search

ntop / nProbe

Open source components and extensions for nProbe
http://ntop.org
GNU General Public License v2.0
1.62k stars 44 forks source link

Issues for converting pcap files to NetFlow #438

Open layeghy opened 3 years ago

layeghy commented 3 years ago

I am trying to use nprobe for converting pcap files to NetFlow on Windows. The pcap files I am using can be downloaded from UNSW-NB15 IDS dataset pcap files in which, each folder includes 27 pcap files.

I am using below command options for nprobe:

./nprobe /c -n none  -i "D:\pcaps 17-2-2015\1.pcap" -V 9  -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %PROTOCOL_MAP
 %IN_PKTS %OUT_PKTS %IN_BYTES %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT 
%L4_DST_PORT %PROTOCOL %SRC_VLAN %L7_PROTO %L7_PROTO_NAME" --dump-path "D:\Flows" --dump-format t 
--csv-separator "," --max-log-lines 200000000

It works for some of these files (all pcap files have the same number of packets (more or less 3.5x10^6), and I have tried different things to get it to work for the rest. For instance, when nprobe did not convert a pcap to NetFlow, I doubted the pcap file formats, opened them in WireShark and exported them again to pcap format, but still it did not work. I even divided the pcap to smaller parts and tried to convert each part separately. If one part did not converted again, I divided it to smaller parts, until I reached to a pcap file with a single packet that could not be converted to NetFlow. This is the output of nprobe when not converting a pcap to NetFlow:

Running nProbe for Windows.
22/Jul/2020 15:41:16 [nprobe.c:4421] Valid nProbe Pro license found
22/Jul/2020 15:41:16 [nprobe.c:6436] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ?
22/Jul/2020 15:41:16 [nprobe.c:6439] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ?
22/Jul/2020 15:41:16 [nprobe.c:6526] Welcome to nProbe Pro v.8.7.191214 ($Revision: 4384 $) for Windows
22/Jul/2020 15:41:16 [nprobe.c:6536] Running on Windows
22/Jul/2020 15:41:16 [nprobe.c:6547] [LICENSE] nProbe SystemId: ................
22/Jul/2020 15:41:16 [nprobe.c:6584] Dumping flow files every 10 sec into directory D:\Flows
22/Jul/2020 15:41:16 [nprobe.c:6617] Sample rate [packet: 1][flow collection/export: 1/1]
22/Jul/2020 15:41:16 [modbusPlugin.c:104] [MODBUS] Idle flow timeout set to 120 sec
22/Jul/2020 15:41:16 [nprobe.c:9404] Welcome to nProbe v.8.7.191214 for Windows
22/Jul/2020 15:41:16 [nprobe.c:8385] Using NetFlow Packet Payload Len: 1472
22/Jul/2020 15:41:16 [nprobe.c:8420] Flow export type: bidirectional flows
22/Jul/2020 15:41:16 [plugin.c:1282] 0 plugin(s) enabled
22/Jul/2020 15:41:16 [nprobe.c:8855] Each flow is 98 bytes long
22/Jul/2020 15:41:16 [nprobe.c:8856] The # flows per packet has been set to 14
22/Jul/2020 15:41:16 [nprobe.c:8859] IP TOS is ignored
22/Jul/2020 15:41:16 [nprobe.c:8887] Non IPv4/v6 traffic is discarded according to the template
22/Jul/2020 15:41:16 [nprobe.c:9684] Flows ASs will not be computed (missing libmxminddb support)
22/Jul/2020 15:41:16 [export.c:543] Using TLV as serialization format

Initially, I thought that single packet was the source of the problem and filtered it out in the original pcap files expecting it should be fine now for converting by nprobe, but again the output was the same.

Just in case, this is the output for pcap files that are successfully converted to NetFlow (the original pcaps and/or divided pcaps):

Running nProbe for Windows.
22/Jul/2020 16:05:13 [nprobe.c:4421] Valid nProbe Pro license found
22/Jul/2020 16:05:13 [nprobe.c:6436] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ?
22/Jul/2020 16:05:13 [nprobe.c:6439] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ?
22/Jul/2020 16:05:13 [nprobe.c:6526] Welcome to nProbe Pro v.8.7.191214 ($Revision: 4384 $) for Windows
22/Jul/2020 16:05:13 [nprobe.c:6536] Running on Windows
22/Jul/2020 16:05:13 [nprobe.c:6547] [LICENSE] nProbe SystemId: ...............
22/Jul/2020 16:05:13 [nprobe.c:6584] Dumping flow files every 10 sec into directory D:\Flows
22/Jul/2020 16:05:13 [nprobe.c:6617] Sample rate [packet: 1][flow collection/export: 1/1]
22/Jul/2020 16:05:13 [modbusPlugin.c:104] [MODBUS] Idle flow timeout set to 120 sec
22/Jul/2020 16:05:13 [nprobe.c:9404] Welcome to nProbe v.8.7.191214 for Windows
22/Jul/2020 16:05:13 [nprobe.c:8385] Using NetFlow Packet Payload Len: 1472
22/Jul/2020 16:05:13 [nprobe.c:8420] Flow export type: bidirectional flows
22/Jul/2020 16:05:13 [plugin.c:1282] 0 plugin(s) enabled
22/Jul/2020 16:05:13 [nprobe.c:8855] Each flow is 98 bytes long
22/Jul/2020 16:05:13 [nprobe.c:8856] The # flows per packet has been set to 14
22/Jul/2020 16:05:13 [nprobe.c:8859] IP TOS is ignored
22/Jul/2020 16:05:13 [nprobe.c:8887] Non IPv4/v6 traffic is discarded according to the template
22/Jul/2020 16:05:13 [nprobe.c:9684] Flows ASs will not be computed (missing libmxminddb support)
22/Jul/2020 16:05:13 [export.c:543] Using TLV as serialization format
22/Jul/2020 16:05:25 [nprobe.c:10042] nProbe started successfully
22/Jul/2020 16:05:25 [nprobe.c:6683] Flushing active flows
22/Jul/2020 16:05:25 [engine.c:3392] About to flush hash (threadId 0)
22/Jul/2020 16:05:25 [engine.c:3396] Completed hash walk (thread 0)
22/Jul/2020 16:05:28 [nprobe.c:3237] Processed packets: 3526992 (max bucket search: 4)
22/Jul/2020 16:05:28 [nprobe.c:3220] Fragment queue length: 6
22/Jul/2020 16:05:28 [nprobe.c:3261] Flow export stats:      [0 bytes/0 pkts][0 flows/0 pkts sent]
22/Jul/2020 16:05:28 [nprobe.c:3267] Flow export drop stats: [0 bytes/0 pkts][0 flows]
22/Jul/2020 16:05:28 [nprobe.c:3272] Total flow stats:       [0 bytes/0 pkts][0 flows/0 pkts sent]
22/Jul/2020 16:05:28 [nprobe.c:3282] Total dumped to file:   [43306 flows]

Is there any specific requirement that a pcap file should have in order to be fine for nprobe to convert it to NetFlow? Or is there any option preventing internal errors stopping nprobe from exporting to NetFlow?

layeghy commented 3 years ago

Update: I tried the same file (the pcap file that could not be converted to NetFlow using nprobe) with verbose option and here is the beginning of the log:

Running nProbe for Windows.
22/Jul/2020 16:51:19 [nprobe.c:4421] Valid nProbe Pro license found
22/Jul/2020 16:51:19 [nprobe.c:6436] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ?
22/Jul/2020 16:51:19 [nprobe.c:6439] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ?
22/Jul/2020 16:51:19 [nprobe.c:6526] Welcome to nProbe Pro v.8.7.191214 ($Revision: 4384 $) for Windows 
22/Jul/2020 16:51:19 [nprobe.c:6536] Running on Windows
22/Jul/2020 16:51:19 [nprobe.c:6547] [LICENSE] nProbe SystemId: ........
22/Jul/2020 16:51:19 [nprobe.c:6551] Tracing enabled
22/Jul/2020 16:51:19 [nprobe.c:6584] Dumping flow files every 10 sec into directory D:\Flows
22/Jul/2020 16:51:19 [nprobe.c:6617] Sample rate [packet: 1][flow collection/export: 1/1]
22/Jul/2020 16:51:19 [plugin.c:253] Initializing HTTP Protocol
22/Jul/2020 16:51:19 [httpPlugin.c:256] HTTP log files will be dumped each 10 seconds or each 200000000 lines
22/Jul/2020 16:51:19 [httpPlugin.c:263] Initialized HTTP plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing DNS/LLMNR Protocol
22/Jul/2020 16:51:19 [dnsPlugin.c:61] Initialized DNS plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing SIP Plugin
22/Jul/2020 16:51:19 [sipPlugin.c:266] Initialized SIP plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing RTP Plugin
22/Jul/2020 16:51:19 [rtpPlugin.c:175] Initializing RTP plugin [argc: 21]
22/Jul/2020 16:51:19 [plugin.c:253] Initializing FTP Protocol
22/Jul/2020 16:51:19 [ftpPlugin.c:80] Initialized FTP plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing SMTP Protocol
22/Jul/2020 16:51:19 [smtpPlugin.c:120] Initialized SMTP plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing BGP Update Listener
22/Jul/2020 16:51:19 [bgpPlugin.c:404] BGP plugin is disabled (--bgp-port has not been specified)
22/Jul/2020 16:51:19 [plugin.c:253] Initializing Netflow-Lite Plugin
22/Jul/2020 16:51:19 [nflitePlugin.c:913] [NFLite] Initialized NetFlow-Lite plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing GTPv0 Signaling Protocol
22/Jul/2020 16:51:19 [gtpv0Plugin.c:92] Initialized GTPv0 plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing GTPv1 Signaling Protocol
22/Jul/2020 16:51:19 [gtpv1Plugin.c:122] Initialized GTPv1 plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing GTPv2 Signaling Protocol
22/Jul/2020 16:51:19 [gtpv2Plugin.c:275] Initialized GTPv2 plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing Radius Protocol
22/Jul/2020 16:51:19 [radiusPlugin.c:124] Initialized Radius plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing Modbus Plugin
22/Jul/2020 16:51:19 [modbusPlugin.c:70] Initialized Modbus plugin
22/Jul/2020 16:51:19 [modbusPlugin.c:104] [MODBUS] Idle flow timeout set to 120 sec
22/Jul/2020 16:51:19 [plugin.c:253] Initializing Diameter Protocol
22/Jul/2020 16:51:19 [diameterPlugin.c:109] Initialized Diameter plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing NETBIOS Protocol
22/Jul/2020 16:51:19 [netbiosPlugin.c:50] Initialized NETBIOS plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing SSDP Protocol
22/Jul/2020 16:51:19 [ssdpPlugin.c:54] Initialized SSDP plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing DHCP Protocol
22/Jul/2020 16:51:19 [dhcpPlugin.c:305] Initialized DHCP plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing IMAP Protocol
22/Jul/2020 16:51:19 [imapPlugin.c:130] Initialized IMAP plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing POP3 Protocol
22/Jul/2020 16:51:19 [popPlugin.c:119] Initialized POP plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing MySQL DB
22/Jul/2020 16:51:19 [dbPlugin.c:48] Initializing DB plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing MySQL Plugin
22/Jul/2020 16:51:19 [mysqlPlugin.c:111] Initialized MySQL plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing Export Plugin
22/Jul/2020 16:51:19 [exportPlugin.c:665] Initializing Export plugin
22/Jul/2020 16:51:19 [plugin.c:253] Initializing Custom Fields
22/Jul/2020 16:51:19 [customPlugin.c:98] Initialized Custom plugin
22/Jul/2020 16:51:19 [plugin.c:264] 23 plugin(s) loaded [20 delete][20 packet].
22/Jul/2020 16:51:19 [nprobe.c:9404] Welcome to nProbe v.8.7.191214 for Windows
22/Jul/2020 16:51:20 [nprobe.c:8340] Compiling flow templates...
22/Jul/2020 16:51:20 [nprobe.c:8385] Using NetFlow Packet Payload Len: 1472
22/Jul/2020 16:51:20 [nprobe.c:8420] Flow export type: bidirectional flows
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin HTTP Protocol [http]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin DNS/LLMNR Protocol [dns]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin SIP Plugin [sip]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin RTP Plugin [rtp]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin FTP Protocol [ftp]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin SMTP Protocol [smtp]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin BGP Update Listener [bgp]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin Netflow-Lite Plugin [nflite]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin GTPv0 Signaling Protocol [gtpv0]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin GTPv1 Signaling Protocol [gtpv1]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin GTPv2 Signaling Protocol [gtpv2]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin Radius Protocol [radius]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin Modbus Plugin [modbus]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin Diameter Protocol [diameter]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin NETBIOS Protocol [netbios]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin SSDP Protocol [ssdp]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin DHCP Protocol [dhcp]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin IMAP Protocol [imap]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin POP3 Protocol [pop3]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin MySQL DB [db]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin MySQL Plugin [mysql]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin Export Plugin [export]
22/Jul/2020 16:51:20 [plugin.c:981] Scanning plugin Custom Fields [custom]
22/Jul/2020 16:51:20 [plugin.c:1282] 0 plugin(s) enabled
22/Jul/2020 16:51:20 [nprobe.c:8777] Scanning flow template...
22/Jul/2020 16:51:20 [nprobe.c:8787] Template [id=257]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found             IN_BYTES [num 1][id 1][4 bytes][total 4 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found              IN_PKTS [num 2][id 2][4 bytes][total 8 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found             PROTOCOL [num 3][id 4][1 bytes][total 9 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found         PROTOCOL_MAP [num 4][id 1028][16 bytes][total 25 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found          L4_SRC_PORT [num 5][id 7][2 bytes][total 27 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found        IPV4_SRC_ADDR [num 6][id 8][4 bytes][total 31 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found          L4_DST_PORT [num 7][id 11][2 bytes][total 33 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found        IPV4_DST_ADDR [num 8][id 12][4 bytes][total 37 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found        LAST_SWITCHED [num 9][id 21][4 bytes][total 41 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found       FIRST_SWITCHED [num 10][id 22][4 bytes][total 45 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found            OUT_BYTES [num 11][id 23][4 bytes][total 49 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found             OUT_PKTS [num 12][id 24][4 bytes][total 53 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found            ENGINE_ID [num 13][id 39][1 bytes][total 54 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found             SRC_VLAN [num 14][id 58][2 bytes][total 56 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found             L7_PROTO [num 15][id 118][2 bytes][total 58 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found        L7_PROTO_NAME [num 16][id 119][16 bytes][total 74 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8787] Template [id=258]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found             IN_BYTES [num 1][id 1][4 bytes][total 4 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found              IN_PKTS [num 2][id 2][4 bytes][total 8 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found             PROTOCOL [num 3][id 4][1 bytes][total 9 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found         PROTOCOL_MAP [num 4][id 1028][16 bytes][total 25 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found          L4_SRC_PORT [num 5][id 7][2 bytes][total 27 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found          L4_DST_PORT [num 6][id 11][2 bytes][total 29 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found        LAST_SWITCHED [num 7][id 21][4 bytes][total 33 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found       FIRST_SWITCHED [num 8][id 22][4 bytes][total 37 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found            OUT_BYTES [num 9][id 23][4 bytes][total 41 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found             OUT_PKTS [num 10][id 24][4 bytes][total 45 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found        IPV6_SRC_ADDR [num 11][id 27][16 bytes][total 61 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found        IPV6_DST_ADDR [num 12][id 28][16 bytes][total 77 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found            ENGINE_ID [num 13][id 39][1 bytes][total 78 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found             SRC_VLAN [num 14][id 58][2 bytes][total 80 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found             L7_PROTO [num 15][id 118][2 bytes][total 82 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8793] Found        L7_PROTO_NAME [num 16][id 119][16 bytes][total 98 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8817] Scanning option template...
22/Jul/2020 16:51:20 [nprobe.c:8823] Found      TOTAL_FLOWS_EXP [id 42][4 bytes][total 4 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8823] Found       TOTAL_PKTS_EXP [id 41][4 bytes][total 8 bytes]
22/Jul/2020 16:51:20 [nprobe.c:8855] Each flow is 98 bytes long
22/Jul/2020 16:51:20 [nprobe.c:8856] The # flows per packet has been set to 14
22/Jul/2020 16:51:20 [nprobe.c:8859] IP TOS is ignored
