Re: [Ntop-misc] Collecting NetFlow data with nprobe
Thanks, I used the windows equivalent, windump, and have added the dump to the issue I created. Peter Shute Sent from my iPad > On 17 Aug 2016, at 7:36 PM, Luca Deri <d...@ntop.org> wrote: > > Peter, > for dumping packets please use tcodump -s 0 -w my.pcap … or wireshark. > > Luca >> On 17 Aug 2016, at 11:28, Peter Shute <psh...@nuw.org.au> wrote: >> >> Thanks, should I generate the pcap file with the --dump-pkts parameter? I >> suspect with -i none that there will be nothing dumped, but I'll check. >> >> Sent from my iPad >> >>> On 17 Aug 2016, at 6:54 PM, Luca Deri <d...@ntop.org> wrote: >>> >>> Peter >>> please file an issue on https://github.com/ntop/nProbe/issues and attach a >>> pcap file. I need to see what nprobe is receiving before commenting. Please >>> make sure you also add “-i none” >>> >>> Thanks Luca >>> >>>> On 17 Aug 2016, at 04:17, Peter Shute <psh...@nuw.org.au> wrote: >>>> >>>> I still haven't made any progress with this. I've now installed Wireshark, >>>> and followed these instructions to prove to myself that the NetFlow data >>>> is arriving at my PC: >>>> https://communities.ca.com/docs/DOC-231149629 >>>> >>>> So why does this command collect no data? >>>> nprobe /c -i none -n none --collector-port 9996 -V9 -P c:\temp\nprobe >>>> >>>>> -----Original Message----- >>>>> From: ntop-misc-boun...@listgateway.unipi.it [mailto:ntop-misc- >>>>> boun...@listgateway.unipi.it] On Behalf Of Peter Shute >>>>> Sent: Monday, 15 August 2016 4:00 PM >>>>> To: 'ntop-misc@listgateway.unipi.it' <ntop-misc@listgateway.unipi.it> >>>>> Subject: [Ntop-misc] Collecting NetFlow data with nprobe >>>>> >>>>> Our ISP has configured several internet routers to send NetFlow data on >>>>> port >>>>> 9996 to a particular machine. I have successfully configured PRTG to get >>>>> the >>>>> data to see lists of top recipients, etc, so I know this machine is >>>>> receiving the >>>>> NetFlow data ok, but it doesn't store the flows for later analysis, so >>>>> I've >>>>> disabled it. How do I configure nprobe to get the flow into a file I can >>>>> analyse? >>>>> >>>>> I'm confused about which mode nprobe needs to be used in to collect the >>>>> data. I've tried this: >>>>> nprobe /c --collector 192.168.0.203:9996 -V9 -P c:\temp\nprobe but it >>>>> seems >>>>> to be collecting local traffic. In among it, I can see that there are >>>>> flows from >>>>> the router to this machine on port 9996. What I need is the flow >>>>> information >>>>> inside those packets. >>>>> >>>>> I tried this: >>>>> nprobe /c -i none -n none --collector-port 9996 -V9 -P c:\temp\nprobe but >>>>> it >>>>> collects nothing. >>>>> >>>>> Where am I going wrong? I'm not sure if I usderstand the differences >>>>> between probe mode, collector mode and proxy mode. I need collector >>>>> mode, don't I? >>>>> >>>>> Peter Shute >>>>> ___ >>>>> Ntop-misc mailing list >>>>> Ntop-misc@listgateway.unipi.it >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>> ___ >>>> Ntop-misc mailing list >>>> Ntop-misc@listgateway.unipi.it >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> >>> ___ >>> Ntop-misc mailing list >>> Ntop-misc@listgateway.unipi.it >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> ___ >> Ntop-misc mailing list >> Ntop-misc@listgateway.unipi.it >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > ___ > Ntop-misc mailing list > Ntop-misc@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop-misc ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: [Ntop-misc] Collecting NetFlow data with nprobe
Peter, for dumping packets please use tcodump -s 0 -w my.pcap … or wireshark. Luca > On 17 Aug 2016, at 11:28, Peter Shute <psh...@nuw.org.au> wrote: > > Thanks, should I generate the pcap file with the --dump-pkts parameter? I > suspect with -i none that there will be nothing dumped, but I'll check. > > Sent from my iPad > >> On 17 Aug 2016, at 6:54 PM, Luca Deri <d...@ntop.org> wrote: >> >> Peter >> please file an issue on https://github.com/ntop/nProbe/issues and attach a >> pcap file. I need to see what nprobe is receiving before commenting. Please >> make sure you also add “-i none” >> >> Thanks Luca >> >>> On 17 Aug 2016, at 04:17, Peter Shute <psh...@nuw.org.au> wrote: >>> >>> I still haven't made any progress with this. I've now installed Wireshark, >>> and followed these instructions to prove to myself that the NetFlow data is >>> arriving at my PC: >>> https://communities.ca.com/docs/DOC-231149629 >>> >>> So why does this command collect no data? >>> nprobe /c -i none -n none --collector-port 9996 -V9 -P c:\temp\nprobe >>> >>>> -Original Message- >>>> From: ntop-misc-boun...@listgateway.unipi.it [mailto:ntop-misc- >>>> boun...