![]() ![]() Nprobe -zmq "tcp://*:5556" -i eth1 -n none -T ntopng cannot reach nProbe, but nProbe can reach ntopng the configuration that should be used is When both nProbe and ntopng are on the same network, or when ntopng is in another network but can reach nProbe, the following configuration should be used This avoids the insertion of lengthy, time-consuming, and possibly insecure rules in network devices, as it is enough to ensure the client can reach the server, while NATs will automatically handle the returning server-to-client part of the communication. Luckily, to handle these scenarios, ntopng (and nProbe) can be configured to act as either the client or the server of the JSON-Over-ZMQ communication, interchangeably. Similarly, it could be necessary for an ntopng behind a NAT to collect flows from an nProbe in another network. Sometimes, it could be necessary for an ntopng to collect flows from an nProbe in a separate network, possibly behind a NAT or even shielded with a firewall. Nprobe -zmq "tcp://:5556" -zmq-probe-mode -i eth1 -n none -T -zmq "tcp://:5556" -zmq-probe-mode -i none -n none -collector-port 2055 -T -zmq "tcp://:5556" -zmq-probe-mode -i none -n none -collector-port 6343 -T reachability of nProbe and ntopng cannot always be taken for granted. Therefore, you must ensure ntopng is listening on the ANY address (that is, the wildcard * in the ZMQ endpoint address) or on another address that is reachable by the various nProbe.Īn example of such configuration is the following ntopng -i tcp://*:5556c In this configuration, the nProbes initiate the connection towards ntopng that acts as a server, and not the vice versa. To collect flows from multiple nProbe, ntopng has to be started with an extra c (that sands for collector) at the end of the ZMQ endpoint, whereas every nProbe needs option -zmq-probe-mode. This post complements the extensive documentation already available at and wants to serve as a quick memorandum to effectively deploy ntopng and nProbe for the collection of flows.Ĭollecting flows from multiple nProbe using a single ntopng can be useful to have a single place that is in charge of visualizing and archiving traffic data. The following picture summarizes the two scenarios highlighted above and demonstrates that they can also be combined together. One or multiple nProbe can be used to capture remote network interfaces traffic and send the resulting flows towards a central ntopng for the analysis and visualization. ![]() In this scenario, ntopng cannot directly monitor network interfaces nor it can see their packets. The monitoring of physical network interfaces that are attached to remote systems.In this scenario, nProbe collects and parse NetFlow/sFlow traffic from the devices, and send the resulting flows to ntopng for the visualization. The visualization of NetFlow/sFlow data originated by routers, switches, and network devices in general.Using ntopng with nProbe is convenient in several scenarios, including: Ntopng can be used to visualize traffic data that has been generated or collected by nProbe. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |