[Ntop-misc] Trying to get plugins to work - not enabled
I originally thought it was a license issue, but now that I've installed the license, it still does not work. Says "License Ok" so I'm assuming the license is correctly installed. nprobe -E "0:3" -f "tcp and port 80" -a -n 10.65.24.57:2055 -i ens4 -u 1 -Q 2 -t 60 -d 15 -V 10 -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %L4_DST_PORT %L4_SRC_PORT %IN_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %PROTOCOL %IPV4_SRC_MASK %IPV4_DST_MASK %IN_SRC_MAC %OUT_DST_MAC %TCP_FLAGS %CLIENT_NW_DELAY_MS %SERVER_NW_DELAY_MS %APPL_LATENCY_MS %HTTP_URL %HTTP_RET_CODE %HTTP_REFERER %HTTP_UA %HTTP_MIME" 07/Nov/2016 15:45:58 [nprobe.c:3450] Valid nProbe Pro license found 07/Nov/2016 15:45:58 [plugin.c:174] No plugins found in ./plugins 07/Nov/2016 15:45:58 [plugin.c:182] Loading 24 plugins [.so] from /usr/local/lib/nprobe/plugins 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin DHCP Protocol [/etc/nprobe.license.dhcp]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin Diameter Protocol [/etc/nprobe.license.diameter]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin DNS/LLMNR Protocol [/etc/nprobe.license.dns]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin Export Plugin [/etc/nprobe.license.export]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin FTP Protocol [/etc/nprobe.license.ftp]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin GTPv0 Signaling Protocol [/etc/nprobe.license.gtpv0]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin GTPv1 Signaling Protocol [/etc/nprobe.license.gtpv1]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin GTPv2 Signaling Protocol [/etc/nprobe.license.gtpv2]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin HTTP Protocol [/etc/nprobe.license.http]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin IMAP Protocol [/etc/nprobe.license.email]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin Netflow-Lite Plugin [/etc/nprobe.license.nflite]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin Oracle Protocol [/etc/nprobe.license.oracle]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin POP3 Protocol [/etc/nprobe.license.email]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin System process information [/etc/nprobe.license.process]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin Radius Protocol [/etc/nprobe.license.radius]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin RTP Plugin [/etc/nprobe.license.voip]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin S1AP Protocol [/etc/nprobe.license.S1AP]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin SIP Plugin [/etc/nprobe.license.voip]: License Ok 07/Nov/2016 15:45:58 [plugin.c:784] Unable to enable plugin SMTP Protocol [/etc/nprobe.license.email]: License Ok 07/Nov/2016 15:45:58 [nprobe.c:5064] Welcome to nProbe Pro v.7.5.161106 ($Revision: 5466 $) for x86_64-unknown-linux-gnu with native PF_RING acceleration 07/Nov/2016 15:45:58 [nprobe.c:5074] Running on CentOS Linux release 7.2.1511 (Core) 07/Nov/2016 15:45:58 [nprobe.c:5085] [LICENSE] nProbe SystemId: 12FBFEEB0749 07/Nov/2016 15:45:58 [nprobe.c:7422] Welcome to nProbe v.7.5.161106 for x86_64-unknown-linux-gnu 07/Nov/2016 15:45:58 [nprobe.c:6506] Using NetFlow Packet Payload Len: 1472 07/Nov/2016 15:45:58 [template.c:1585] WARNING: Unable to locate template 'CLIENT_NW_DELAY_MS'. Discarded. 07/Nov/2016 15:45:58 [template.c:1585] WARNING: Unable to locate template 'SERVER_NW_DELAY_MS'. Discarded. 07/Nov/2016 15:45:58 [template.c:1585] WARNING: Unable to locate template 'HTTP_URL'. Discarded. 