search

ntop / nProbe

Open source components and extensions for nProbe
http://ntop.org
GNU General Public License v2.0
1.66k stars 44 forks source link

Ubiquiti Edge Router X #456

Closed swilkey closed 3 years ago

swilkey commented 3 years ago

Hi, I see that the nprobe version for the ER-X router has stopped at 7.3 and yet the current version is 9.3. Is there a reason for this? I can't find anything saying that there was a problem. If there isn't a technical reason, is it just that you don't have access to an ERX to build it on? If so, can I help? I have a fleet of ERX devices. Thanks, Stephen

swilkey commented 3 years ago

I am informed by Simone that I cannot run the nprobe v7.3 that is the last one provided for the edge router with ntopng v9.3 as the versions must match exactly. I also understand that you don't provide old versions of the ntopng tool so I can't get version 7.3 of ntopng to match the nprobe.

So I'm sort of stuck at this point because I need to get a v9.3 nprobe up and running on the edge router. Could you please let me know if this is still possible to do? I'm very willing to compile it, and if the only reason you no longer provide it is that you don't have access to an edge router to build it on, I'm very happy to build and provide the latest versions for you to distribute - it would benefit us, and would benefit other ntopng users. I have 18 Edge routers that are just waiting to become nprobes in each of our locations. I look forward to hearing from you.

Regards, Stephen

lucaderi commented 3 years ago

Hi Stephen. The problem is that on the latest version of EdgeOS there is little if any space for adding extra tools. This because Ubiquity over time has added more features while reducing the space. This Thu Dec 10 we'll organize a mini-conference (see https://www.ntop.org/ntop/dec-10th-ntop-miniconf-2020-part-iii-nprobe-and-n2disk-on-embedded-systems/) where we will disucss abotu embedding our tools also on Ubiquity devices. I would like to have the chance to discuss this with out community so that we can take the right path. Will you join so we can talk about your request?

swilkey commented 3 years ago

thanks for your reply. I will certainly try to be there.

lucaderi commented 3 years ago

If unable we need to catch up on discord or telegram to discuss a bit the possible options https://www.ntop.org/community/

swilkey commented 3 years ago

thanks

swilkey commented 3 years ago

Hi Luca,

I was intrigued by your comment about space because I was running the 7.3 nprobe binary on my edge router for testing and I could see it was processing flows and sending them at a rate of 24 flows per second and handling an active flow buffer of about 450 flows. This was happening fine on an Edge Router X running 2.0.8 firmware. When I did a df on that router it was using 42% of storage.

So I tested it on an edge router X running 2.0.9 firmware and that was using 63% of storage. If the second firmware image was present it used 97% of storage.

So I note that we don't have backup firmware images stored on these routers and I asked my colleague who does most of the work on them if there was any problem in not having those. He told me, we've actually never used them even if they were there, He's always just loaded the image on it directly when we've needed to change it and there is no problem doing so.

So based on that, I look forward to hearing the issues that others have raised about this because it does not seem to me that we have any real issue unless the newer versions of nprobe are bigger or require more RAM than is available, or unless the actual problem is that there isn't enough space for creating the binary of nprobe on a router.

I hope that helps. I look forward to speaking with you on Thursday!

Regards, Stephen

lucaderi commented 3 years ago

@swilkey Can you please check if https://www.dropbox.com/s/gw559cns0k8c4gq/nprobe-mipsel.tgz?dl=0 works for you?