@listgateway.unipi.it] On Behalf Of Peter Shute >>>> Sent: Monday, 15 August 2016 4:00 PM >>>> To: 'ntop-misc@listgateway.unipi.it' <ntop-misc@listgateway.unipi.it> >>>> Subject: [Ntop-misc] Collecting NetFlow data with nprobe >>>> >>>> Our ISP has configured several internet routers to send NetFlow data on >>>> port >>>> 9996 to a particular machine. I have successfully configured PRTG to get >>>> the >>>> data to see lists of top recipients, etc, so I know this machine is >>>> receiving the >>>> NetFlow data ok, but it doesn't store the flows for later analysis, so I've >>>> disabled it. How do I configure nprobe to get the flow into a file I can >>>> analyse? >>>> >>>> I'm confused about which mode nprobe needs to be used in to collect the >>>> data. I've tried this: >>>> nprobe /c --collector 192.168.0.203:9996 -V9 -P c:\temp\nprobe but it >>>> seems >>>> to be collecting local traffic. In among it, I can see that there are >>>> flows from >>>> the router to this machine on port 9996. What I need is the flow >>>> information >>>> inside those packets. >>>> >>>> I tried this: >>>> nprobe /c -i none -n none --collector-port 9996 -V9 -P c:\temp\nprobe but >>>> it >>>> collects nothing. >>>> >>>> Where am I going wrong? I'm not sure if I usderstand the differences >>>> between probe mode, collector mode and proxy mode. I need collector >>>> mode, don't I? >>>> >>>> Peter Shute >>>> ___ >>>> Ntop-misc mailing list >>>> Ntop-misc@listgateway.unipi.it >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> ___ >>> Ntop-misc mailing list >>> Ntop-misc@listgateway.unipi.it >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> ___ >> Ntop-misc mailing list >> Ntop-misc@listgateway.unipi.it >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > ___ > Ntop-misc mailing list > Ntop-misc@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop-misc ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: [Ntop-misc] Collecting NetFlow data with nprobe
Thanks, should I generate the pcap file with the --dump-pkts parameter? I suspect with -i none that there will be nothing dumped, but I'll check. Sent from my iPad > On 17 Aug 2016, at 6:54 PM, Luca Deri <d...@ntop.org> wrote: > > Peter > please file an issue on https://github.com/ntop/nProbe/issues and attach a > pcap file. I need to see what nprobe is receiving before commenting. Please > make sure you also add “-i none” > > Thanks Luca > >> On 17 Aug 2016, at 04:17, Peter Shute <psh...@nuw.org.au> wrote: >> >> I still haven't made any progress with this. I've now installed Wireshark, >> and followed these instructions to prove to myself that the NetFlow data is >> arriving at my PC: >> https://communities.ca.com/docs/DOC-231149629 >> >> So why does this command collect no data? >> nprobe /c -i none -n none --collector-port 9996 -V9 -P c:\temp\nprobe >> >>> -Original Message- >>> From: ntop-misc-boun...@listgateway.unipi.it [mailto:ntop-misc- >>> boun...@listgateway.unipi.it] On Behalf Of Peter Shute >>> Sent: Monday, 15 August 2016 4:00 PM >>> To: 'ntop-misc@listgateway.unipi.it' <ntop-misc@listgateway.unipi.it> >>> Subject: [Ntop-misc] Collecting NetFlow data with nprobe >>> >>> Our ISP has configured several internet routers to send NetFlow data on port >>> 9996 to a particular machine. I have successfully configured PRTG to get the >>> data to see lists of top recipients, etc, so I know this machine is >>> receiving the >>> NetFlow data ok, but it doesn't store the flows for later analysis, so I've >>> disabled it. How do I configure nprobe to get the flow into a file I can >>> analyse? >>> >>> I'm confused about which mode nprobe needs to be used in to collect the >>> data. I've tried this: >>> nprobe /c --collector 192.168.0.203:9996 -V9 -P c:\temp\nprobe but it seems >>> to be collecting local traffic. In among it, I can see that there are flows >>> from >>> the router to this machine on port 9996. What I need is the flow information >>> inside those packets. >>> >>> I tried this: >>> nprobe /c -i none -n none --collector-port 9996 -V9 -P c:\temp\nprobe but it >>> collects nothing. >>> >>> Where am I going wrong? I'm not sure if I usderstand the differences >>> between probe mode, collector mode and proxy mode. I need collector >>> mode, don't I? >>> >>> Peter Shute >>> ___ >>> Ntop-misc mailing list >>> Ntop-misc@listgateway.unipi.it >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> ___ >> Ntop-misc mailing list >> Ntop-misc@listgateway.unipi.it >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > ___ > Ntop-misc mailing list > Ntop-misc@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop-misc ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: [Ntop-misc] Collecting NetFlow data with nprobe
