Chris Markus
2017-07-14 13:38:33 UTC
Hi Simone,
I tried what you said but I am still not getting all the networks from netflow data on my router. Here is a screenshot of what networks I am getting. There should be 4 networks under the 192.168.0.0/16 range and 1 network in the 172.16.0.0/16 range. Any help is much appreciated. We can also purchase the license if you like but I am not sure which one we should buy. I am just trying to see how the software will help us in analyzing network traffic and addressing bandwidth hogs on the network. Thank you.
[cid:***@01D2FC74.30C4DEA0]
-----Original Message-----
From: ntop-***@listgateway.unipi.it [mailto:ntop-***@listgateway.unipi.it] On Behalf Of ntop-***@listgateway.unipi.it
Sent: July 14, 2017 1:40 AM
To: ***@listgateway.unipi.it
Subject: Ntop Digest, Vol 158, Issue 11
Send Ntop mailing list submissions to
***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>
To subscribe or unsubscribe via the World Wide Web, visit
http://listgateway.unipi.it/mailman/listinfo/ntop
or, via email, send a message with subject or body 'help' to
ntop-***@listgateway.unipi.it<mailto:ntop-***@listgateway.unipi.it>
You can reach the person managing the list at
ntop-***@listgateway.unipi.it<mailto:ntop-***@listgateway.unipi.it>
When replying, please edit your Subject line so it is more specific than "Re: Contents of Ntop digest..."
Today's Topics:
1. Help (Chris Markus)
2. Daily download totals needed (Peter Shute)
3. Re: Daily download totals needed (Peter Shute)
4. Re: Help (Simone Mainardi)
5. Re: Help (Simone Mainardi)
----------------------------------------------------------------------
Message: 1
Date: Thu, 13 Jul 2017 17:19:39 +0000
From: Chris Markus <***@perimeter9.com<mailto:***@perimeter9.com>>
To: "***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>" <***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>>
Subject: [Ntop] Help
Message-ID:
<***@CY1PR0101MB0924.prod.exchangelabs.com<mailto:***@CY1PR0101MB0924.prod.exchangelabs.com>>
Content-Type: text/plain; charset="us-ascii"
Hello,
I recently installed Ntop and I love it so far. However I am unable to pull any netflow data from my router. Ntop is only displaying 1 network that is connected to the machine I am running the website from. Any help would be much appreciated.
Thank you,
[Perimeter9 Logo]<http://www.perimeter9.com>
Chris Markus
p. 403.212.4358
c. +1 5877779537
e. ***@perimeter9.com<mailto:***@perimeter9.com>
w. www.perimeter9.com<http://www.perimeter9.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listgateway.unipi.it/pipermail/ntop/attachments/20170713/34eb7077/attachment-0001.htm>
------------------------------
Message: 2
Date: Fri, 14 Jul 2017 11:59:18 +1000
From: Peter Shute <***@nuw.org.au<mailto:***@nuw.org.au>>
To: "'***@listgateway.unipi.it'" <***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>>
Subject: [Ntop] Daily download totals needed
Message-ID: <***@nuwvicms2>
Content-Type: text/plain; charset="us-ascii"
I'm investigating why our ISP's website is displaying our daily download stats as about 1/4 of the normal amounts for the last three weeks.
One theory is that their stats are wrong, so I'm trying to use ntopng to verify their totals. How?
The historical data explorer is giving totals way too high, so I assume includes outgoing traffic too, and probably WAN traffic. Is there no way to separate these out?
If I click on Interfaces, and select the only option there, then on what looks like someone wearing a stethoscope, I see the traffic broken up by profiles, so I can choose "Incoming only", which I've defined as " dst net 192.168 and not src net 192.168". I click on the graph icon, and I can see the last day, week, etc, with the total for that period at the bottom. But I can't get a total for yesterday, or the day before. I can't even get a midnight to midnight total for the last day because it uses the current time as the end of the 24 hours.
Is there a way to get what I want from it?
Peter Shute
------------------------------
Message: 3
Date: Fri, 14 Jul 2017 14:30:41 +1000
From: Peter Shute <***@nuw.org.au<mailto:***@nuw.org.au>>
To: "'***@unipi.it'" <***@unipi.it<mailto:***@unipi.it>>
Subject: Re: [Ntop] Daily download totals needed
Message-ID: <***@nuwvicms2>
Content-Type: text/plain; charset="us-ascii"
I'm confused about the "Info" filter on the Historical Data Explorer page. In the results, in the IPv4 tab, the info column contains the names of traffic profiles I've created. But if I type any of those names into the Info filter box, it returns no results.
And if I download IPv4 flows, the Info column is empty, and traffic profile names are in the Profile column.