swilkey commented 3 years ago

It runs but I get an error about zmq-probe-mode not being recognised

sudo ./nprobe-mipsel --zmq-probe-mode --zmq "tcp://fqdnremoved:5556" -i eth1 -n none 09/Dec/2020 17:34:23 [nprobe.c:4658] WARNING: Invalid license (/etc/nprobe.license) [Missing license file] 09/Dec/2020 17:34:23 [nprobe.c:4665] WARNING: ** 09/Dec/2020 17:34:23 [nprobe.c:4666] WARNING: 09/Dec/2020 17:34:23 [nprobe.c:4667] WARNING: Switching to DEMO MODE 09/Dec/2020 17:34:23 [nprobe.c:4668] WARNING: (Missing license file) 09/Dec/2020 17:34:23 [nprobe.c:4669] WARNING: 09/Dec/2020 17:34:23 [nprobe.c:4671] WARNING: Purchase your license at 09/Dec/2020 17:34:23 [nprobe.c:4672] WARNING: https://shop.ntop.org/ 09/Dec/2020 17:34:23 [nprobe.c:4673] WARNING: 09/Dec/2020 17:34:23 [nprobe.c:4675] WARNING: ** ./nprobe-mipsel: unrecognized option '--zmq-probe-mode' 09/Dec/2020 17:34:23 [nprobe.c:6692] WARNING: Unrecognized option '--zmq-probe-mode' ./nprobe-mipsel: unrecognized option '--zmq' 09/Dec/2020 17:34:23 [nprobe.c:6692] WARNING: Unrecognized option '--zmq' 09/Dec/2020 17:34:23 [nprobe.c:6762] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ? 09/Dec/2020 17:34:23 [nprobe.c:6765] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ? 09/Dec/2020 17:34:23 [nprobe.c:6859] Welcome to nProbe v.9.3.201209 ($Revision: 7027 $) for x86_64-pc-linux-gnu 09/Dec/2020 17:34:23 [nprobe.c:6870] Running on Ubuntu 18.04.5 LTS 09/Dec/2020 17:34:23 [nprobe.c:6881] [LICENSE] nProbe SystemId: D46ACE885E6BA0A5 09/Dec/2020 17:34:23 [nprobe.c:6952] Sample rate [packet: 1][flow collection/export: 1/1] 09/Dec/2020 17:34:23 [nprobe.c:9848] WARNING: 09/Dec/2020 17:34:23 [nprobe.c:9849] WARNING: NOTE: This is a DEMO version limited to 25000 flows export. 09/Dec/2020 17:34:23 [nprobe.c:9850] WARNING: 09/Dec/2020 17:34:23 [plugins/modbusPlugin.c:104] [MODBUS] Idle flow timeout set to 120 sec 09/Dec/2020 17:34:23 [nprobe.c:9857] Welcome to nProbe v.9.3.201209 for x86_64-pc-linux-gnu 09/Dec/2020 17:34:23 [nprobe.c:8784] Using default template %IPV4_SRC_ADDR %IPV4_DST_ADDR %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS 09/Dec/2020 17:34:23 [nprobe.c:8789] Using NetFlow Packet Payload Len: 1472 09/Dec/2020 17:34:23 [nprobe.c:8824] Flow export type (-T): unidirectional flows 09/Dec/2020 17:34:23 [plugin.c:1177] 0 plugin(s) enabled 09/Dec/2020 17:34:23 [nprobe.c:9291] Each flow is 71 bytes long 09/Dec/2020 17:34:23 [nprobe.c:9292] The # flows per packet has been set to 19 09/Dec/2020 17:34:23 [nprobe.c:9295] IP TOS is ignored 09/Dec/2020 17:34:23 [nprobe.c:9323] Non IPv4/v6 traffic is discarded according to the template 09/Dec/2020 17:34:23 [nprobe.c:7765] Initializing pcap socket on device eth1.. 09/Dec/2020 17:34:23 [nprobe.c:10160] Flows ASs will not be computed (missing libmxminddb support) 09/Dec/2020 17:34:23 [nprobe.c:10265] Capturing packets from interface eth1 [snaplen: 128 bytes] 09/Dec/2020 17:34:23 [util.c:4220] nProbe changed user to 'nobody' 09/Dec/2020 17:34:23 [export.c:545] Using TLV as serialization format 09/Dec/2020 17:34:23 [nprobe.c:10526] nProbe started successfully ^C09/Dec/2020 17:34:29 [nprobe.c:580] Received shutdown request... [signal: 2] 09/Dec/2020 17:34:30 [nprobe.c:7018] Flushing active flows 09/Dec/2020 17:34:32 [nprobe.c:3464] Processed packets: 0 (max bucket search: 0) 09/Dec/2020 17:34:32 [nprobe.c:3447] Fragment queue length: 0 09/Dec/2020 17:34:32 [nprobe.c:3488] Flow export stats: [0 bytes/0 pkts][0 flows/0 pkts sent] 09/Dec/2020 17:34:32 [nprobe.c:3494] Flow export drop stats: [0 bytes/0 pkts][0 flows] 09/Dec/2020 17:34:32 [nprobe.c:3499] Total flow stats: [0 bytes/0 pkts][0 flows/0 pkts sent]

It also doesn't capture anything if I run it with --verbose 2 but I've never tried running it without zmq before so I don't know what it should do in this case. 09/Dec/2020 17:41:09 [nprobe.c:10526] nProbe started successfully 09/Dec/2020 17:41:09 [nprobe.c:8173] Fetch packets thread started [thread 0] 09/Dec/2020 17:41:10 [nprobe.c:3650] --------------------------------- 09/Dec/2020 17:41:10 [nprobe.c:3653] Average traffic: [0.00 pps][All Traffic 0 b/sec][IP Traffic 0 b/sec][ratio nan] 09/Dec/2020 17:41:10 [nprobe.c:3661] Current traffic: [0.00 pps][0 b/sec] 09/Dec/2020 17:41:10 [nprobe.c:3702] Flows exports (including drops) [0 flows][avg: 0.0 flows/sec][latest 1 sec avg: 0.0 flows/sec] 09/Dec/2020 17:41:10 [nprobe.c:3710] Flow drops [export queue full: 0] 09/Dec/2020 17:41:10 [nprobe.c:3713] Packet drops [too many flow buckets: 0] 09/Dec/2020 17:41:10 [nprobe.c:3716] Flow Buckets [active: 0][allocated: 0][toBeExported: 0] 09/Dec/2020 17:41:10 [nprobe.c:3720] Export Queue [current: 0][max: 512000][fill level: 0.0%] 09/Dec/2020 17:41:10 [nprobe.c:3464] Processed packets: 0 (max bucket search: 0) 09/Dec/2020 17:41:10 [nprobe.c:3447] Fragment queue length: 0 09/Dec/2020 17:41:10 [nprobe.c:3488] Flow export stats: [0 bytes/0 pkts][0 flows/0 pkts sent] 09/Dec/2020 17:41:10 [nprobe.c:3494] Flow export drop stats: [0 bytes/0 pkts][0 flows] 09/Dec/2020 17:41:10 [nprobe.c:3499] Total flow stats: [0 bytes/0 pkts][0 flows/0 pkts sent] 09/Dec/2020 17:41:10 [nprobe.c:423] Pcap IN/OUT stats (Average): 8/0 [0.0%] pkts rcvd/dropped 09/Dec/2020 17:41:40 [nprobe.c:3650] --------------------------------- 09/Dec/2020 17:41:40 [nprobe.c:3653] Average traffic: [0.00 pps][All Traffic 63 b/sec][IP Traffic 0 b/sec][ratio 0.00] 09/Dec/2020 17:41:40 [nprobe.c:3661] Current traffic: [0.00 pps][16 b/sec] 09/Dec/2020 17:41:40 [nprobe.c:3702] Flows exports (including drops) [0 flows][avg: 0.0 flows/sec][latest 30 sec avg: 0.0 flows/sec] 09/Dec/2020 17:41:40 [nprobe.c:3710] Flow drops [export queue full: 0] 09/Dec/2020 17:41:40 [nprobe.c:3713] Packet drops [too many flow buckets: 0] 09/Dec/2020 17:41:40 [nprobe.c:3716] Flow Buckets [active: 0][allocated: 0][toBeExported: 0] 09/Dec/2020 17:41:40 [nprobe.c:3720] Export Queue [current: 0][max: 512000][fill level: 0.0%] 09/Dec/2020 17:41:40 [nprobe.c:3464] Processed packets: 1 (max bucket search: 0) 09/Dec/2020 17:41:40 [nprobe.c:3447] Fragment queue length: 0 09/Dec/2020 17:41:40 [nprobe.c:3488] Flow export stats: [0 bytes/0 pkts][0 flows/0 pkts sent] 09/Dec/2020 17:41:40 [nprobe.c:3494] Flow export drop stats: [0 bytes/0 pkts][0 flows] 09/Dec/2020 17:41:40 [nprobe.c:3499] Total flow stats: [0 bytes/0 pkts][0 flows/0 pkts sent] 09/Dec/2020 17:41:40 [nprobe.c:423] Pcap IN/OUT stats (Average): 9/0 [0.0%] pkts rcvd/dropped ^C09/Dec/2020 17:41:53 [nprobe.c:423] Pcap IN/OUT stats (Average): 9/0 [0.0%] pkts rcvd/dropped 09/Dec/2020 17:41:53 [nprobe.c:580] Received shutdown request... [signal: 2] 09/Dec/2020 17:41:54 [nprobe.c:423] Pcap IN/OUT stats (Average): 9/0 [0.0%] pkts rcvd/dropped 09/Dec/2020 17:41:54 [nprobe.c:7034] nProbe is shutting down... 09/Dec/2020 17:41:54 [nprobe.c:7061] Exporting pending buckets... 09/Dec/2020 17:41:54 [nprobe.c:7018] Flushing active flows 09/Dec/2020 17:41:54 [nprobe.c:7081] Pending buckets have been exported... 09/Dec/2020 17:41:56 [engine.c:4413] Export thread terminated [exportQueue=0] 09/Dec/2020 17:41:56 [nprobe.c:7173] Flushing queued flows... 09/Dec/2020 17:41:56 [plugin.c:299] Terminating plugins. 09/Dec/2020 17:41:56 [nprobe.c:7261] Freeing memory... 09/Dec/2020 17:41:56 [nprobe.c:7316] Still allocated 0 hash buckets 09/Dec/2020 17:41:56 [nprobe.c:3464] Processed packets: 1 (max bucket search: 0) 09/Dec/2020 17:41:56 [nprobe.c:3447] Fragment queue length: 0 09/Dec/2020 17:41:56 [nprobe.c:3488] Flow export stats: [0 bytes/0 pkts][0 flows/0 pkts sent] 09/Dec/2020 17:41:56 [nprobe.c:3494] Flow export drop stats: [0 bytes/0 pkts][0 flows] 09/Dec/2020 17:41:56 [nprobe.c:3499] Total flow stats: [0 bytes/0 pkts][0 flows/0 pkts sent] 09/Dec/2020 17:41:56 [nprobe.c:7325] Cleaning globals 09/Dec/2020 17:41:56 [nprobe.c:7344] nProbe terminated.

lucaderi commented 3 years ago

This was a test (blind as I need to restore by X box) build. Adding ZMQ is possible but I need a bit of time as it has various dependecies. Instead packet capture not working is not nice. Ae your VLAN and ports properly configured? So you see traffic with tcpdump ?

swilkey commented 3 years ago

apologies, that was my error. Somehow I mistyped eth1 instead of eth0. I'm almost certain there is nothing plugged in eth1.

09/Dec/2020 20:10:32 [nprobe.c:3653] Average traffic: [420.00 pps][All Traffic 2.68 Mb/sec][IP Traffic 2.55 Mb/sec][ratio 0.95] 09/Dec/2020 20:10:32 [nprobe.c:3661] Current traffic: [424.00 pps][2.71 Mb/sec] 09/Dec/2020 20:10:32 [nprobe.c:3702] Flows exports (including drops) [0 flows][avg: 0.0 flows/sec][latest 30 sec avg: 0.0 flows/sec] 09/Dec/2020 20:10:32 [nprobe.c:3710] Flow drops [export queue full: 0] 09/Dec/2020 20:10:32 [nprobe.c:3713] Packet drops [too many flow buckets: 0] 09/Dec/2020 20:10:32 [nprobe.c:3716] Flow Buckets [active: 164][allocated: 164][toBeExported: 0] 09/Dec/2020 20:10:32 [nprobe.c:3720] Export Queue [current: 0][max: 512000][fill level: 0.0%] 09/Dec/2020 20:10:32 [nprobe.c:3464] Processed packets: 13050 (max bucket search: 0) 09/Dec/2020 20:10:32 [nprobe.c:3447] Fragment queue length: 0 09/Dec/2020 20:10:32 [nprobe.c:3488] Flow export stats: [0 bytes/0 pkts][0 flows/0 pkts sent] 09/Dec/2020 20:10:32 [nprobe.c:3494] Flow export drop stats: [0 bytes/0 pkts][0 flows] 09/Dec/2020 20:10:32 [nprobe.c:3499] Total flow stats: [0 bytes/0 pkts][0 flows/0 pkts sent] 09/Dec/2020 20:10:32 [nprobe.c:423] Pcap IN/OUT stats (Average): 13267/0 [0.0%] pkts rcvd/dropped

This router is not used as much as the one I was testing on earlier today at the office, and it is night so there isn't much going on. But you can see it is collecting stuff now.

lucaderi commented 3 years ago

@swilkey I have added ZMQ: please get https://www.dropbox.com/s/gw559cns0k8c4gq/nprobe-mipsel.tgz?dl=0 and report

swilkey commented 3 years ago

Thanks. Unfortunately core dumped:

sudo ~/nprobe-mipsel --zmq-probe-mode --zmq "tcp://fqdnremoved:5556" -i eth0 -n none --verbose 5 09/Dec/2020 23:25:27 [nprobe.c:4658] WARNING: Invalid license (/etc/nprobe.license) [Missing license file] 09/Dec/2020 23:25:27 [nprobe.c:4665] WARNING: ** 09/Dec/2020 23:25:27 [nprobe.c:4666] WARNING: 09/Dec/2020 23:25:27 [nprobe.c:4667] WARNING: Switching to DEMO MODE 09/Dec/2020 23:25:27 [nprobe.c:4668] WARNING: (Missing license file) 09/Dec/2020 23:25:27 [nprobe.c:4669] WARNING: 09/Dec/2020 23:25:27 [nprobe.c:4671] WARNING: Purchase your license at 09/Dec/2020 23:25:27 [nprobe.c:4672] WARNING: https://shop.ntop.org/ 09/Dec/2020 23:25:27 [nprobe.c:4673] WARNING: 09/Dec/2020 23:25:27 [nprobe.c:4675] WARNING: ** 09/Dec/2020 23:25:27 [nprobe.c:6762] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ? 09/Dec/2020 23:25:27 [nprobe.c:6765] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ? 09/Dec/2020 23:25:27 [nprobe.c:6859] Welcome to nProbe v.9.3.201209 ($Revision: 7027 $) for x86_64-pc-linux-gnu 09/Dec/2020 23:25:27 [nprobe.c:6870] Running on Ubuntu 18.04.5 LTS 09/Dec/2020 23:25:27 [nprobe.c:6881] [LICENSE] nProbe SystemId: D46ACE885E6BA0A5 09/Dec/2020 23:25:27 [nprobe.c:6886] Tracing enabled 09/Dec/2020 23:25:27 [nprobe.c:6952] Sample rate [packet: 1][flow collection/export: 1/1] 09/Dec/2020 23:25:27 [nprobe.c:9848] WARNING: 09/Dec/2020 23:25:27 [nprobe.c:9849] WARNING: NOTE: This is a DEMO version limited to 25000 flows export. 09/Dec/2020 23:25:27 [nprobe.c:9850] WARNING: 09/Dec/2020 23:25:27 [plugin.c:259] Initializing HTTP Protocol 09/Dec/2020 23:25:27 [plugins/httpPlugin.c:257] HTTP log files will be dumped each 60 seconds or each 10000 lines 09/Dec/2020 23:25:27 [plugins/httpPlugin.c:264] Initialized HTTP plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing DNS/LLMNR Protocol 09/Dec/2020 23:25:27 [plugins/dnsPlugin.c:63] Initialized DNS plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing SIP Plugin 09/Dec/2020 23:25:27 [plugins/sipPlugin.c:266] Initialized SIP plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing RTP Plugin 09/Dec/2020 23:25:27 [plugins/rtpPlugin.c:175] Initializing RTP plugin [argc: 10] 09/Dec/2020 23:25:27 [plugin.c:259] Initializing FTP Protocol 09/Dec/2020 23:25:27 [plugins/ftpPlugin.c:80] Initialized FTP plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing SMTP Protocol 09/Dec/2020 23:25:27 [plugins/smtpPlugin.c:120] Initialized SMTP plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing BGP Update Listener 09/Dec/2020 23:25:27 [plugins/bgpPlugin.c:404] BGP plugin is disabled (--bgp-port has not been specified) 09/Dec/2020 23:25:27 [plugin.c:259] Initializing Netflow-Lite Plugin 09/Dec/2020 23:25:27 [plugins/nflitePlugin.c:940] [NFLite] Initialized NetFlow-Lite plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing GTPv0 Signaling Protocol 09/Dec/2020 23:25:27 [plugins/gtpv0Plugin.c:92] Initialized GTPv0 plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing GTPv1 Signaling Protocol 09/Dec/2020 23:25:27 [plugins/gtpv1Plugin.c:127] Initialized GTPv1 plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing GTPv2 Signaling Protocol 09/Dec/2020 23:25:27 [plugins/gtpv2Plugin.c:281] Initialized GTPv2 plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing Radius Protocol 09/Dec/2020 23:25:27 [plugins/radiusPlugin.c:124] Initialized Radius plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing Modbus Plugin 09/Dec/2020 23:25:27 [plugins/modbusPlugin.c:70] Initialized Modbus plugin 09/Dec/2020 23:25:27 [plugins/modbusPlugin.c:104] [MODBUS] Idle flow timeout set to 120 sec 09/Dec/2020 23:25:27 [plugin.c:259] Initializing Diameter Protocol 09/Dec/2020 23:25:27 [plugins/diameterPlugin.c:132] Initialized Diameter plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing NETBIOS Protocol 09/Dec/2020 23:25:27 [plugins/netbiosPlugin.c:50] Initialized NETBIOS plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing SSDP Protocol 09/Dec/2020 23:25:27 [plugins/ssdpPlugin.c:54] Initialized SSDP plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing DHCP Protocol 09/Dec/2020 23:25:27 [plugins/dhcpPlugin.c:305] Initialized DHCP plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing IMAP Protocol 09/Dec/2020 23:25:27 [plugins/imapPlugin.c:130] Initialized IMAP plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing POP3 Protocol 09/Dec/2020 23:25:27 [plugins/popPlugin.c:119] Initialized POP plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing MySQL DB 09/Dec/2020 23:25:27 [plugin.c:259] Initializing MySQL Plugin 09/Dec/2020 23:25:27 [plugins/mysqlPlugin.c:111] Initialized MySQL plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing Export Plugin 09/Dec/2020 23:25:27 [plugins/exportPlugin.c:665] Initializing Export plugin 09/Dec/2020 23:25:27 [plugin.c:259] Initializing Custom Fields 09/Dec/2020 23:25:27 [plugins/customPlugin.c:98] Initialized Custom plugin 09/Dec/2020 23:25:27 [plugin.c:270] 23 plugin(s) loaded [20 delete][20 packet]. 09/Dec/2020 23:25:27 [nprobe.c:9857] Welcome to nProbe v.9.3.201209 for x86_64-pc-linux-gnu 09/Dec/2020 23:25:27 [nprobe.c:8734] Compiling flow templates... 09/Dec/2020 23:25:27 [nprobe.c:8784] Using default template %IN_SRC_MAC %OUT_DST_MAC %INPUT_SNMP %OUTPUT_SNMP %SRC_VLAN %IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_SRC_PORT %L4_DST_PORT %IPV6_SRC_ADDR %IPV6_DST_ADDR %IP_PROTOCOL_VERSION %PROTOCOL %L7_PROTO %IN_BYTES %IN_PKTS %OUT_BYTES %OUT_PKTS %FIRST_SWITCHED %LAST_SWITCHED %CLIENT_TCP_FLAGS %SERVER_TCP_FLAGS %%L7_PROTO_RISK%CLIENT_NW_LATENCY_MS %SERVER_NW_LATENCY_MS %APPL_LATENCY_MS %TCP_WIN_MAX_IN %TCP_WIN_MAX_OUT %OOORDER_IN_PKTS %OOORDER_OUT_PKTS %RETRANSMITTED_IN_PKTS %RETRANSMITTED_OUT_PKTS %SRC_FRAGMENTS %DST_FRAGMENTS %DNS_QUERY %DNS_QUERY_TYPE %DNS_RET_CODE %HTTP_URL %HTTP_SITE %HTTP_METHOD %HTTP_RET_CODE %TLS_SERVER_NAME %BITTORRENT_HASH %SRC_TOS %DST_TOS 09/Dec/2020 23:25:27 [nprobe.c:8789] Using NetFlow Packet Payload Len: 1472 09/Dec/2020 23:25:27 [nprobe.c:8824] Flow export type (-T): bidirectional flows 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin HTTP Protocol [http] 09/Dec/2020 23:25:27 [plugin.c:1159] Enabling plugin HTTP Protocol 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin DNS/LLMNR Protocol [dns] 09/Dec/2020 23:25:27 [plugin.c:1159] Enabling plugin DNS/LLMNR Protocol 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin SIP Plugin [sip] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin RTP Plugin [rtp] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin FTP Protocol [ftp] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin SMTP Protocol [smtp] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin BGP Update Listener [bgp] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin Netflow-Lite Plugin [nflite] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin GTPv0 Signaling Protocol [gtpv0] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin GTPv1 Signaling Protocol [gtpv1] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin GTPv2 Signaling Protocol [gtpv2] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin Radius Protocol [radius] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin Modbus Plugin [modbus] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin Diameter Protocol [diameter] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin NETBIOS Protocol [netbios] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin SSDP Protocol [ssdp] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin DHCP Protocol [dhcp] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin IMAP Protocol [imap] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin POP3 Protocol [pop3] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin MySQL DB [db] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin MySQL Plugin [mysql] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin Export Plugin [export] 09/Dec/2020 23:25:27 [plugin.c:1004] Scanning plugin Custom Fields [custom] 09/Dec/2020 23:25:27 [plugin.c:1177] 2 plugin(s) enabled 09/Dec/2020 23:25:27 [nprobe.c:9213] Scanning flow template... 09/Dec/2020 23:25:27 [nprobe.c:9223] Template [id=257] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_BYTES [num 1][id 1][4 bytes][total 4 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_PKTS [num 2][id 2][4 bytes][total 8 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found PROTOCOL [num 3][id 4][1 bytes][total 9 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_TOS [num 4][id 5][1 bytes][total 10 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L4_SRC_PORT [num 5][id 7][2 bytes][total 12 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IPV4_SRC_ADDR [num 6][id 8][4 bytes][total 16 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found INPUT_SNMP [num 7][id 10][4 bytes][total 20 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L4_DST_PORT [num 8][id 11][2 bytes][total 22 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IPV4_DST_ADDR [num 9][id 12][4 bytes][total 26 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUTPUT_SNMP [num 10][id 14][4 bytes][total 30 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found LAST_SWITCHED [num 11][id 21][4 bytes][total 34 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found FIRST_SWITCHED [num 12][id 22][4 bytes][total 38 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_BYTES [num 13][id 23][4 bytes][total 42 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_PKTS [num 14][id 24][4 bytes][total 46 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DST_TOS [num 15][id 55][1 bytes][total 47 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_VLAN [num 16][id 58][2 bytes][total 49 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_SRC_MAC [num 17][id 56][6 bytes][total 55 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_DST_MAC [num 18][id 57][6 bytes][total 61 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IP_PROTOCOL_VERSION [num 19][id 60][1 bytes][total 62 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_FRAGMENTS [num 20][id 80][2 bytes][total 64 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DST_FRAGMENTS [num 21][id 81][2 bytes][total 66 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found CLIENT_NW_LATENCY_MS [num 22][id 123][4 bytes][total 70 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SERVER_NW_LATENCY_MS [num 23][id 124][4 bytes][total 74 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found CLIENT_TCP_FLAGS [num 24][id 78][1 bytes][total 75 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SERVER_TCP_FLAGS [num 25][id 79][1 bytes][total 76 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found APPL_LATENCY_MS [num 26][id 125][4 bytes][total 80 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found RETRANSMITTED_IN_PKTS [num 27][id 109][4 bytes][total 84 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found RETRANSMITTED_OUT_PKTS [num 28][id 110][4 bytes][total 88 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OOORDER_IN_PKTS [num 29][id 111][4 bytes][total 92 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OOORDER_OUT_PKTS [num 30][id 112][4 bytes][total 96 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L7_PROTO [num 31][id 118][2 bytes][total 98 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TLS_SERVER_NAME [num 32][id 188][48 bytes][total 146 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found BITTORRENT_HASH [num 33][id 189][40 bytes][total 186 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TCP_WIN_MAX_IN [num 34][id 416][2 bytes][total 188 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TCP_WIN_MAX_OUT [num 35][id 420][2 bytes][total 190 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L7_PROTO_RISK [num 36][id 509][4 bytes][total 194 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9223] Template [id=258] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_BYTES [num 1][id 1][4 bytes][total 4 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_PKTS [num 2][id 2][4 bytes][total 8 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found PROTOCOL [num 3][id 4][1 bytes][total 9 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_TOS [num 4][id 5][1 bytes][total 10 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L4_SRC_PORT [num 5][id 7][2 bytes][total 12 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found INPUT_SNMP [num 6][id 10][4 bytes][total 16 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L4_DST_PORT [num 7][id 11][2 bytes][total 18 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUTPUT_SNMP [num 8][id 14][4 bytes][total 22 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found LAST_SWITCHED [num 9][id 21][4 bytes][total 26 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found FIRST_SWITCHED [num 10][id 22][4 bytes][total 30 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_BYTES [num 11][id 23][4 bytes][total 34 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_PKTS [num 12][id 24][4 bytes][total 38 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IPV6_SRC_ADDR [num 13][id 27][16 bytes][total 54 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IPV6_DST_ADDR [num 14][id 28][16 bytes][total 70 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DST_TOS [num 15][id 55][1 bytes][total 71 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_VLAN [num 16][id 58][2 bytes][total 73 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_SRC_MAC [num 17][id 56][6 bytes][total 79 