[prev in list] [next in list] [prev in thread] [next in thread]
List: ntop
Subject: Re: [Ntop] Nprobe + ntopng packet detailed statistics
From: Mikhael Chernogorsky <mikhaelc () infinidat ! com>
Date: 2017-02-20 12:09:07
Message-ID: CAB2Za2B5-sE-LPY1UxqCH=G3iERX_e1Xw=T5ot-GiJym70f0-w () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
It works with -V 9 key
nprobe -i ens192 -n none -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP
%INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FIRST_SWITCHED %LAST_SWITCHED
%L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %L7_PROTO @SIP@ @RTP@"
--tunnel --redis localhost --zmq tcp://127.0.0.1:1234 --zmq-probe-mode
--zmq-encrypt-pwd myencryptionkey --online-license-check -V 9
(--tunnel for erspan)
Best,
Mike
On Thu, Feb 9, 2017 at 2:43 PM, Jean-Pierre Human <jphuman@gmail.com> wrote:
> Sorry wrong thread...
>
> On Thu, Feb 9, 2017 at 2:42 PM, Jean-Pierre Human <jphuman@gmail.com>
> wrote:
>
>> Hi Luca
>>
>> Upgraded to nightly however no changes, see the attached image.
>>
>> https://imagebin.ca/v/3BnZuBaPazqu
>>
>> Thanks
>> Jean-Pierre Human
>>
>> On Thu, Feb 9, 2017 at 1:10 PM, Mikhael Chernogorsky <
>> mikhaelc@infinidat.com> wrote:
>>
>>> Hi again,
>>>
>>> checked with a night build.
>>> Have the same result (no TOS/COS info) for TOS.
>>>
>>> Have 12:52:05 [nprobe.c:7312] IP TOS is accounted on probe side
>>>
>>> Should this informations be displayed on a flow page ?
>>>
>>> Im checking it with ssh (tos 0x10) and ping -Q packets/flows
>>>
>>> Thanks,
>>> Mike
>>>
>>>
>>>
>>> On Thu, Feb 9, 2017 at 11:23 AM, Mikhael Chernogorsky <
>>> mikhaelc@infinidat.com> wrote:
>>>
>>>> Hi Luca,
>>>> nope, using stable one. will check with devs
>>>>
>>>> Thanks,
>>>> Mike
>>>>
>>>> On Thu, Feb 9, 2017 at 10:51 AM, Luca Deri <deri@ntop.org> wrote:
>>>>
>>>>> Mikhael,
>>>>> are you using the latest development versions of ntopng and nProbe? If
>>>>> not, please do
>>>>>
>>>>> Luca
>>>>>
>>>>>
>>>>>
>>>>> On 02/09/2017 08:53 AM, Mikhael Chernogorsky wrote:
>>>>>
>>>>> Hi,
>>>>> I've just got nprobe (pro), voip plugin, ntopng (ce).
>>>>> was planned to use it to monitor voip problems.
>>>>> But could not configure them (nprobe + ntopng) to work right. Ntopng
>>>>> does not show any VOIP/TOS related statistics
>>>>>
>>>>> Tried to run it as described there
>>>>> http://www.ntop.org/nprobe/monitoring-voip-traffic-with-npro
>>>>> be-and-ntopng/
>>>>>
>>>>>
>>>>> 1. # nprobe -i eth1 -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR
>>>>> %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FIRST_SWITCHED
>>>>> %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %L7_PROTO
>>>>> @SIP@ @RTP@" --redis localhost --zmq tcp://127.0.0.1:1234
>>>>> 2.
>>>>> 3. $ ntopng -i tcp://127.0.0.1:1234
>>>>>
>>>>>
>>>>> and this version
>>>>> nprobe -i ens192 -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP
>>>>> %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FIRST_SWITCHED %LAST_SWITCHED
>>>>> %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %L7_PROTO @SIP@ @RTP@"
>>>>> --redis localhost --zmq-probe-mode --zmq-encrypt-pwd myencryptionkey
>>>>> --online-license-check
>>>>>
>>>>>
>>>>> Still see no voip packet or COS/TOS details.
>>>>>
>>>>>
>>>>> What am I doing wrong ?