22/Jul/2020 16:51:20 [nprobe.c:8887] Non IPv4/v6 traffic is discarded according to the template
22/Jul/2020 16:51:20 [nprobe.c:7334] Using packet capture length 9000
22/Jul/2020 16:51:20 [nprobe.c:9631] The flows hash has 131072 buckets
22/Jul/2020 16:51:20 [nprobe.c:9633] Flows older than 120 seconds will be exported
22/Jul/2020 16:51:20 [nprobe.c:9636] Flows inactive for at least 30 seconds will be exported
22/Jul/2020 16:51:20 [nprobe.c:9639] Expired flows will not be queued for more than 30 seconds
22/Jul/2020 16:51:20 [nprobe.c:9646] Exported flows with engineType 0 and engineId 231
22/Jul/2020 16:51:20 [nprobe.c:9678] TCP TOS will be ignored and set to 0.
22/Jul/2020 16:51:20 [nprobe.c:9684] Flows ASs will not be computed (missing libmxminddb support)
22/Jul/2020 16:51:20 [nprobe.c:9714] Flows will be emitted in NetFlow 9 format
22/Jul/2020 16:51:20 [nprobe.c:9767] Flow input interface index is set to 0
22/Jul/2020 16:51:20 [nprobe.c:9773] Flow output interface index is set to 0
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin HTTP Protocol (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin DNS/LLMNR Protocol (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin SIP Plugin (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin RTP Plugin (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin FTP Protocol (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin SMTP Protocol (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin BGP Update Listener (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin Netflow-Lite Plugin (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin GTPv0 Signaling Protocol (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin GTPv1 Signaling Protocol (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin GTPv2 Signaling Protocol (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin Radius Protocol (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin Modbus Plugin (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin Diameter Protocol (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin NETBIOS Protocol (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin SSDP Protocol (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin DHCP Protocol (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin IMAP Protocol (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin POP3 Protocol (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin MySQL DB (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin MySQL Plugin (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin Export Plugin (no template is using it)
22/Jul/2020 16:51:20 [plugin.c:937] Disabling plugin Custom Fields (no template is using it)
22/Jul/2020 16:51:20 [nprobe.c:9914] Starting 1 packet fetch thread(s)
22/Jul/2020 16:51:20 [export.c:543] Using TLV as serialization format
22/Jul/2020 16:51:20 [nprobe.c:7798] Fetch packets thread started [thread 0]
22/Jul/2020 16:51:20 [engine.c:3037] New Flow: [tcp] 149.171.126.6:80 -> 59.166.0.9:41257 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=110918][firstSeen=1595400680/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:51:20 [engine.c:3037] New Flow: [tcp] 149.171.126.0:30602 -> 59.166.0.0:1651 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=123883][firstSeen=1595400680/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:51:20 [engine.c:3037] New Flow: [tcp] 149.171.126.4:22 -> 59.166.0.0:57241 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=55801][firstSeen=1595400680/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:51:20 [engine.c:3962] Starting bucket dequeue thread
22/Jul/2020 16:51:20 [engine.c:3037] New Flow: [tcp] 149.171.126.0:80 -> 59.166.0.6:31427 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=114191][firstSeen=1595400680/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:51:20 [engine.c:3037] New Flow: [tcp] 59.166.0.1:33773 -> 149.171.126.7:25 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=12904][firstSeen=1595400680/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:51:20 [engine.c:3037] New Flow: [tcp] 175.45.176.0:44900 -> 149.171.126.11:8089 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=110838][firstSeen=1595400680/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:51:20 [engine.c:3037] New Flow: [tcp] 175.45.176.0:42457 -> 149.171.126.15:445 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=110783][firstSeen=1595400680/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:51:20 [engine.c:3037] New Flow: [tcp] 149.171.126.3:60686 -> 59.166.0.2:62226 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=122807][firstSeen=1595400680/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:51:20 [engine.c:3037] New Flow: [tcp] 59.166.0.2:58533 -> 149.171.126.3:21 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=72585][firstSeen=1595400680/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:51:20 [engine.c:3037] New Flow: [tcp] 149.171.126.8:5190 -> 59.166.0.2:22836 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=68942][firstSeen=1595400680/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:51:20 [engine.c:3037] New Flow: [tcp] 59.166.0.5:62124 -> 149.171.126.0:25 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=119320][firstSeen=1595400680/0][direction: RX][probe: 0.0.0.0]