What exactly is this Info filter? Is there any way to filter on traffic profile?
And why is there no mention of the historical data explorer in the user guide? (https://raw.githubusercontent.com/ntop/ntopng/dev/doc/UserGuide.pdf)
Message: 4
Date: Fri, 14 Jul 2017 09:39:26 +0200
From: Simone Mainardi <***@ntop.org<mailto:***@ntop.org>>
To: ***@unipi.it<mailto:***@unipi.it>
Cc: "***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>" <***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>>
Subject: Re: [Ntop] Help
Message-ID: <DB794E08-7E97-42E8-985B-***@ntop.org<mailto:DB794E08-7E97-42E8-985B-***@ntop.org>>
Content-Type: text/plain; charset="us-ascii"
Dear Chris,
In order to monitor net flow data you need to use ntopng in combination with nProbe.
Assuming your have configured your devices to export Netflow on port 2055, you can use this configuration:
./nprobe -i none -n none --collector-port 2055 --zmq tcp://*:5556
This configuration will collect flows and deliver them to ntopng that you can configure as follows:
./ntopng -i tcp://<nProbe host IP>:5556 --local-networks "a list of comma separated networks in CIDR notation"
Regards,
Simone
An HTML attachment was scrubbed...
URL: <http://listgateway.unipi.it/pipermail/ntop/attachments/20170714/925f8e70/attachment-0001.htm>
------------------------------
Message: 5
Date: Fri, 14 Jul 2017 09:39:26 +0200
From: Simone Mainardi <***@ntop.org<mailto:***@ntop.org>>
To: ***@unipi.it<mailto:***@unipi.it>
Cc: "***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>" <***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>>
Subject: Re: [Ntop] Help
Message-ID: <DB794E08-7E97-42E8-985B-***@ntop.org<mailto:DB794E08-7E97-42E8-985B-***@ntop.org>>
Content-Type: text/plain; charset="us-ascii"
Dear Chris,
In order to monitor net flow data you need to use ntopng in combination with nProbe.
Assuming your have configured your devices to export Netflow on port 2055, you can use this configuration:
./nprobe -i none -n none --collector-port 2055 --zmq tcp://*:5556
This configuration will collect flows and deliver them to ntopng that you can configure as follows:
./ntopng -i tcp://<nProbe host IP>:5556 --local-networks "a list of comma separated networks in CIDR notation"
Regards,
Simone
An HTML attachment was scrubbed...
URL: <http://listgateway.unipi.it/pipermail/ntop/attachments/20170714/925f8e70/attachment-0002.htm>
------------------------------
_______________________________________________
Ntop mailing list
***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop
End of Ntop Digest, Vol 158, Issue 11
*************************************
I tried what you said but I am still not getting all the networks from netflow data on my router. Here is a screenshot of what networks I am getting. There should be 4 networks under the 192.168.0.0/16 range and 1 network in the 172.16.0.0/16 range. Any help is much appreciated. We can also purchase the license if you like but I am not sure which one we should buy. I am just trying to see how the software will help us in analyzing network traffic and addressing bandwidth hogs on the network. Thank you.
[cid:***@01D2FC74.30C4DEA0]
-----Original Message-----
From: ntop-***@listgateway.unipi.it [mailto:ntop-***@listgateway.unipi.it] On Behalf Of ntop-***@listgateway.unipi.it
Sent: July 14, 2017 1:40 AM
To: ***@listgateway.unipi.it
Subject: Ntop Digest, Vol 158, Issue 11
Send Ntop mailing list submissions to
***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>
To subscribe or unsubscribe via the World Wide Web, visit
http://listgateway.unipi.it/mailman/listinfo/ntop
or, via email, send a message with subject or body 'help' to
ntop-***@listgateway.unipi.it<mailto:ntop-***@listgateway.unipi.it>
You can reach the person managing the list at
ntop-***@listgateway.unipi.it<mailto:ntop-***@listgateway.unipi.it>
When replying, please edit your Subject line so it is more specific than "Re: Contents of Ntop digest..."
Today's Topics:
1. Help (Chris Markus)
2. Daily download totals needed (Peter Shute)
3. Re: Daily download totals needed (Peter Shute)
4. Re: Help (Simone Mainardi)
5. Re: Help (Simone Mainardi)
----------------------------------------------------------------------
Message: 1
Date: Thu, 13 Jul 2017 17:19:39 +0000
From: Chris Markus <***@perimeter9.com<mailto:***@perimeter9.com>>
To: "***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>" <***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>>
Subject: [Ntop] Help
Message-ID:
<***@CY1PR0101MB0924.prod.exchangelabs.com<mailto:***@CY1PR0101MB0924.prod.exchangelabs.com>>
Content-Type: text/plain; charset="us-ascii"
Hello,
I recently installed Ntop and I love it so far. However I am unable to pull any netflow data from my router. Ntop is only displaying 1 network that is connected to the machine I am running the website from. Any help would be much appreciated.
