Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NTop: Users

Ntop and NetFlow

 

 

NTop users RSS feed   Index | Next | Previous | View Threaded


mike at tc3net

Apr 10, 2002, 6:12 AM

Post #1 of 21 (3990 views)
Permalink
Ntop and NetFlow

I'm trying to use Ntop with cisco netflow's, and as of yet haven't been
successful, and can't find a lot of documentation about the implementation
with the 2.0.99 version and plugin. I'm wondering about a couple of things,
1). Can ntop read cisco netflow data directly from a cisco or do I need to
have flow-tools capturing it first and grab it from there. 2) If so can I run
ntop and flow-tools on the same machine, (fails to bind port if I set
incoming to the flow-capture port). I was able to get the netflow device to
show up in the web interface fine, and of course the eth0 stats work fine
too, I'm just needing some pointers on getting netflow to work.

Regards
MIKE


mbaig at meikoamerica

Apr 1, 2003, 2:12 PM

Post #2 of 21 (3929 views)
Permalink
RE: Ntop and netflow [In reply to]

-
-Hello everyone, need a sanity check here. I've read all the docs on
-Ntop.org regarding using ntop as a collector and I just want to make
sure I
-have it correct. I can
-
-a. use ntop as a collector by setting my router(s) to export netflow
data
-to the ntop box. I have to just configure a port in the netflow plugin
and
-point the router at it, correct?

Correct!

-
-b. set up ntop as a probe and collector by configuring the plugin to
report
-back to itself, yes?

When you setup the collector port in the plugin, it starts collecting
data, you don't need to set it up as probe unless you need to export
flows from it (I'm not too sure on the probe part.. someone correct me
if I am wrong)
-
-c. Ntop will also act as a reporter for the netflow, yes? If so, is
there
-specific commandline switches/configs I should be aware of?

From Ntop itself:

"Note that the NetFlow and sFlow plugins - if enabled - force -M to be
set (i.e. they disable interface merging)."


-
-Am I close or way off?

Close

-
-thanks in advance for setting me straight.
-
-John H.

HTH
Musfa


Burton at ntopsupport

Jun 8, 2004, 2:44 PM

Post #3 of 21 (3948 views)
Permalink
RE: NTOP and Netflow [In reply to]

Usual answer is:

1. Set netFlow parameters in the plugin page
2. Activate plugin
3. Switch nic

-----Burton

> -----Original Message-----
> From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi]On Behalf Of
> Jado Moh
> Sent: Tuesday, June 08, 2004 3:50 PM
> To: ntop [at] Unipi
> Subject: [Ntop] NTOP and Netflow
>
>
> Hi,
> I am a newbie to Ntop and would like to get some information
> about integrating netflow and ntop. I have gone through some of
> the archives and FAQ explaining about integrating ntop and
> netflow. According to one of the postings , Netflow plugin has to
> be enabled and changes need to be made at Admin | Switch NIC. But
> when I browse to Admin I Switch NIC paged there is no option to
> make any changes. Here is the screen of the Admin | Switch NIC
> page. Any help in making this work is greatly appreciated.
> Network Interface Switch
> ---------------------------------
>
> Note that the NetFlow and sFlow plugins - if enabled - force -M
> to be set (i.e. they disable interface merging).
>
> Sorry, you are currently capturing traffic from only a single
> interface [eth2].
>
> This interface switch feature is meaningful only when your ntop
> instance captures traffic from multiple interfaces. You must
> specify additional interfaces via the -i command line switch at run time.
>
> ---------------------------------
>
> Report created on Tue Jun 8 15:25:27 2004 [ntop uptime: 19:24]
> Generated by ntop v.3.0 SourceForge RPM MT (SSL) [i686-pc-linux-gnu]
> Build: Mar 21 2004 18:08:27. Version: the CURRENT stable version
> Listening on [eth2] without a kernel (libpcap) filtering expression
> Web report active on interface eth2
>
>
> Thanks,
>
> Jado
>
>
>
>
>
>
>
> ---------------------------------
> Do you Yahoo!?
> Friends. Fun. Try the all-new Yahoo! Messenger


Burton at ntopSupport

Mar 14, 2005, 3:29 PM

Post #4 of 21 (3929 views)
Permalink
RE: ntop and netflow [In reply to]

Check the stats in the netflow plugin - there's a series of counters that
show flows received and what happened to them.
-----Burton

-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of seth
seth
Sent: Monday, March 14, 2005 4:19 PM
To: ntop [at] Unipi
Subject: [Ntop] ntop and netflow

I am running ntop 3.1 on a RH9 box.

My netflow probe/generator has 2 NIC's. One that is grabbing the traffic
the other is sending out Netflow data. The Netflow NIC is connected to the
NTOP box over a 100Mb crossover cable. So theoretically Netflow traffic is
the only data on that network.