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_DST_MAC [num 18][id 57][6 bytes][total 85 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IP_PROTOCOL_VERSION [num 19][id 60][1 bytes][total 86 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_FRAGMENTS [num 20][id 80][2 bytes][total 88 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DST_FRAGMENTS [num 21][id 81][2 bytes][total 90 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found CLIENT_NW_LATENCY_MS [num 22][id 123][4 bytes][total 94 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SERVER_NW_LATENCY_MS [num 23][id 124][4 bytes][total 98 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found CLIENT_TCP_FLAGS [num 24][id 78][1 bytes][total 99 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SERVER_TCP_FLAGS [num 25][id 79][1 bytes][total 100 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found APPL_LATENCY_MS [num 26][id 125][4 bytes][total 104 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found RETRANSMITTED_IN_PKTS [num 27][id 109][4 bytes][total 108 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found RETRANSMITTED_OUT_PKTS [num 28][id 110][4 bytes][total 112 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OOORDER_IN_PKTS [num 29][id 111][4 bytes][total 116 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OOORDER_OUT_PKTS [num 30][id 112][4 bytes][total 120 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L7_PROTO [num 31][id 118][2 bytes][total 122 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TLS_SERVER_NAME [num 32][id 188][48 bytes][total 170 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found BITTORRENT_HASH [num 33][id 189][40 bytes][total 210 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TCP_WIN_MAX_IN [num 34][id 416][2 bytes][total 212 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TCP_WIN_MAX_OUT [num 35][id 420][2 bytes][total 214 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L7_PROTO_RISK [num 36][id 509][4 bytes][total 218 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9223] Template [id=259] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_BYTES [num 1][id 1][4 bytes][total 4 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_PKTS [num 2][id 2][4 bytes][total 8 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found PROTOCOL [num 3][id 4][1 bytes][total 9 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_TOS [num 4][id 5][1 bytes][total 10 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L4_SRC_PORT [num 5][id 7][2 bytes][total 12 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IPV4_SRC_ADDR [num 6][id 8][4 bytes][total 16 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found INPUT_SNMP [num 7][id 10][4 bytes][total 20 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L4_DST_PORT [num 8][id 11][2 bytes][total 22 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IPV4_DST_ADDR [num 9][id 12][4 bytes][total 26 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUTPUT_SNMP [num 10][id 14][4 bytes][total 30 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found LAST_SWITCHED [num 11][id 21][4 bytes][total 34 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found FIRST_SWITCHED [num 12][id 22][4 bytes][total 38 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_BYTES [num 13][id 23][4 bytes][total 42 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_PKTS [num 14][id 24][4 bytes][total 46 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DST_TOS [num 15][id 55][1 bytes][total 47 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_VLAN [num 16][id 58][2 bytes][total 49 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_SRC_MAC [num 17][id 56][6 bytes][total 55 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_DST_MAC [num 18][id 57][6 bytes][total 61 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IP_PROTOCOL_VERSION [num 19][id 60][1 bytes][total 62 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_FRAGMENTS [num 20][id 80][2 bytes][total 64 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DST_FRAGMENTS [num 21][id 81][2 bytes][total 66 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found CLIENT_NW_LATENCY_MS [num 22][id 123][4 bytes][total 70 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SERVER_NW_LATENCY_MS [num 23][id 124][4 bytes][total 74 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found CLIENT_TCP_FLAGS [num 24][id 78][1 bytes][total 75 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SERVER_TCP_FLAGS [num 25][id 79][1 bytes][total 76 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found APPL_LATENCY_MS [num 26][id 125][4 bytes][total 80 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found RETRANSMITTED_IN_PKTS [num 27][id 109][4 bytes][total 84 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found RETRANSMITTED_OUT_PKTS [num 28][id 110][4 bytes][total 88 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OOORDER_IN_PKTS [num 29][id 111][4 bytes][total 92 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OOORDER_OUT_PKTS [num 30][id 112][4 bytes][total 96 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L7_PROTO [num 31][id 118][2 bytes][total 98 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TLS_SERVER_NAME [num 32][id 188][48 bytes][total 146 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found BITTORRENT_HASH [num 33][id 189][40 bytes][total 186 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TCP_WIN_MAX_IN [num 34][id 416][2 bytes][total 188 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TCP_WIN_MAX_OUT [num 35][id 420][2 bytes][total 190 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L7_PROTO_RISK [num 36][id 509][4 bytes][total 194 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found HTTP_URL [num 37][id 180][128 bytes][total 322 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found HTTP_METHOD [num 38][id 360][4 bytes][total 326 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found HTTP_RET_CODE [num 39][id 181][2 bytes][total 328 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found HTTP_SITE [num 40][id 361][64 bytes][total 392 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9223] Template [id=260] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_BYTES [num 1][id 1][4 bytes][total 4 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_PKTS [num 2][id 2][4 bytes][total 8 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found PROTOCOL [num 3][id 4][1 bytes][total 9 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_TOS [num 4][id 5][1 bytes][total 10 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L4_SRC_PORT [num 5][id 7][2 bytes][total 12 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found INPUT_SNMP [num 6][id 10][4 bytes][total 16 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L4_DST_PORT [num 7][id 11][2 bytes][total 