07/Nov/2016 15:45:58 [template.c:1585] WARNING: Unable to locate template 'HTTP_RET_CODE'. Discarded. 07/Nov/2016 15:45:58 [template.c:1585] WARNING: Unable to locate template 'HTTP_REFERER'. Discarded. 07/Nov/2016 15:45:58 [template.c:1585] WARNING: Unable to locate template 'HTTP_UA'. Discarded. 07/Nov/2016 15:45:58 [template.c:1585] WARNING: Unable to locate template 'HTTP_MIME'. Discarded. 07/Nov/2016 15:45:58 [template.c:1585] WARNING: Unable to locate template 'CLIENT_NW_DELAY_MS'. Discarded. 07/Nov/2016 15:45:58 [template.c:1585] WARNING: Unable to locate template 'SERVER_NW_DELAY_MS'. Discarded. 07/Nov/2016 15:45:58 [template.c:1585] WARNING: Unable to locate template 'HTTP_URL'. Discarded. 07/Nov/2016 15:45:58 [template.c:1585] WARNING: Unable to locate template 'HTTP_RET_CODE'. Discarded. 07/Nov/2016 15:45:58 [template.c:1585] WARNING: Unable to locate template 'HTTP_REFERER'. Discarded. 07/Nov/2016 15:45:58 [template.c:1585] WARNING: Unable to locate template 'HTTP_UA'. Discarded. 07/Nov/2016 15:45:58 [template.c:1585] WARNING:
[Ntop-misc] PF_RING sees DAG but nprobe does not
Current situation. When trying to run nprobe against dag0 I get the following: - 28/Oct/2016 12:57:02 [util.c:4371] ERROR: Cannot get hw addr for dag0 28/Oct/2016 12:57:02 [pro/pf_ring.c:377] Initializing PF_RING socket on device dag0.. 28/Oct/2016 12:57:02 [nprobe.c:5573] ERROR: Unable to open interface dag0. 28/Oct/2016 12:57:02 [nprobe.c:7401] ERROR: Unable to open interface dag0 (dag0: No such device exists (SIOCGIFHWADDR: No such device)) --- Even though the PF_RING pcount utility sees it and can get packet stats from it. [root@localhost ~]# /usr/local/src/pfring/userland/examples/pcount -h pcount (C) 2003-14 Deri Luca <d...@ntop.org> -h [Print help] -i [Device name] -f [pcap filter] -l [Capture length] -S [Do not strip hw timestamps (if present)] -v[Verbose [1: verbose, 2: very verbose (print packet payload)]] Available devices (-i): 0. ens3 1. ens4 2. any 3. lo 4. dag0 5. dag0:0 6. nflog 7. nfqueue 8. usbmon1 [root@localhost ~]# --- What now? How I got here: 1)compiled PF_RING with dag libraries and confirmed it worked with the pcount utility. 2)installed nprobe using yum. (I did not see how to compile nprobe) -- John Marshall Senior Consultant T +64 9 355 4818 (extn 94818) M +64 27 819 8366 E john.marsh...@spark.co.nz Level 1 Green, Spark City | 167 Victoria Street West | Private Bag 92028, Auckland 1010 www.sparkdigital.co.nz -- This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: [Ntop-misc] trying to get PF_RING to recognize DAG
In the PF_RING Users Guide section 6.6 there is mention of using the "-ldag" flag to support the Endace DAG. I don't understand where that flag would be used. Can you please provide details and an example? Thanks! -John Marshall -Original Message----- From: John Marshall Sent: Wednesday, 19 October 2016 2:34 p.m. To: 'ntop-misc@listgateway.unipi.it' <ntop-misc@listgateway.unipi.it> Subject: trying to get PF_RING to recognize DAG I've installed nProbe and, consequently, PF_RING. The only interface I can currently use is ens3. I'm trying to get it to work with the Endace dag0. I've done the install from packages. Does anyone have any experience with this you can share? -- -John This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
[Ntop-misc] trying to get PF_RING to recognize DAG
I've installed nProbe and, consequently, PF_RING. The only interface I can currently use is ens3. I'm trying to get it to work with the Endace dag0. I've done the install from packages. Does anyone have any experience with this you can share? -- -John This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