My problem is that the interface statistics for the virtual Netflow
interface show that it's recieved X-packets (which is what ethereal also
shows as received). My problem is that my traffic statistics just dont
match up (they're too low). When I look at the Netflow statistics (on the
Netflow plugin page) they show that the plugin has received X/10 packets.
So my problem is that NTOP is getting all the packets but doesn't appear to
be sending them all over to the Netflow plugin.

Are there any know issues with passing packets to the plugins? Is there
some configuration that I could be missing? I am trying to use v9, but have
similar results with v5.

Both boxes are dual processing systems with 2+ GB of RAM.

Any thoughts would be great.
-seth



__________________________________
Do you Yahoo!?
Make Yahoo! your home page
http://www.yahoo.com/r/hs
_______________________________________________
Ntop mailing list
Ntop [at] unipi
http://listgateway.unipi.it/mailman/listinfo/ntop


german_seth at yahoo

Mar 20, 2005, 12:19 AM

Post #5 of 21 (3929 views)
Permalink
RE: ntop and netflow [In reply to]

I found the issue. ntop consumed all the memory (4GB)
and then started dropping packets, hence the missing
packets. Guess there is too much traffic for ntop.
Bum deal because I really liked all the ntop
information.


--- Burton Strauss <Burton [at] ntopSupport> wrote:
> Check the stats in the netflow plugin - there's a
> series of counters that
> show flows received and what happened to them.
> -----Burton
>
> -----Original Message-----
> From: ntop-bounces [at] unipi
> [mailto:ntop-bounces [at] unipi] On Behalf Of seth
> seth
> Sent: Monday, March 14, 2005 4:19 PM
> To: ntop [at] Unipi
> Subject: [Ntop] ntop and netflow
>
> I am running ntop 3.1 on a RH9 box.
>
> My netflow probe/generator has 2 NIC's. One that is
> grabbing the traffic
> the other is sending out Netflow data. The Netflow
> NIC is connected to the
> NTOP box over a 100Mb crossover cable. So
> theoretically Netflow traffic is
> the only data on that network.
>
> My problem is that the interface statistics for the
> virtual Netflow
> interface show that it's recieved X-packets (which
> is what ethereal also
> shows as received). My problem is that my traffic
> statistics just dont
> match up (they're too low). When I look at the
> Netflow statistics (on the
> Netflow plugin page) they show that the plugin has
> received X/10 packets.
> So my problem is that NTOP is getting all the
> packets but doesn't appear to
> be sending them all over to the Netflow plugin.
>
> Are there any know issues with passing packets to
> the plugins? Is there
> some configuration that I could be missing? I am
> trying to use v9, but have
> similar results with v5.
>
> Both boxes are dual processing systems with 2+ GB of
> RAM.
>
> Any thoughts would be great.
> -seth
>
>
>
> __________________________________
> Do you Yahoo!?
> Make Yahoo! your home page
> http://www.yahoo.com/r/hs
> _______________________________________________
> Ntop mailing list
> Ntop [at] unipi
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
> _______________________________________________
> Ntop mailing list
> Ntop [at] unipi
> http://listgateway.unipi.it/mailman/listinfo/ntop
>



__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/


cbeck at fontana

Mar 21, 2005, 1:14 PM

Post #6 of 21 (3935 views)
Permalink
RE: NTOP and NetFlow [In reply to]

One other question that I forgot to include:

Not a single host fingerprint is determined using NetFlow, but with
libpcap, I got at least those hosts that were local to the monitoring
interface. Is this determined via layer 2 info?

Thanks,
Chris

________________________________

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Chris Beck
Sent: Monday, March 21, 2005 12:10 PM
To: ntop [at] Unipi
Subject: [Ntop] NTOP and NetFlow


I know the NetFlow is a sore subject lately. I just have a couple
questions/observations now that I've switched from using libpcap to
NetFlows.

1. Is all layer 2 information ignored with respect to the IP flows? I no
longer get the MAC addresses of the machines that I have the traffic
stats for. I'm figuring this is the case since the NetFlow is layer 3
info, but just thought I'd bounce it off of the list.

2. Is NetBIOS name resolution not used when using NetFlow? I've noticed
that I only have names resolved for those nodes that have DNS entries.
Why would this get lost? Am I missing something?

I have done a bit of poking around, so forgive me if it's been covered.
If it has, just kick me in the right direction please.

-Chris


Burton at ntopSupport

Mar 28, 2005, 5:14 AM

Post #7 of 21 (3935 views)
Permalink
RE: NTOP and NetFlow [In reply to]

Same answer - no raw packet data. Nothing to drive fingerprinting.