Peter please file an issue on https://github.com/ntop/nProbe/issues and attach a pcap file. I need to see what nprobe is receiving before commenting. Please make sure you also add “-i none” Thanks Luca > On 17 Aug 2016, at 04:17, Peter Shute <psh...@nuw.org.au> wrote: > > I still haven't made any progress with this. I've now installed Wireshark, > and followed these instructions to prove to myself that the NetFlow data is > arriving at my PC: > https://communities.ca.com/docs/DOC-231149629 > > So why does this command collect no data? > nprobe /c -i none -n none --collector-port 9996 -V9 -P c:\temp\nprobe > >> -Original Message- >> From: ntop-misc-boun...@listgateway.unipi.it [mailto:ntop-misc- >> boun...@listgateway.unipi.it] On Behalf Of Peter Shute >> Sent: Monday, 15 August 2016 4:00 PM >> To: 'ntop-misc@listgateway.unipi.it' <ntop-misc@listgateway.unipi.it> >> Subject: [Ntop-misc] Collecting NetFlow data with nprobe >> >> Our ISP has configured several internet routers to send NetFlow data on port >> 9996 to a particular machine. I have successfully configured PRTG to get the >> data to see lists of top recipients, etc, so I know this machine is >> receiving the >> NetFlow data ok, but it doesn't store the flows for later analysis, so I've >> disabled it. How do I configure nprobe to get the flow into a file I can >> analyse? >> >> I'm confused about which mode nprobe needs to be used in to collect the >> data. I've tried this: >> nprobe /c --collector 192.168.0.203:9996 -V9 -P c:\temp\nprobe but it seems >> to be collecting local traffic. In among it, I can see that there are flows >> from >> the router to this machine on port 9996. What I need is the flow information >> inside those packets. >> >> I tried this: >> nprobe /c -i none -n none --collector-port 9996 -V9 -P c:\temp\nprobe but it >> collects nothing. >> >> Where am I going wrong? I'm not sure if I usderstand the differences >> between probe mode, collector mode and proxy mode. I need collector >> mode, don't I? >> >> Peter Shute >> ___ >> Ntop-misc mailing list >> Ntop-misc@listgateway.unipi.it >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > ___ > Ntop-misc mailing list > Ntop-misc@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop-misc ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Re: [Ntop-misc] Collecting NetFlow data with nprobe
I still haven't made any progress with this. I've now installed Wireshark, and followed these instructions to prove to myself that the NetFlow data is arriving at my PC: https://communities.ca.com/docs/DOC-231149629 So why does this command collect no data? nprobe /c -i none -n none --collector-port 9996 -V9 -P c:\temp\nprobe > -Original Message- > From: ntop-misc-boun...@listgateway.unipi.it [mailto:ntop-misc- > boun...@listgateway.unipi.it] On Behalf Of Peter Shute > Sent: Monday, 15 August 2016 4:00 PM > To: 'ntop-misc@listgateway.unipi.it' <ntop-misc@listgateway.unipi.it> > Subject: [Ntop-misc] Collecting NetFlow data with nprobe > > Our ISP has configured several internet routers to send NetFlow data on port > 9996 to a particular machine. I have successfully configured PRTG to get the > data to see lists of top recipients, etc, so I know this machine is receiving > the > NetFlow data ok, but it doesn't store the flows for later analysis, so I've > disabled it. How do I configure nprobe to get the flow into a file I can > analyse? > > I'm confused about which mode nprobe needs to be used in to collect the > data. I've tried this: > nprobe /c --collector 192.168.0.203:9996 -V9 -P c:\temp\nprobe but it seems > to be collecting local traffic. In among it, I can see that there are flows > from > the router to this machine on port 9996. What I need is the flow information > inside those packets. > > I tried this: > nprobe /c -i none -n none --collector-port 9996 -V9 -P c:\temp\nprobe but it > collects nothing. > > Where am I going wrong? I'm not sure if I usderstand the differences > between probe mode, collector mode and proxy mode. I need collector > mode, don't I? > > Peter Shute > ___ > Ntop-misc mailing list > Ntop-misc@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop-misc ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
[Ntop-misc] Collecting NetFlow data with nprobe
Our ISP has configured several internet routers to send NetFlow data on port 9996 to a particular machine. I have successfully configured PRTG to get the data to see lists of top recipients, etc, so I know this machine is receiving the NetFlow data ok, but it doesn't store the flows for later analysis, so I've disabled it. How do I configure nprobe to get the flow into a file I can analyse? I'm confused about which mode nprobe needs to be used in to collect the data. I've tried this: nprobe /c --collector 192.168.0.203:9996 -V9 -P c:\temp\nprobe but it seems to be collecting local traffic. In among it, I can see that there are flows from the router to this machine on port 9996. What I need is the flow information inside those packets. I tried this: nprobe /c -i none -n none --collector-port 9996 -V9 -P c:\temp\nprobe but it collects nothing. Where am I going wrong? I'm not sure if I usderstand the differences between probe mode, collector mode and proxy mode. I need collector mode, don't I? Peter Shute ___ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