>>>>>
>>>>> Best,
>>>>> Mike
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Ntop mailing listNtop@listgateway.unipi.ithttp://listgateway.unipi.it/mailman/listinfo/ntop
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Ntop mailing list
>>>>> Ntop@listgateway.unipi.it
>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>
>>
>>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
[Attachment #5 (text/html)]
<div dir="ltr">It works with -V 9 key<div><br></div><div>nprobe -i ens192 -n none -T \
"%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS \
%IN_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS \
%PROTOCOL %L7_PROTO @SIP@ @RTP@" --tunnel --redis localhost --zmq tcp://<a \
href="http://127.0.0.1:1234">127.0.0.1:1234</a> --zmq-probe-mode --zmq-encrypt-pwd \
myencryptionkey --online-license-check -V \
9<br></div><div><br></div><div><br></div><div>(--tunnel for \
erspan)</div><div><br></div><div>Best,</div><div>Mike</div></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 9, 2017 at 2:43 PM, \
Jean-Pierre Human <span dir="ltr"><<a href="mailto:jphuman@gmail.com" \
target="_blank">jphuman@gmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Sorry wrong thread...<br></div><div \
class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div \
class="gmail_quote">On Thu, Feb 9, 2017 at 2:42 PM, Jean-Pierre Human <span \
dir="ltr"><<a href="mailto:jphuman@gmail.com" \
target="_blank">jphuman@gmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hi Luca<br><br></div>Upgraded \
to nightly however no changes, see the attached image.<br><br><a \
href="https://imagebin.ca/v/3BnZuBaPazqu" \
target="_blank">https://imagebin.ca/v/3BnZuBaP<wbr>azqu</a><br><br></div>Thanks<span \
class="m_1791076276012566948HOEnZb"><font \
color="#888888"><br></font></span></div><span \
class="m_1791076276012566948HOEnZb"><font color="#888888">Jean-Pierre \
Human<br></font></span></div><div class="m_1791076276012566948HOEnZb"><div \
class="m_1791076276012566948h5"><div class="gmail_extra"><br><div \
class="gmail_quote">On Thu, Feb 9, 2017 at 1:10 PM, Mikhael Chernogorsky <span \
dir="ltr"><<a href="mailto:mikhaelc@infinidat.com" \
target="_blank">mikhaelc@infinidat.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Hi again,<div><br></div><div>checked with a \
night build.</div><div>Have the same result (no TOS/COS info) for \
TOS.</div><div><br></div><div>Have 12:52:05 [nprobe.c:7312] IP TOS is accounted on \
probe side</div><div><br></div><div>Should this informations be displayed on a flow \
page ?</div><div><br></div><div>Im checking it with ssh (tos 0x10) and ping -Q \
packets/flows</div><div><br></div><div>Thanks,</div><div>Mike</div><div><br></div><div><br></div></div><div \
class="m_1791076276012566948m_5829194080623925152HOEnZb"><div \
class="m_1791076276012566948m_5829194080623925152h5"><div \
class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 9, 2017 at 11:23 AM, \
Mikhael Chernogorsky <span dir="ltr"><<a href="mailto:mikhaelc@infinidat.com" \
target="_blank">mikhaelc@infinidat.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Hi Luca,<div>nope, using stable one. will \
check with devs</div><div><br></div><div>Thanks,</div><div>Mike</div></div><div \
class="m_1791076276012566948m_5829194080623925152m_6462016122751300087HOEnZb"><div \
class="m_1791076276012566948m_5829194080623925152m_6462016122751300087h5"><div \
class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 9, 2017 at 10:51 AM, \
Luca Deri <span dir="ltr"><<a href="mailto:deri@ntop.org" \
target="_blank">deri@ntop.org</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div class="m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102m_-7040634885483730487moz-cite-prefix">Mikhael,<br>
are you using the latest development versions of ntopng and
nProbe? If not, please do<br>
<br>
Luca<div><div class="m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102h5"><br>
<br>
<br>
On 02/09/2017 08:53 AM, Mikhael Chernogorsky wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div \
class="m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102h5">
<div dir="ltr">Hi,
<div>I've just got nprobe (pro), voip plugin, ntopng (ce).</div>