-----Burton

_____

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Chris Beck
Sent: Monday, March 21, 2005 2:14 PM
To: ntop [at] Unipi
Subject: RE: [Ntop] NTOP and NetFlow


One other question that I forgot to include:

Not a single host fingerprint is determined using NetFlow, but with libpcap,
I got at least those hosts that were local to the monitoring interface. Is
this determined via layer 2 info?

Thanks,
Chris

_____

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Chris Beck
Sent: Monday, March 21, 2005 12:10 PM
To: ntop [at] Unipi
Subject: [Ntop] NTOP and NetFlow


I know the NetFlow is a sore subject lately. I just have a couple
questions/observations now that I've switched from using libpcap to
NetFlows.

1. Is all layer 2 information ignored with respect to the IP flows? I no
longer get the MAC addresses of the machines that I have the traffic stats
for. I'm figuring this is the case since the NetFlow is layer 3 info, but
just thought I'd bounce it off of the list.

2. Is NetBIOS name resolution not used when using NetFlow? I've noticed that
I only have names resolved for those nodes that have DNS entries. Why would
this get lost? Am I missing something?

I have done a bit of poking around, so forgive me if it's been covered. If
it has, just kick me in the right direction please.

-Chris


Burton at ntopSupport

Mar 28, 2005, 5:14 AM

Post #8 of 21 (3932 views)
Permalink
RE: NTOP and NetFlow [In reply to]

netFlow is pure IP - there ARE no MAC addresses. So all of the MAC
dependent stuff simply doesn't have the data.

netBIOS name resolution is part of the sniffing. Again, ntop doesn't see
the raw packets, so there's no data it CAN sniff.

-----Burton

_____

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Chris Beck
Sent: Monday, March 21, 2005 2:10 PM
To: ntop [at] Unipi
Subject: [Ntop] NTOP and NetFlow


I know the NetFlow is a sore subject lately. I just have a couple
questions/observations now that I've switched from using libpcap to
NetFlows.

1. Is all layer 2 information ignored with respect to the IP flows? I no
longer get the MAC addresses of the machines that I have the traffic stats
for. I'm figuring this is the case since the NetFlow is layer 3 info, but
just thought I'd bounce it off of the list.

2. Is NetBIOS name resolution not used when using NetFlow? I've noticed that
I only have names resolved for those nodes that have DNS entries. Why would
this get lost? Am I missing something?

I have done a bit of poking around, so forgive me if it's been covered. If
it has, just kick me in the right direction please.

-Chris


chris.moore at gmd

Aug 9, 2005, 12:34 PM

Post #9 of 21 (3928 views)
Permalink
RE: ntop and netflow [In reply to]

Paolo,

You'll get the best/most information by directly mirroring the port to
Ntop. Ntop sees it ALL - not passed through any sort of filter or
process beforehand (unless you configure a filter, of course).

Chris


-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Paolo Supino
Sent: Tuesday, August 09, 2005 2:44 AM
To: ntop [at] Unipi
Subject: [Ntop] ntop and netflow

Hi

I have a trunk link that is connected to a Cisco 3550 switch that I
want to monitor. I thought of useing netflow to collect the information
from the Cisco switch, but it turned out that the switch doesn't support
netflow. So I thought of mirroring the trunk and letting NTOP collect
all the information from the link directly. My question is: Do I have to
use NTOP as a netflow collector or can NTOP display the same information
without using its netflow capabilities.





TIA
Paolo
_______________________________________________
Ntop mailing list
Ntop [at] unipi
http://listgateway.unipi.it/mailman/listinfo/ntop


**********************************************************************
Confidential/Proprietary Note

The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. Thank you.
Guardian Mtg Documents, Inc.
225 Union Boulevard, Suite 200
Lakewood, CO 80228.
**********************************************************************


vrkid0 at gmail

Aug 10, 2005, 4:07 AM

Post #10 of 21 (3941 views)
Permalink
Re: ntop and netflow [In reply to]

Hi Chris

Thanx :-) I played with it yesterday (after setting up the port
mirror) and saw that it gives me all the information I need without
netflow.





Paolo




On 8/9/05, Chris Moore <chris.moore [at] gmd> wrote:
> Paolo,
>
> You'll get the best/most information by directly mirroring the port to
> Ntop. Ntop sees it ALL - not passed through any sort of filter or
> process beforehand (unless you configure a filter, of course).
>
> Chris
>
>
> -----Original Message-----
> From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
> Paolo Supino
> Sent: Tuesday, August 09, 2005 2:44 AM
> To: ntop [at] Unipi
> Subject: [Ntop] ntop and netflow
>
> Hi
>
> I have a trunk link that is connected to a Cisco 3550 switch that I
> want to monitor. I thought of useing netflow to collect the information
> from the Cisco switch, but it turned out that the switch doesn't support
> netflow. So I thought of mirroring the trunk and letting NTOP collect
> all the information from the link directly. My question is: Do I have to
> use NTOP as a netflow collector or can NTOP display the same information
> without using its netflow capabilities.
>
>
>
>
>
> TIA
> Paolo
> _______________________________________________
> Ntop mailing list
> Ntop [at] unipi
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
> **********************************************************************
> Confidential/Proprietary Note
>
> The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. Thank you.
> Guardian Mtg Documents, Inc.
> 225 Union Boulevard, Suite 200
> Lakewood, CO 80228.
> **********************************************************************
>
> _______________________________________________
> Ntop mailing list
> Ntop [at] unipi
> http://listgateway.unipi.it/mailman/listinfo/ntop
>