18 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUTPUT_SNMP [num 8][id 14][4 bytes][total 22 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found LAST_SWITCHED [num 9][id 21][4 bytes][total 26 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found FIRST_SWITCHED [num 10][id 22][4 bytes][total 30 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_BYTES [num 11][id 23][4 bytes][total 34 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_PKTS [num 12][id 24][4 bytes][total 38 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IPV6_SRC_ADDR [num 13][id 27][16 bytes][total 54 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IPV6_DST_ADDR [num 14][id 28][16 bytes][total 70 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DST_TOS [num 15][id 55][1 bytes][total 71 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_VLAN [num 16][id 58][2 bytes][total 73 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_SRC_MAC [num 17][id 56][6 bytes][total 79 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_DST_MAC [num 18][id 57][6 bytes][total 85 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IP_PROTOCOL_VERSION [num 19][id 60][1 bytes][total 86 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_FRAGMENTS [num 20][id 80][2 bytes][total 88 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DST_FRAGMENTS [num 21][id 81][2 bytes][total 90 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found CLIENT_NW_LATENCY_MS [num 22][id 123][4 bytes][total 94 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SERVER_NW_LATENCY_MS [num 23][id 124][4 bytes][total 98 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found CLIENT_TCP_FLAGS [num 24][id 78][1 bytes][total 99 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SERVER_TCP_FLAGS [num 25][id 79][1 bytes][total 100 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found APPL_LATENCY_MS [num 26][id 125][4 bytes][total 104 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found RETRANSMITTED_IN_PKTS [num 27][id 109][4 bytes][total 108 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found RETRANSMITTED_OUT_PKTS [num 28][id 110][4 bytes][total 112 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OOORDER_IN_PKTS [num 29][id 111][4 bytes][total 116 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OOORDER_OUT_PKTS [num 30][id 112][4 bytes][total 120 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L7_PROTO [num 31][id 118][2 bytes][total 122 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TLS_SERVER_NAME [num 32][id 188][48 bytes][total 170 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found BITTORRENT_HASH [num 33][id 189][40 bytes][total 210 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TCP_WIN_MAX_IN [num 34][id 416][2 bytes][total 212 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TCP_WIN_MAX_OUT [num 35][id 420][2 bytes][total 214 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L7_PROTO_RISK [num 36][id 509][4 bytes][total 218 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found HTTP_URL [num 37][id 180][128 bytes][total 346 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found HTTP_METHOD [num 38][id 360][4 bytes][total 350 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found HTTP_RET_CODE [num 39][id 181][2 bytes][total 352 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found HTTP_SITE [num 40][id 361][64 bytes][total 416 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9223] Template [id=261] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_BYTES [num 1][id 1][4 bytes][total 4 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_PKTS [num 2][id 2][4 bytes][total 8 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found PROTOCOL [num 3][id 4][1 bytes][total 9 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_TOS [num 4][id 5][1 bytes][total 10 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L4_SRC_PORT [num 5][id 7][2 bytes][total 12 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IPV4_SRC_ADDR [num 6][id 8][4 bytes][total 16 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found INPUT_SNMP [num 7][id 10][4 bytes][total 20 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L4_DST_PORT [num 8][id 11][2 bytes][total 22 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IPV4_DST_ADDR [num 9][id 12][4 bytes][total 26 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUTPUT_SNMP [num 10][id 14][4 bytes][total 30 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found LAST_SWITCHED [num 11][id 21][4 bytes][total 34 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found FIRST_SWITCHED [num 12][id 22][4 bytes][total 38 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_BYTES [num 13][id 23][4 bytes][total 42 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_PKTS [num 14][id 24][4 bytes][total 46 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DST_TOS [num 15][id 55][1 bytes][total 47 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_VLAN [num 16][id 58][2 bytes][total 49 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_SRC_MAC [num 17][id 56][6 bytes][total 55 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_DST_MAC [num 18][id 57][6 bytes][total 61 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IP_PROTOCOL_VERSION [num 19][id 60][1 bytes][total 62 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_FRAGMENTS [num 20][id 80][2 bytes][total 64 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DST_FRAGMENTS [num 21][id 81][2 bytes][total 66 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found CLIENT_NW_LATENCY_MS [num 22][id 123][4 bytes][total 70 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SERVER_NW_LATENCY_MS [num 23][id 124][4 bytes][total 74 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found CLIENT_TCP_FLAGS [num 24][id 78][1 bytes][total 75 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SERVER_TCP_FLAGS [num 25][id 79][1 bytes][total 76 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found APPL_LATENCY_MS [num 26][id 125][4 bytes][total 80 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found RETRANSMITTED_IN_PKTS [num 27][id 109][4 bytes][total 84 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found RETRANSMITTED_OUT_PKTS [num 28][id 110][4 bytes][total 88 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OOORDER_IN_PKTS [num 29][id 111][4 bytes][total 92 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OOORDER_OUT_PKTS [num 30][id 112][4 bytes][total 96 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L7_PROTO [num 31][id 118][2 bytes][total 98 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TLS_SERVER_NAME [num 32][id 188][48 bytes][total 146 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found BITTORRENT_HASH [num 33][id 189][40 bytes][total 186 