Help: Which version of nprobe should I use

[Hqyanyan]

I have some confusions and I would appreciate it if someone would answer my questions. I would like to apply for the nprobe license, but I don't know which version of the license applies to my case, because I see too many items in the nProbe store. I would like to explain my experiment and ask you if you know which version of license I should use?

My experiments are described as follows:

1. My router is not a Cisco router and can only generate .pcap packets. My laptop can use Ubuntu 22.04 or Windows.I need to capture network packets on the laptop and record them as Netflow streams.

2. I would like to capture the packets directly by nProbe, and then, nProbe will save the captured packets as Netflowv9 version data. At the same time, nProbe can convert the .pcap packets captured before (by wireshark) into Netflow v9 data.

3. It is better to customize the feature fields extracted from netflow, so that I can freely extract the features of the network traffic.

Thank you for your time (reading this message) and have a nice day!

[cardigliano]

• What do you mean by "My router can only generate .pcap packets"? Are you dumping pcap files, or mirroring live packets to an interface? Anyway nProbe can process both a pcap file or a live stream from a traffic mirror.
• Netflow is a way of exporting flows live, I am not sure about what you mean with "save the captured packets as Netflowv9", Netflows v9 can be exported to a collector, or you can dump flow data to file (CSV) or DB. nProbe Pro is probably what you need (unless you need Enterprise features, see the camparison table at https://www.ntop.org/products/netflow/nprobe/).

[Hqyanyan]

• What do you mean by "My router can only generate .pcap packets"? Are you dumping pcap files, or mirroring live packets to an interface? Anyway nProbe can process both a pcap file or a live stream from a traffic mirror.“我的路由器只能生成 .pcap 数据包”是什么意思？您是转储 pcap 文件，还是将实时数据包镜像到接口？无论如何，nProbe 可以处理 pcap 文件或来自流量镜像的实时流。
• Netflow is a way of exporting flows live, I am not sure about what you mean with "save the captured packets as Netflowv9", Netflows v9 can be exported to a collector, or you can dump flow data to file (CSV) or DB.Netflow 是一种实时导出流的方式，我不确定您所说的“将捕获的数据包另存为 Netflowv9”是什么意思，Netflows v9 可以导出到收集器，或者您可以将流数据转储到文件 （CSV） 或数据库。 nProbe Pro is probably what you need (unless you need Enterprise features, see the camparison table at nProbe Pro 可能是您所需要的（除非您需要企业功能，请参阅https://www.ntop.org/products/netflow/nprobe/).https://www.ntop.org/products/netflow/nprobe/）。

Hello, thank you very much for your advice! First of all, I'm not using a Cisco router, and when I Googled it, the answer was that my router doesn't send netflow packets. I wanted to use my laptop to capture the data transmitted by the router, so I used a switch connected to the router and sent the data to the laptop through the mirror port of the switch. My understanding is that the data sent by my router can only be saved as pcap format data, but not as netflow data. Second, I wanted to convert the.pcap packets (captured via wireshark) to netflow data, so I said :"save the captured packets as Netflowv9". Finally, the truth is, I don't quite understand how to save data in netflow format via nprobe, or how to collect netflow data. I came to nprobe from the literature. If you can give me more help, I will be very very grateful! Again, thank you very much for your reply and help!

[cardigliano]

I suggest to start reading the basics at https://www.ntop.org/guides/nprobe/configurations.html However, as starting point, you can read from a traffic mirror and dump flows to text file with a command like this: nprobe -i eth0 -P /tmp/logs/