<div>was planned to use it to monitor voip problems.</div>
<div>But could not configure them (nprobe + ntopng) to work
right. Ntopng does not show any VOIP/TOS related statistics</div>
<div><br>
</div>
<div>Tried to run it as described there</div>
<div><a href="http://www.ntop.org/nprobe/monitoring-voip-traffic-with-nprobe-and-ntopng/" \
target="_blank">http://www.ntop.org/nprobe/mon<wbr>itoring-voip-traffic-with-npro<wbr>be-and-ntopng/</a><br>
</div>
<div><br>
</div>
<div>
<ol class="m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102m_-7040634885483730487gmail-hoverEnabled \
m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102m_-7040634885483730487enlighterEnlighterJS \
m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102m_-7040634885483730487gmail-EnlighterJS" \
style="margin:0px 0px 20px;padding:0px;border:1px solid \
rgb(224,224,224);outline:0px;font-size:11px;vertical-align:baseline;background-image:i \
nitial;background-position:initial;background-size:initial;background-repeat:initial;b \
ackground-origin:initial;background-clip:initial;background-color:rgb(249,249,249);list-style:none;font-family:"source \
code pro","liberation mono","courier \
new",courier,monospace;line-height:16px;overflow:auto;white-space:pre-wrap;word-wrap:break-word;color:rgb(147,147,147);border-radius:8px"><li \
class="m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102m_-7040634885483730487gmail-odd" \
style="margin:0px 0px 0px 40px;padding:5px 5px 1px 14px;border-width:0px 0px 0px \
1px;border-style:solid;border-color:rgb(255,255,255) rgb(255,255,255) \
rgb(255,255,255) rgb(224,224,224);outline:0px;font-size:inherit;vertical-align:baselin \
e;background-image:initial;background-position:initial;background-size:initial;backgro \
und-repeat:initial;background-origin:initial;background-clip:initial;background-color: \
rgb(255,255,255);line-height:16px;color:rgb(170,170,170);list-style:decimal"><span \
class="m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102m_-7040634885483730487gmail-co1" \
style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12px;vertical-align:bas \
eline;background-image:initial;background-position:initial;background-size:initial;bac \
kground-repeat:initial;background-origin:initial;background-clip:initial;background-co \
lor:transparent;color:rgb(153,153,170);line-height:inherit;font-family:inherit"># \
nprobe -i eth1 -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP \
%OUTPUT_SNMP %IN_PKTS %IN_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT \
%L4_DST_PORT %TCP_FLAGS %PROTOCOL %L7_PROTO @SIP@ @RTP@" --redis localhost --zmq \
tcp://<a href="http://127.0.0.1:1234" target="_blank">127.0.0.1:1234</a></span><span \
class="m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102m_-7040634885483730487gmail-" \
style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12px;vertical-align:bas \
eline;background-image:initial;background-position:initial;background-size:initial;bac \
kground-repeat:initial;background-origin:initial;background-clip:initial;background-co \
lor:transparent;color:rgb(0,0,0);line-height:inherit;font-family:inherit"></span></li><li \
class="m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102m_-7040634885483730487even" \
style="margin:0px 0px 0px 40px;padding:1px 5px 1px 14px;border-width:0px 0px 0px \
1px;border-style:solid;border-color:rgb(255,255,255) rgb(255,255,255) \
rgb(255,255,255) rgb(224,224,224);outline:0px;font-size:inherit;vertical-align:baselin \
e;background-image:initial;background-position:initial;background-size:initial;backgro \
und-repeat:initial;background-origin:initial;background-clip:initial;background-color: \
rgb(255,255,255);line-height:16px;color:rgb(170,170,170);list-style:decimal"><span \
class="m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102m_-7040634885483730487gmail-" \
style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12px;vertical-align:bas \
eline;background-image:initial;background-position:initial;background-size:initial;bac \
kground-repeat:initial;background-origin:initial;background-clip:initial;background-co \
lor:transparent;color:rgb(0,0,0);line-height:inherit;font-family:inherit"></span> \