and it continues similarly until stops and this is the last part of the log:

22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.7:60922 -> 149.171.126.7:26007 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=48253][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [udp] 175.45.176.3:15392 -> 149.171.126.16:520 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=22094][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [udp] 59.166.0.5:56281 -> 149.171.126.8:53 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=43766][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.5:57787 -> 149.171.126.4:80 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=63658][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [udp] 175.45.176.3:14519 -> 149.171.126.16:520 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=10745][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.7:56140 -> 149.171.126.6:60498 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=41253][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [udp] 175.45.176.3:7847 -> 149.171.126.16:520 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=55081][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [udp] 59.166.0.9:57044 -> 149.171.126.8:53 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=53689][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.9:30936 -> 149.171.126.5:143 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=108635][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [udp] 59.166.0.0:31040 -> 149.171.126.0:53 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=108836][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.0:54193 -> 149.171.126.4:25 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=16216][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.2:30246 -> 149.171.126.9:38077 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=68516][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [udp] 175.45.176.3:14330 -> 149.171.126.16:520 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=8288][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.7:7018 -> 149.171.126.1:49710 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=48850][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [udp] 59.166.0.2:53626 -> 149.171.126.0:53 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=9240][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.2:1037 -> 149.171.126.6:80 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=112339][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [udp] 175.45.176.3:28816 -> 149.171.126.16:520 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=65534][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [udp] 59.166.0.1:5873 -> 149.171.126.6:111 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=44570][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [udp] 59.166.0.1:44123 -> 149.171.126.6:26254 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=95247][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.1:9626 -> 149.171.126.6:8097 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=66072][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.2:46972 -> 149.171.126.1:6881 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=11470][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.2:3815 -> 149.171.126.1:6881 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=105789][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.2:4693 -> 149.171.126.1:6881 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=117203][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [udp] 175.45.176.3:1730 -> 149.171.126.16:520 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=106632][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.2:43482 -> 149.171.126.1:6881 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=97172][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [udp] 59.166.0.3:49869 -> 149.171.126.1:53 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=91473][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.3:43416 -> 149.171.126.4:80 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=7905][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.2:42253 -> 149.171.126.1:6881 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=81195][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.2:46105 -> 149.171.126.1:6881 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=199][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [udp] 175.45.176.3:26452 -> 149.171.126.16:520 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=34802][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.1:43524 -> 149.171.126.2:39120 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=123609][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 175.45.176.2:19352 -> 149.171.126.12:143 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=68635][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.1:7375 -> 149.171.126.3:43110 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=98759][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [udp] 175.45.176.3:29596 -> 149.171.126.16:520 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=75674][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [tcp] 59.166.0.1:42255 -> 149.171.126.3:5190 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=59239][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]
22/Jul/2020 16:25:15 [engine.c:3037] New Flow: [udp] 175.45.176.3:14677 -> 149.171.126.16:520 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0/0][tos 0][ifIdx: 65535 -> 65535][subflowId: 0/0x0000][idx=12799][firstSeen=1595399115/0][direction: RX][probe: 0.0.0.0]

This is where nprobe exits without any further output. I can send you /upload the log file if need, but this is the main part of it.