intemann at gmail

Jan 11, 2010, 9:32 AM

Post #11 of 21 (3920 views)
Permalink
Re: ntop and netflow [In reply to]

By the way, I have ntop/testing 3:3.3-11+b2 installed (according to apt).
Thanks,

Chris

On Mon, Jan 11, 2010 at 6:27 PM, Christopher Intemann <intemann [at] gmail>wrote:

> Hello list,
>
> I posted this topic to the ntop-misc list already.
> However, since that list does not seem to be highly populated, I will
> address my issue again on this list:
>
> I installed ntop on a Linux box and want to add a netflow client.
> Therefore, I entered a Local Collector UDP Port (2055).
> However, external client cannots connect, nor does telnet to port 2055
> work, or does a portscan reveal an open udp port 2055.
> Do I miss any package? I'm running Debian and just typed "apt-get install
> ntop"
> There is no firewall blocking connections to that port.
> Why is ntop not listening for netflow clients?
>
> Thanks in advance,
>
> Chris
>


Ggatten at waddell

Jan 11, 2010, 9:41 AM

Post #12 of 21 (3922 views)
Permalink
Re: ntop and netflow [In reply to]

You must "enable" the netflow plugin. Also run netstat -an and look for 2055. Lastly, netflow is udp and telnet is tcp.

________________________________

From: ntop-bounces [at] listgateway <ntop-bounces [at] listgateway>
To: ntop [at] listgateway <ntop [at] listgateway>
Sent: Mon Jan 11 11:27:58 2010
Subject: [Ntop] ntop and netflow


Hello list,

I posted this topic to the ntop-misc list already.
However, since that list does not seem to be highly populated, I will address my issue again on this list:

I installed ntop on a Linux box and want to add a netflow client. Therefore, I entered a Local Collector UDP Port (2055).
However, external client cannots connect, nor does telnet to port 2055 work, or does a portscan reveal an open udp port 2055.
Do I miss any package? I'm running Debian and just typed "apt-get install ntop"
There is no firewall blocking connections to that port.
Why is ntop not listening for netflow clients?

Thanks in advance,

Chris






<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>


intemann at gmail

Jan 11, 2010, 9:52 AM

Post #13 of 21 (3919 views)
Permalink
Re: ntop and netflow [In reply to]

Ok. How would I enable the plugin?
Thanks,
Chris

On Mon, Jan 11, 2010 at 6:41 PM, Gary Gatten <Ggatten [at] waddell> wrote:

> You must "enable" the netflow plugin. Also run netstat -an and look for
> 2055. Lastly, netflow is udp and telnet is tcp.
>
> ------------------------------
> *From*: ntop-bounces [at] listgateway <
> ntop-bounces [at] listgateway>
> *To*: ntop [at] listgateway <ntop [at] listgateway>
> *Sent*: Mon Jan 11 11:27:58 2010
> *Subject*: [Ntop] ntop and netflow
>
> Hello list,
>
> I posted this topic to the ntop-misc list already.
> However, since that list does not seem to be highly populated, I will
> address my issue again on this list:
>
> I installed ntop on a Linux box and want to add a netflow client.
> Therefore, I entered a Local Collector UDP Port (2055).
> However, external client cannots connect, nor does telnet to port 2055
> work, or does a portscan reveal an open udp port 2055.
> Do I miss any package? I'm running Debian and just typed "apt-get install
> ntop"
> There is no firewall blocking connections to that port.
> Why is ntop not listening for netflow clients?
>
> Thanks in advance,
>
> Chris
> "This email is intended to be reviewed by only the intended recipient
> and may contain information that is privileged and/or confidential. If you
> are not the intended recipient, you are hereby notified that any review,
> use, dissemination, disclosure or copying of this email and its attachments,
> if any, is strictly prohibited. If you have received this email in error,
> please immediately notify the sender by return email and delete this email
> from your system."
> _______________________________________________
> Ntop mailing list
> Ntop [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>


yuri at ntop

Jan 11, 2010, 12:24 PM

Post #14 of 21 (3912 views)
Permalink
Re: ntop and netflow [In reply to]

Search for "plugins" menu in the main bar. Toggle the activation
button if needed, set the receiving port and save the config.
Yuri

Sent from my iPhone

On 11/gen/2010, at 18.52, Christopher Intemann <intemann [at] gmail>
wrote:

> Ok. How would I enable the plugin?
> Thanks,
> Chris
>
> On Mon, Jan 11, 2010 at 6:41 PM, Gary Gatten <Ggatten [at] waddell>
> wrote:
> You must "enable" the netflow plugin. Also run netstat -an and look
> for 2055. Lastly, netflow is udp and telnet is tcp.
>
> From: ntop-bounces [at] listgateway <ntop-bounces [at] listgateway
> >
> To: ntop [at] listgateway <ntop [at] listgateway>
> Sent: Mon Jan 11 11:27:58 2010
> Subject: [Ntop] ntop and netflow
>
> Hello list,
>
> I posted this topic to the ntop-misc list already.
> However, since that list does not seem to be highly populated, I
> will address my issue again on this list:
>
> I installed ntop on a Linux box and want to add a netflow client.
> Therefore, I entered a Local Collector UDP Port (2055).
> However, external client cannots connect, nor does telnet to port
> 2055 work, or does a portscan reveal an open udp port 2055.
> Do I miss any package? I'm running Debian and just typed "apt-get
> install ntop"
> There is no firewall blocking connections to that port.
> Why is ntop not listening for netflow clients?
>
> Thanks in advance,
>
> Chris
> "This email is intended to be reviewed by only the intended
> recipient and may contain information that is privileged and/or
> confidential. If you are not the intended recipient, you are hereby
> notified that any review, use, dissemination, disclosure or copying
> of this email and its attachments, if any, is strictly prohibited.
> If you have received this email in error, please immediately notify
> the sender by return email and delete this email from your system."
> _______________________________________________
> Ntop mailing list
> Ntop [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
> _______________________________________________
> Ntop mailing list
> Ntop [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop


dent103 at hotmail

Jan 11, 2010, 2:36 PM

Post #15 of 21 (3915 views)
Permalink
Re: ntop and netflow [In reply to]

from the web interface... plugins -> netflow and make your settings there
also make sure you have udp port opened in iptables

From: intemann [at] gmail
Date: Mon, 11 Jan 2010 18:52:40 +0100
To: ntop [at] unipi
Subject: Re: [Ntop] ntop and netflow

Ok. How would I enable the plugin?
Thanks,
Chris

On Mon, Jan 11, 2010 at 6:41 PM, Gary Gatten <Ggatten [at] waddell> wrote:



You must "enable" the netflow plugin. Also run netstat -an and look for 2055. Lastly, netflow is udp and telnet is tcp.



From: ntop-bounces [at] listgateway <ntop-bounces [at] listgateway>

To: ntop [at] listgateway <ntop [at] listgateway>

Sent: Mon Jan 11 11:27:58 2010
Subject: [Ntop] ntop and netflow



Hello list,

I posted this topic to the ntop-misc list already.
However, since that list does not seem to be highly populated, I will address my issue again on this list:

I installed ntop on a Linux box and want to add a netflow client. Therefore, I entered a Local Collector UDP Port (2055).




However, external client cannots connect, nor does telnet to port 2055 work, or does a portscan reveal an open udp port 2055.

Do I miss any package? I'm running Debian and just typed "apt-get install ntop"
There is no firewall blocking connections to that port.
Why is ntop not listening for netflow clients?

Thanks in advance,





Chris







"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."



_______________________________________________

Ntop mailing list

Ntop [at] listgateway

http://listgateway.unipi.it/mailman/listinfo/ntop




_________________________________________________________________


mukom.tamon at gmail

Jan 11, 2010, 9:26 PM

Post #16 of 21 (3915 views)
Permalink
Re: ntop and netflow [In reply to]

Hello Chris,
Check out the NTOP Guide at http://techowto.wordpress.com
There is a section detailing how to use NTOP with Netflow, for both Cisco &
Mikrotik.

M.A. TAMON
_________________________




On Mon, Jan 11, 2010 at 9:27 PM, Christopher Intemann <intemann [at] gmail>wrote:

> Hello list,
>
> I posted this topic to the ntop-misc list already.
> However, since that list does not seem to be highly populated, I will
> address my issue again on this list:
>
> I installed ntop on a Linux box and want to add a netflow client.
> Therefore, I entered a Local Collector UDP Port (2055).
> However, external client cannots connect, nor does telnet to port 2055
> work, or does a portscan reveal an open udp port 2055.
> Do I miss any package? I'm running Debian and just typed "apt-get install
> ntop"
> There is no firewall blocking connections to that port.
> Why is ntop not listening for netflow clients?
>
> Thanks in advance,
>
> Chris
>
> _______________________________________________
> Ntop mailing list
> Ntop [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>


mukom.tamon at gmail

Jan 11, 2010, 9:26 PM

Post #17 of 21 (3911 views)
Permalink
Re: ntop and netflow [In reply to]

Hello Chris,
Check out the NTOP Guide at http://techowto.wordpress.com
There is a section detailing how to use NTOP with Netflow, for both Cisco &
Mikrotik.