</li><li class="m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102m_-7040634885483730487gmail-odd" \
style="margin:0px 0px 0px 40px;padding:1px 5px 5px 14px;border-width:0px 0px 0px \
1px;border-style:solid;border-color:rgb(255,255,255) rgb(255,255,255) \
rgb(255,255,255) rgb(224,224,224);outline:0px;font-size:inherit;vertical-align:baselin \
e;background-image:initial;background-position:initial;background-size:initial;backgro \
und-repeat:initial;background-origin:initial;background-clip:initial;background-color: \
rgb(255,255,255);line-height:16px;color:rgb(170,170,170);list-style:decimal"><span \
class="m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102m_-7040634885483730487gmail-" \
style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12px;vertical-align:bas \
eline;background-image:initial;background-position:initial;background-size:initial;bac \
kground-repeat:initial;background-origin:initial;background-clip:initial;background-color:transparent;color:rgb(0,0,0);line-height:inherit;font-family:inherit">$ \
ntopng -i tcp</span><span \
class="m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102m_-7040634885483730487gmail-co1" \
style="margin:0px;padding:0px;border:0px;outline:0px;font-size:12px;vertical-align:bas \
eline;background-image:initial;background-position:initial;background-size:initial;bac \
kground-repeat:initial;background-origin:initial;background-clip:initial;background-co \
lor:transparent;color:rgb(153,153,170);line-height:inherit;font-family:inherit">://<a \
href="http://127.0.0.1:1234" target="_blank">127.0.0.1:1234</a></span></li></ol> \
</div> <div><br>
</div>
<div>and this version</div>
<div>
<div>nprobe -i ens192 -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR
%IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES
%FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT
%TCP_FLAGS %PROTOCOL %L7_PROTO @SIP@ @RTP@" --redis
localhost --zmq-probe-mode --zmq-encrypt-pwd myencryptionkey
--online-license-check</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Still see no voip packet or COS/TOS details.</div>
<div><br>
</div>
<div><br>
</div>
<div>What am I doing wrong ?</div>
<div><br>
</div>
<div>Best,</div>
<div>Mike</div>
</div>
<br>
<fieldset class="m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102m_-7040634885483730487mimeAttachmentHeader"></fieldset>
<br>
</div></div><pre>______________________________<wbr>_________________
Ntop mailing list
<a class="m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102m_-7040634885483730487moz-txt-link-abbreviated" \
href="mailto:Ntop@listgateway.unipi.it" target="_blank">Ntop@listgateway.unipi.it</a> \
<a class="m_1791076276012566948m_5829194080623925152m_6462016122751300087m_-3992856935308488102m_-7040634885483730487moz-txt-link-freetext" \
href="http://listgateway.unipi.it/mailman/listinfo/ntop" \
target="_blank">http://listgateway.unipi.it/ma<wbr>ilman/listinfo/ntop</a></pre> \
</blockquote> <p><br>
</p>
</div>
<br>______________________________<wbr>_________________<br>
Ntop mailing list<br>
<a href="mailto:Ntop@listgateway.unipi.it" \
target="_blank">Ntop@listgateway.unipi.it</a><br> <a \
href="http://listgateway.unipi.it/mailman/listinfo/ntop" rel="noreferrer" \
target="_blank">http://listgateway.unipi.it/ma<wbr>ilman/listinfo/ntop</a><br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div><br>______________________________<wbr>_________________<br>
Ntop mailing list<br>
<a href="mailto:Ntop@listgateway.unipi.it" \
target="_blank">Ntop@listgateway.unipi.it</a><br> <a \
href="http://listgateway.unipi.it/mailman/listinfo/ntop" rel="noreferrer" \
target="_blank">http://listgateway.unipi.it/ma<wbr>ilman/listinfo/ntop</a><br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div><br>______________________________<wbr>_________________<br>
Ntop mailing list<br>
<a href="mailto:Ntop@listgateway.unipi.it">Ntop@listgateway.unipi.it</a><br>
<a href="http://listgateway.unipi.it/mailman/listinfo/ntop" rel="noreferrer" \
target="_blank">http://listgateway.unipi.it/<wbr>mailman/listinfo/ntop</a><br></blockquote></div><br></div>
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic