lucaderi
commented
1 year ago I have tested the system and it works for me with the pcap you sent me. The fact that you see "Collected ZMQ Messages " non-zero means that the communication between nprobe and ntopng work. Instead when "Collected Flows" is zero it means that there are no flows exported. The problem of your test is that with tcpreplay-edit I have been unable to send nProbe the flows (in this case the result was identical to yours) and for this reason we ship in the probe package /usr/bin/sendPcap that is used to send pcap files containing flows. So what you can do is (on the same host)
- ntopng -i tcp://127.0.0.1:1234
- nprobe -i none -n none -3 2055 --zmq tcp://127.0.0.1:1234
Then do
- sendPcap -i tcpreplay.pcap
and in this case you will see flows collected
Yoshihiro-jp
Hello,
This is Yoshihiro.
Environment: OS name: Ubuntu OS version: 22.04.2 LTS Architecture: x86_64 nprobe version/revision: nProbe v.10.2.230329 for x86_64-pc-linux-gnu
What happened: I got informed from my possible customer. He has sent the "Netflow v5" from "SonicWall NSa 3700" to the nprobe but it doesn't show any traffic information in the ntopng. Only "Collected ZMQ Messages" and "Interface Updates" in the ntopng have been counted like attached file(no traffic.png).
So I got the pcap file from him then I did test with tcpreplay in my test environment then I got the same issues. So I think that this is the nprobe problem.
Maybe some mandatory data is missing? Could you check the attached pcap file?
How did you reproduce it? $sudo tcpreplay-edit --srcipmap=0.0.0.0/0:192.168.72.254/32 --dstipmap=0.0.0.0/0:192.168.63.38/32 -i ens33 -p 1 ./tcpreplay.pcap
※tcpreplay.pcap is attached. This pcap was generated by "SonicWall NSa 3700".
Debug Information: Kindly check the tcpreplay.pcap. nprobe bug sonicwall.zip