M.A. TAMON
_________________________




On Mon, Jan 11, 2010 at 9:27 PM, Christopher Intemann <intemann [at] gmail>wrote:

> Hello list,
>
> I posted this topic to the ntop-misc list already.
> However, since that list does not seem to be highly populated, I will
> address my issue again on this list:
>
> I installed ntop on a Linux box and want to add a netflow client.
> Therefore, I entered a Local Collector UDP Port (2055).
> However, external client cannots connect, nor does telnet to port 2055
> work, or does a portscan reveal an open udp port 2055.
> Do I miss any package? I'm running Debian and just typed "apt-get install
> ntop"
> There is no firewall blocking connections to that port.
> Why is ntop not listening for netflow clients?
>
> Thanks in advance,
>
> Chris
>
> _______________________________________________
> Ntop mailing list
> Ntop [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>


intemann at gmail

Jan 12, 2010, 7:07 AM

Post #18 of 21 (3915 views)
Permalink
Re: ntop and netflow [In reply to]

Hello,

I already activated the netflow-plugin as described by Arthur.
netstat reveals the following:

root [at] bo:/home/ssms# netstat -an|grep 2055
udp 0 0 0.0.0.0:2055 0.0.0.0:*

Should there be my IP address instead of the bunch of 0's?
Thanks,
Chris

On Mon, Jan 11, 2010 at 11:36 PM, arthur dent <dent103 [at] hotmail> wrote:

> from the web interface... plugins -> netflow and make your settings there
> also make sure you have udp port opened in iptables
>
> ------------------------------
> From: intemann [at] gmail
> Date: Mon, 11 Jan 2010 18:52:40 +0100
> To: ntop [at] unipi
> Subject: Re: [Ntop] ntop and netflow
>
>
> Ok. How would I enable the plugin?
> Thanks,
> Chris
>
> On Mon, Jan 11, 2010 at 6:41 PM, Gary Gatten <Ggatten [at] waddell> wrote:
>
> You must "enable" the netflow plugin. Also run netstat -an and look for
> 2055. Lastly, netflow is udp and telnet is tcp.
>
> ------------------------------
> *From*: ntop-bounces [at] listgateway <
> ntop-bounces [at] listgateway>
> *To*: ntop [at] listgateway <ntop [at] listgateway>
> *Sent*: Mon Jan 11 11:27:58 2010
> *Subject*: [Ntop] ntop and netflow
>
> Hello list,
>
> I posted this topic to the ntop-misc list already.
> However, since that list does not seem to be highly populated, I will
> address my issue again on this list:
>
> I installed ntop on a Linux box and want to add a netflow client.
> Therefore, I entered a Local Collector UDP Port (2055).
> However, external client cannots connect, nor does telnet to port 2055
> work, or does a portscan reveal an open udp port 2055.
> Do I miss any package? I'm running Debian and just typed "apt-get install
> ntop"
> There is no firewall blocking connections to that port.
> Why is ntop not listening for netflow clients?
>
> Thanks in advance,
>
> Chris
> "This email is intended to be reviewed by only the intended recipient
> and may contain information that is privileged and/or confidential. If you
> are not the intended recipient, you are hereby notified that any review,
> use, dissemination, disclosure or copying of this email and its attachments,
> if any, is strictly prohibited. If you have received this email in error,
> please immediately notify the sender by return email and delete this email
> from your system."
> _______________________________________________
> Ntop mailing list
> Ntop [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> ------------------------------
>
> _______________________________________________
> Ntop mailing list
> Ntop [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>


Ggatten at waddell

Jan 12, 2010, 7:17 AM

Post #19 of 21 (3918 views)
Permalink
Re: ntop and netflow [In reply to]

Netstat looks correct. To confirm netflow records are arriving at the ntop host, use tcpdump. Also, before you can view netflow data you must "switch nic" to the netflow interface.

________________________________

From: ntop-bounces [at] listgateway <ntop-bounces [at] listgateway>
To: ntop [at] unipi <ntop [at] unipi>
Sent: Tue Jan 12 09:07:17 2010
Subject: Re: [Ntop] ntop and netflow


Hello,

I already activated the netflow-plugin as described by Arthur.
netstat reveals the following:

root [at] bo:/home/ssms# netstat -an|grep 2055
udp 0 0 0.0.0.0:2055 0.0.0.0:*

Should there be my IP address instead of the bunch of 0's?
Thanks,
Chris


On Mon, Jan 11, 2010 at 11:36 PM, arthur dent <dent103 [at] hotmail> wrote:


from the web interface... plugins -> netflow and make your settings there
also make sure you have udp port opened in iptables


________________________________

From: intemann [at] gmail
Date: Mon, 11 Jan 2010 18:52:40 +0100
To: ntop [at] unipi
Subject: Re: [Ntop] ntop and netflow


Ok. How would I enable the plugin?
Thanks,
Chris


On Mon, Jan 11, 2010 at 6:41 PM, Gary Gatten <Ggatten [at] waddell> wrote:


You must "enable" the netflow plugin. Also run netstat -an and look for 2055. Lastly, netflow is udp and telnet is tcp.