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TCP_WIN_MAX_IN [num 34][id 416][2 bytes][total 188 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TCP_WIN_MAX_OUT [num 35][id 420][2 bytes][total 190 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L7_PROTO_RISK [num 36][id 509][4 bytes][total 194 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DNS_QUERY [num 37][id 205][256 bytes][total 450 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DNS_QUERY_TYPE [num 38][id 207][1 bytes][total 451 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DNS_RET_CODE [num 39][id 208][1 bytes][total 452 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9223] Template [id=262] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_BYTES [num 1][id 1][4 bytes][total 4 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_PKTS [num 2][id 2][4 bytes][total 8 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found PROTOCOL [num 3][id 4][1 bytes][total 9 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_TOS [num 4][id 5][1 bytes][total 10 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L4_SRC_PORT [num 5][id 7][2 bytes][total 12 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found INPUT_SNMP [num 6][id 10][4 bytes][total 16 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L4_DST_PORT [num 7][id 11][2 bytes][total 18 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUTPUT_SNMP [num 8][id 14][4 bytes][total 22 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found LAST_SWITCHED [num 9][id 21][4 bytes][total 26 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found FIRST_SWITCHED [num 10][id 22][4 bytes][total 30 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_BYTES [num 11][id 23][4 bytes][total 34 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_PKTS [num 12][id 24][4 bytes][total 38 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IPV6_SRC_ADDR [num 13][id 27][16 bytes][total 54 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IPV6_DST_ADDR [num 14][id 28][16 bytes][total 70 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DST_TOS [num 15][id 55][1 bytes][total 71 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_VLAN [num 16][id 58][2 bytes][total 73 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IN_SRC_MAC [num 17][id 56][6 bytes][total 79 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OUT_DST_MAC [num 18][id 57][6 bytes][total 85 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found IP_PROTOCOL_VERSION [num 19][id 60][1 bytes][total 86 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SRC_FRAGMENTS [num 20][id 80][2 bytes][total 88 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DST_FRAGMENTS [num 21][id 81][2 bytes][total 90 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found CLIENT_NW_LATENCY_MS [num 22][id 123][4 bytes][total 94 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SERVER_NW_LATENCY_MS [num 23][id 124][4 bytes][total 98 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found CLIENT_TCP_FLAGS [num 24][id 78][1 bytes][total 99 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found SERVER_TCP_FLAGS [num 25][id 79][1 bytes][total 100 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found APPL_LATENCY_MS [num 26][id 125][4 bytes][total 104 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found RETRANSMITTED_IN_PKTS [num 27][id 109][4 bytes][total 108 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found RETRANSMITTED_OUT_PKTS [num 28][id 110][4 bytes][total 112 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OOORDER_IN_PKTS [num 29][id 111][4 bytes][total 116 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found OOORDER_OUT_PKTS [num 30][id 112][4 bytes][total 120 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L7_PROTO [num 31][id 118][2 bytes][total 122 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TLS_SERVER_NAME [num 32][id 188][48 bytes][total 170 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found BITTORRENT_HASH [num 33][id 189][40 bytes][total 210 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TCP_WIN_MAX_IN [num 34][id 416][2 bytes][total 212 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found TCP_WIN_MAX_OUT [num 35][id 420][2 bytes][total 214 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found L7_PROTO_RISK [num 36][id 509][4 bytes][total 218 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DNS_QUERY [num 37][id 205][256 bytes][total 474 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DNS_QUERY_TYPE [num 38][id 207][1 bytes][total 475 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9229] Found DNS_RET_CODE [num 39][id 208][1 bytes][total 476 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9253] Scanning option template... 09/Dec/2020 23:25:27 [nprobe.c:9259] Found TOTAL_FLOWS_EXP [id 42][4 bytes][total 4 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9259] Found TOTAL_PKTS_EXP [id 41][4 bytes][total 8 bytes] 09/Dec/2020 23:25:27 [nprobe.c:9291] Each flow is 476 bytes long 09/Dec/2020 23:25:27 [nprobe.c:9292] The # flows per packet has been set to 2 09/Dec/2020 23:25:27 [nprobe.c:9295] IP TOS is ignored 09/Dec/2020 23:25:27 [nprobe.c:7704] Using packet capture length 1600 09/Dec/2020 23:25:27 [nprobe.c:7765] Initializing pcap socket on device eth0.. 09/Dec/2020 23:25:27 [nprobe.c:10103] The flows hash has 131072 buckets 09/Dec/2020 23:25:27 [nprobe.c:10105] Flows older than 120 seconds will be exported 09/Dec/2020 23:25:27 [nprobe.c:10108] Flows inactive for at least 30 seconds will be exported 09/Dec/2020 23:25:27 [nprobe.c:10111] Expired flows will not be queued for more than 30 seconds 09/Dec/2020 23:25:27 [nprobe.c:10118] Exported flows with engineType 0 and engineId 159 09/Dec/2020 23:25:27 [nprobe.c:10154] TCP TOS will be ignored and set to 0. 09/Dec/2020 23:25:27 [nprobe.c:10160] Flows ASs will not be computed (missing libmxminddb support) 09/Dec/2020 23:25:27 [nprobe.c:10190] Flows will be emitted in NetFlow 9 format 09/Dec/2020 23:25:27 [nprobe.c:10243] Flow input interface index is set to 0 09/Dec/2020 23:25:27 [nprobe.c:10249] Flow output interface index is set to 0 09/Dec/2020 23:25:27 [nprobe.c:10265] Capturing packets from interface eth0 [snaplen: 1600 bytes] 09/Dec/2020 23:25:27 [util.c:5192] Initializing ZMQ as client 09/Dec/2020 23:25:27 [util.c:5265] Exporting flows towards ZMQ endpoint tcp://fqdnremoved:5556 09/Dec/2020 23:25:27 [util.c:5285] TCP keepalive set 09/Dec/2020 23:25:27 [util.c:5291] TCP keepalive idle set to 30 seconds 09/Dec/2020 23:25:27 [util.c:5297] TCP keepalive count set to 3 09/Dec/2020 23:25:27 [util.c:5303] TCP keepalive interval set to 3 seconds Segmentation fault (core dumped)

lucaderi commented 3 years ago

I am trying to unbrick my EdgeRouter and I will test it

lucaderi commented 3 years ago

EdgeRouter packages are available at http://packages.ntop.org