Thank you,
[Perimeter9 Logo]<http://www.perimeter9.com>
Chris Markus
p. 403.212.4358
c. +1 5877779537
e. ***@perimeter9.com<mailto:***@perimeter9.com>
w. www.perimeter9.com<http://www.perimeter9.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listgateway.unipi.it/pipermail/ntop/attachments/20170713/34eb7077/attachment-0001.htm>
------------------------------
Message: 2
Date: Fri, 14 Jul 2017 11:59:18 +1000
From: Peter Shute <***@nuw.org.au<mailto:***@nuw.org.au>>
To: "'***@listgateway.unipi.it'" <***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>>
Subject: [Ntop] Daily download totals needed
Message-ID: <***@nuwvicms2>
Content-Type: text/plain; charset="us-ascii"
I'm investigating why our ISP's website is displaying our daily download stats as about 1/4 of the normal amounts for the last three weeks.
One theory is that their stats are wrong, so I'm trying to use ntopng to verify their totals. How?
The historical data explorer is giving totals way too high, so I assume includes outgoing traffic too, and probably WAN traffic. Is there no way to separate these out?
If I click on Interfaces, and select the only option there, then on what looks like someone wearing a stethoscope, I see the traffic broken up by profiles, so I can choose "Incoming only", which I've defined as " dst net 192.168 and not src net 192.168". I click on the graph icon, and I can see the last day, week, etc, with the total for that period at the bottom. But I can't get a total for yesterday, or the day before. I can't even get a midnight to midnight total for the last day because it uses the current time as the end of the 24 hours.
Is there a way to get what I want from it?
Peter Shute
------------------------------
Message: 3
Date: Fri, 14 Jul 2017 14:30:41 +1000
From: Peter Shute <***@nuw.org.au<mailto:***@nuw.org.au>>
To: "'***@unipi.it'" <***@unipi.it<mailto:***@unipi.it>>
Subject: Re: [Ntop] Daily download totals needed
Message-ID: <***@nuwvicms2>
Content-Type: text/plain; charset="us-ascii"
I'm confused about the "Info" filter on the Historical Data Explorer page. In the results, in the IPv4 tab, the info column contains the names of traffic profiles I've created. But if I type any of those names into the Info filter box, it returns no results.
And if I download IPv4 flows, the Info column is empty, and traffic profile names are in the Profile column.
What exactly is this Info filter? Is there any way to filter on traffic profile?
And why is there no mention of the historical data explorer in the user guide? (https://raw.githubusercontent.com/ntop/ntopng/dev/doc/UserGuide.pdf)
-----Original Message-----
Sent: Friday, 14 July 2017 11:59 AM
Subject: [Ntop] Daily download totals needed
I'm investigating why our ISP's website is displaying our daily
download stats as about 1/4 of the normal amounts for the last three weeks.
One theory is that their stats are wrong, so I'm trying to use ntopng
to verify their totals. How?
The historical data explorer is giving totals way too high, so I
assume includes outgoing traffic too, and probably WAN traffic. Is
there no way to separate these out?
If I click on Interfaces, and select the only option there, then on
what looks like someone wearing a stethoscope, I see the traffic
broken up by profiles, so I can choose "Incoming only", which I've
defined as " dst net 192.168 and not src net 192.168". I click on the
graph icon, and I can see the last day, week, etc, with the total for
that period at the bottom. But I can't get a total for yesterday, or
the day before. I can't even get a midnight to midnight total for the last day because it uses the current time as the end of the 24 hours.
Is there a way to get what I want from it?
Peter Shute
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
------------------------------Sent: Friday, 14 July 2017 11:59 AM
Subject: [Ntop] Daily download totals needed
I'm investigating why our ISP's website is displaying our daily
download stats as about 1/4 of the normal amounts for the last three weeks.
One theory is that their stats are wrong, so I'm trying to use ntopng
to verify their totals. How?
The historical data explorer is giving totals way too high, so I
assume includes outgoing traffic too, and probably WAN traffic. Is
there no way to separate these out?
If I click on Interfaces, and select the only option there, then on
what looks like someone wearing a stethoscope, I see the traffic
broken up by profiles, so I can choose "Incoming only", which I've
defined as " dst net 192.168 and not src net 192.168". I click on the
graph icon, and I can see the last day, week, etc, with the total for
that period at the bottom. But I can't get a total for yesterday, or
the day before. I can't even get a midnight to midnight total for the last day because it uses the current time as the end of the 24 hours.