________________________________

From: ntop-bounces [at] listgateway <ntop-bounces [at] listgateway>
To: ntop [at] listgateway <ntop [at] listgateway>
Sent: Mon Jan 11 11:27:58 2010
Subject: [Ntop] ntop and netflow


Hello list,

I posted this topic to the ntop-misc list already.
However, since that list does not seem to be highly populated, I will address my issue again on this list:

I installed ntop on a Linux box and want to add a netflow client. Therefore, I entered a Local Collector UDP Port (2055).
However, external client cannots connect, nor does telnet to port 2055 work, or does a portscan reveal an open udp port 2055.
Do I miss any package? I'm running Debian and just typed "apt-get install ntop"
There is no firewall blocking connections to that port.
Why is ntop not listening for netflow clients?

Thanks in advance,

Chris

"This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system."
_______________________________________________
Ntop mailing list
Ntop [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop





________________________________



_______________________________________________
Ntop mailing list
Ntop [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop









<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>


intemann at gmail

Jan 12, 2010, 7:57 AM

Post #20 of 21 (3916 views)
Permalink
Re: ntop and netflow [In reply to]

Thanks, Gary.
It seems that I cannot receive packages from my router.
It is a fonera router running OpenWRT.
I'm using this command to send packages:
fprobe -ibr-lan SERVERIP:2055 (where SERVERIP is my ntop-server)

According to this <http://weblog.etherized.com/?p=127> manual, it should do
the trick - but doesn't.
My server and my router are not on the same network. Maybe packages to UDP
port 2055 are not routed via WAN?
Thanks,
Chris


On Tue, Jan 12, 2010 at 4:17 PM, Gary Gatten <Ggatten [at] waddell> wrote:

> Netstat looks correct. To confirm netflow records are arriving at the ntop
> host, use tcpdump. Also, before you can view netflow data you must "switch
> nic" to the netflow interface.
>
> ------------------------------
> *From*: ntop-bounces [at] listgateway <
> ntop-bounces [at] listgateway>
> *To*: ntop [at] unipi <ntop [at] unipi>
> *Sent*: Tue Jan 12 09:07:17 2010
>
> *Subject*: Re: [Ntop] ntop and netflow
>
> Hello,
>
> I already activated the netflow-plugin as described by Arthur.
> netstat reveals the following:
>
> root [at] bo:/home/ssms# netstat -an|grep 2055
> udp 0 0 0.0.0.0:2055 0.0.0.0:*
>
> Should there be my IP address instead of the bunch of 0's?
> Thanks,
> Chris
>
> On Mon, Jan 11, 2010 at 11:36 PM, arthur dent <dent103 [at] hotmail> wrote:
>
>> from the web interface... plugins -> netflow and make your settings there
>> also make sure you have udp port opened in iptables
>>
>> ------------------------------
>> From: intemann [at] gmail
>> Date: Mon, 11 Jan 2010 18:52:40 +0100
>> To: ntop [at] unipi
>> Subject: Re: [Ntop] ntop and netflow
>>
>>
>> Ok. How would I enable the plugin?
>> Thanks,
>> Chris
>>
>> On Mon, Jan 11, 2010 at 6:41 PM, Gary Gatten <Ggatten [at] waddell> wrote:
>>
>> You must "enable" the netflow plugin. Also run netstat -an and look for
>> 2055. Lastly, netflow is udp and telnet is tcp.
>>
>> ------------------------------
>> *From*: ntop-bounces [at] listgateway <
>> ntop-bounces [at] listgateway>
>> *To*: ntop [at] listgateway <ntop [at] listgateway>
>> *Sent*: Mon Jan 11 11:27:58 2010
>> *Subject*: [Ntop] ntop and netflow
>>
>> Hello list,
>>
>> I posted this topic to the ntop-misc list already.
>> However, since that list does not seem to be highly populated, I will
>> address my issue again on this list:
>>
>> I installed ntop on a Linux box and want to add a netflow client.
>> Therefore, I entered a Local Collector UDP Port (2055).
>> However, external client cannots connect, nor does telnet to port 2055
>> work, or does a portscan reveal an open udp port 2055.
>> Do I miss any package? I'm running Debian and just typed "apt-get install
>> ntop"
>> There is no firewall blocking connections to that port.
>> Why is ntop not listening for netflow clients?
>>
>> Thanks in advance,
>>
>> Chris
>> "This email is intended to be reviewed by only the intended recipient
>> and may contain information that is privileged and/or confidential. If you
>> are not the intended recipient, you are hereby notified that any review,
>> use, dissemination, disclosure or copying of this email and its attachments,
>> if any, is strictly prohibited. If you have received this email in error,
>> please immediately notify the sender by return email and delete this email
>> from your system."
>> _______________________________________________
>> Ntop mailing list
>> Ntop [at] listgateway
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>>
>>
>> ------------------------------
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop [at] listgateway
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>>
> "This email is intended to be reviewed by only the intended recipient
> and may contain information that is privileged and/or confidential. If you
> are not the intended recipient, you are hereby notified that any review,
> use, dissemination, disclosure or copying of this email and its attachments,
> if any, is strictly prohibited. If you have received this email in error,
> please immediately notify the sender by return email and delete this email
> from your system."
>
> _______________________________________________
> Ntop mailing list
> Ntop [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>


Ggatten at waddell

Jan 12, 2010, 8:02 AM

Post #21 of 21 (3913 views)
Permalink
Re: ntop and netflow [In reply to]

Not sure what you mean by "packages", but udp is routable unless you're filtering somewhere. Not familiar with your router either, but obviously if the flows don't make it to the nTop host it can't display them.

________________________________

From: ntop-bounces [at] listgateway <ntop-bounces [at] listgateway>
To: ntop [at] unipi <ntop [at] unipi>
Sent: Tue Jan 12 09:57:08 2010
Subject: Re: [Ntop] ntop and netflow


Thanks, Gary.
It seems that I cannot receive packages from my router.
It is a fonera router running OpenWRT.
I'm using this command to send packages:
fprobe -ibr-lan SERVERIP:2055 (where SERVERIP is my ntop-server)

According to this <http://weblog.etherized.com/?p=127> manual, it should do the trick - but doesn't.
My server and my router are not on the same network. Maybe packages to UDP port 2055 are not routed via WAN?
Thanks,
Chris



On Tue, Jan 12, 2010 at 4:17 PM, Gary Gatten <Ggatten [at] waddell> wrote:


Netstat looks correct. To confirm netflow records are arriving at the ntop host, use tcpdump. Also, before you can view netflow data you must "switch nic" to the netflow interface.

________________________________


From: ntop-bounces [at] listgateway <ntop-bounces [at] listgateway>

To: ntop [at] unipi <ntop [at] unipi>
Sent: Tue Jan 12 09:07:17 2010

Subject: Re: [Ntop] ntop and netflow


Hello,

I already activated the netflow-plugin as described by Arthur.
netstat reveals the following:

root [at] bo:/home/ssms# netstat -an|grep 2055
udp 0 0 0.0.0.0:2055 0.0.0.0:*

Should there be my IP address instead of the bunch of 0's?
Thanks,
Chris


On Mon, Jan 11, 2010 at 11:36 PM, arthur dent <dent103 [at] hotmail> wrote:


from the web interface... plugins -> netflow and make your settings there
also make sure you have udp port opened in iptables


________________________________

From: intemann [at] gmail
Date: Mon, 11 Jan 2010 18:52:40 +0100
To: ntop [at] unipi
Subject: Re: [Ntop] ntop and netflow


Ok. How would I enable the plugin?
Thanks,
Chris


On Mon, Jan 11, 2010 at 6:41 PM, Gary Gatten <Ggatten [at] waddell> wrote:


You must "enable" the netflow plugin. Also run netstat -an and look for 2055. Lastly, netflow is udp and telnet is tcp.

________________________________

From: ntop-bounces [at] listgateway <ntop-bounces [at] listgateway>
To: ntop [at] listgateway <ntop [at] listgateway>
Sent: Mon Jan 11 11:27:58 2010
Subject: [Ntop] ntop and netflow


Hello list,

I posted this topic to the ntop-misc list already.
However, since that list does not seem to be highly populated, I will address my issue again on this list:

I installed ntop on a Linux box and want to add a netflow client. Therefore, I entered a Local Collector UDP Port (2055).
However, external client cannots connect, nor does telnet to port 2055 work, or does a portscan reveal an open udp port 2055.
Do I miss any package? I'm running Debian and just typed "apt-get install ntop"
There is no firewall blocking connections to that port.
Why is ntop not listening for netflow clients?

Thanks in advance,

Chris

"This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system."
_______________________________________________
Ntop mailing list
Ntop [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop





________________________________



_______________________________________________
Ntop mailing list
Ntop [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop





"This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system."

_______________________________________________
Ntop mailing list
Ntop [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop









<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>

NTop users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.