=0
-e=1
-B=10
-w=128000
-z=0
-S=1:1
-E=0:0
-m=15
-g=/var/run/nprobe-none.pid
-3=2055
--zmq=tcp://*:5556
--vlanid-as-iface-idx=none
-T=%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT
%IPV4_SRC_ADDR
 %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %OUTPUT_SNMP %LAST_SWITCHED
%FIRST_SWI
TCHED
-V=9
--dump-stats=/var/log/nprobe/none-0_flows_stats.txt


I have also tried changing the various IPs to the Eth0 address with no
change.


Regards,

Matt




-- Forwarded message --
> From: Francalacci Yuri 
> To: "ntop-misc@listgateway.unipi.it" 
> Cc:
> Date: Sun, 31 May 2015 17:15:01 +0200
> Subject: Re: [Ntop-misc] Ntop-misc Digest, Vol 131, Issue 13
> Could you please post the nprobe and ntopng config file (in /etc/ntopng
> and /etc/nprobe)
> Yuri
>
> Sent from my iPhone
>
> Il giorno 31/mag/2015, alle ore 16:10, Matt Thompson <
> sir.vegas...@gmail.com> ha scritto:
>
> Hi Yuri,
>
> I am starting and stopping it within the GUI. It all starts up OK, but it
> only reports traffic directed at the server itself (my client connecting)
> and broadcast traffic on its subnet.
>
>
> Regards,
>
> Matt
>
> On 30 May 2015 at 11:00,  wrote:
>
>> Send Ntop-misc mailing list submissions to
>> ntop-misc@listgateway.unipi.it
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>> or, via email, send a message with subject or body 'help' to
>> ntop-misc-requ...@listgateway.unipi.it
>>
>> You can reach the person managing the list at
>> ntop-misc-ow...@listgateway.unipi.it
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Ntop-misc digest..."
>>
>> Today's Topics:
>>
>>1. nProbe configuration (Matt Thompson)
>>2. Re: nProbe configuration (Yuri Francalacci)
>>
>>
>> -- Forwarded message --
>> From: Matt Thompson 
>> To: ntop-misc@listgateway.unipi.it
>> Cc:
>> Date: Fri, 29 May 2015 14:49:05 +0100
>> Subject: [Ntop-misc] nProbe configuration
>> I'm hoping somebody can help what is probably a simple issue.
>>
>> I have installed the trial licence successfully but am struggling to
>> configure ntop/nprobe to get useful data, despite following the
>> documentation and some related YouTube videos.
>>
>> I have a simple setup:
>>
>> (Firewall 1)
>>
>> <>
>>
>> (Firewall 2)
>>
>> <>
>>
>> (Ntop/nprobe installation server)
>>
>>
>> Firewall 1 is where I have Netflow exporting configured. The server has
>> all the relevant roles installed on the one box. Firewall 2 has all
>> relevant traffic allowed through it, but a packet capture on there shows
>> the server is sending udp port 2055 unreachable ICMP messages back to
>> firewall 1.
>>
>> I use the GUI to configure so should I be using the Eth0 or Proxy setup
>> and what settings should I be tweaking? I can only see traffic destined for
>> the server or broadcast traffic on that subnet.
>>
>>
>> TIA
>>
>> Matt
>>
>>
>>
>> -- Forwarded message --
>> From: Yuri Francalacci 
>> To: ntop-misc@listgateway.unipi.it
>> Cc:
>> Date: Fri, 29 May 2015 16:16:32 +0200
>> Subject: Re: [Ntop-misc] nProbe configuration
>> Matt,
>> could you post the way you are starting either ntopng and nprobe?
>> Yuri
>> ###
>> Yuri Francalacci   -   y...@ntop.org   -   http://www.ntop.org
>> "Simplicity is the ultimate sophistication" - Leonardo da Vinci
>> ###
>>
>> On 29 May 2015, at 15:49, Matt Thompson  wrote:
>>
>> I'm hoping somebody can help what is probably a simple issue.
>>
>> I have installed the trial licence successfully but am struggling to
>> configure ntop/nprobe to get useful data, despite following the
>> documentation and some related YouTube videos.
>>
>> I have a simple setup:
>>
>> (Firewall 1)
>>
>> <>
>>
>> (Firewall 2)
>>
>> <>
>>
>> (Ntop/nprobe installation server)
>>
>>
>> Firewall 1 is where I have Netflow exporting configured. The server has
>> all the relevant roles installed on the one box. Firewall 2 has all
>> relevant traffic allowed through it, but a packet capture on there shows
>> the server is sending udp port 2055 unreachable ICMP messages back to
>> firewall 1.
>>
>> I use the GUI to configure so should I be using the Eth0 or Proxy setup
>> and what settings should I be tweaking? I can only see traffic destined for
>> the server or broadcast traffic on that subnet.
>>
>>
>> TIA
>>
>> Matt
>>
>>  ___
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>>
>>
>> ___
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it
>> http://listg