Is there a way to get what I want from it?
Peter Shute
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
Message: 4
Date: Fri, 14 Jul 2017 09:39:26 +0200
From: Simone Mainardi <***@ntop.org<mailto:***@ntop.org>>
To: ***@unipi.it<mailto:***@unipi.it>
Cc: "***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>" <***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>>
Subject: Re: [Ntop] Help
Message-ID: <DB794E08-7E97-42E8-985B-***@ntop.org<mailto:DB794E08-7E97-42E8-985B-***@ntop.org>>
Content-Type: text/plain; charset="us-ascii"
Dear Chris,
In order to monitor net flow data you need to use ntopng in combination with nProbe.
Assuming your have configured your devices to export Netflow on port 2055, you can use this configuration:
./nprobe -i none -n none --collector-port 2055 --zmq tcp://*:5556
This configuration will collect flows and deliver them to ntopng that you can configure as follows:
./ntopng -i tcp://<nProbe host IP>:5556 --local-networks "a list of comma separated networks in CIDR notation"
Regards,
Simone
Hello,
I recently installed Ntop and I love it so far. However I am unable to pull any netflow data from my router. Ntop is only displaying 1 network that is connected to the machine I am running the website from. Any help would be much appreciated.
Thank you,
<http://www.perimeter9.com/>
Chris Markus
p. 403.212.4358
c. +1 5877779537
w. www.perimeter9.com<http://www.perimeter9.com> <http://www.perimeter9.com/>
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
<http://listgateway.unipi.it/mailman/listinfo/ntop>
-------------- next part --------------I recently installed Ntop and I love it so far. However I am unable to pull any netflow data from my router. Ntop is only displaying 1 network that is connected to the machine I am running the website from. Any help would be much appreciated.
Thank you,
<http://www.perimeter9.com/>
Chris Markus
p. 403.212.4358
c. +1 5877779537
w. www.perimeter9.com<http://www.perimeter9.com> <http://www.perimeter9.com/>
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
<http://listgateway.unipi.it/mailman/listinfo/ntop>
An HTML attachment was scrubbed...
URL: <http://listgateway.unipi.it/pipermail/ntop/attachments/20170714/925f8e70/attachment-0001.htm>
------------------------------
Message: 5
Date: Fri, 14 Jul 2017 09:39:26 +0200
From: Simone Mainardi <***@ntop.org<mailto:***@ntop.org>>
To: ***@unipi.it<mailto:***@unipi.it>
Cc: "***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>" <***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>>
Subject: Re: [Ntop] Help
Message-ID: <DB794E08-7E97-42E8-985B-***@ntop.org<mailto:DB794E08-7E97-42E8-985B-***@ntop.org>>
Content-Type: text/plain; charset="us-ascii"
Dear Chris,
In order to monitor net flow data you need to use ntopng in combination with nProbe.
Assuming your have configured your devices to export Netflow on port 2055, you can use this configuration:
./nprobe -i none -n none --collector-port 2055 --zmq tcp://*:5556
This configuration will collect flows and deliver them to ntopng that you can configure as follows:
./ntopng -i tcp://<nProbe host IP>:5556 --local-networks "a list of comma separated networks in CIDR notation"
Regards,
Simone
Hello,
I recently installed Ntop and I love it so far. However I am unable to pull any netflow data from my router. Ntop is only displaying 1 network that is connected to the machine I am running the website from. Any help would be much appreciated.
Thank you,
<http://www.perimeter9.com/>
Chris Markus
p. 403.212.4358
c. +1 5877779537
w. www.perimeter9.com<http://www.perimeter9.com> <http://www.perimeter9.com/>
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
<http://listgateway.unipi.it/mailman/listinfo/ntop>
-------------- next part --------------I recently installed Ntop and I love it so far. However I am unable to pull any netflow data from my router. Ntop is only displaying 1 network that is connected to the machine I am running the website from. Any help would be much appreciated.
Thank you,
<http://www.perimeter9.com/>
Chris Markus
p. 403.212.4358
c. +1 5877779537
w. www.perimeter9.com<http://www.perimeter9.com> <http://www.perimeter9.com/>
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
<http://listgateway.unipi.it/mailman/listinfo/ntop>
An HTML attachment was scrubbed...
URL: <http://listgateway.unipi.it/pipermail/ntop/attachments/20170714/925f8e70/attachment-0002.htm>
------------------------------
_______________________________________________
Ntop mailing list
***@listgateway.unipi.it<mailto:***@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop
End of Ntop Digest, Vol 158, Issue 11
*************************************