Difference between revisions of "Ntopng"

Revision as of 16:52, 12 April 2015

High-Speed Web-based Traffic Analysis and Flow Collection.

ntopng as Flow Collector

In ntopng flows are collected through nProbe that act as probe/proxy. The communication between nProbe and ntopng happens though ZeroMQ that decouples ntopng from nProbe.

OBS nprobe kräver licens

sudo nprobe --zmq "tcp://*:5556" -i none [eth0] -n none --collector-port 2055 &
sudo ntopng -i tcp://127.0.0.1:5556

@@ Line 1: / Line 1: @@
-Under arbete, någon får gärna hjälpa mig att testa.
+High-Speed Web-based Traffic Analysis and Flow Collection.
+=== Installation ===
   wget http://www.nmon.net/apt-stable/14.04/all/apt-ntop.deb && sudo dpkg -i apt-ntop.deb
-  sudo apt-get clean all && sudo apt-get update && sudo apt-get -y install pfring nprobe ntopng ntopng-data n2disk nbox
+  sudo apt-get clean all && sudo apt-get update && sudo apt-get -y install ntopng ntopng-data nbox
+ sudo service apache2 restart
+https://<IP>
+ntopng konfas och startas från webgui:t
+=== Listener Port ===
+ auto eth1
+ iface eth1 inet manual
+=== Portspegling ===
+Det finns olika sätt att få den speglade trafiken till ntop.
+==== vSwitch ====
+Promiscuous mode
+==== dvSwitch ====
+Distributed Port Mirroring
+==== Fysisk switch ====
+RSPAN/ERSPAN
+== ntopng as Flow Collector ==
+In ntopng flows are collected through nProbe that act as probe/proxy. The communication between nProbe and ntopng happens though ZeroMQ that decouples ntopng from nProbe.
 OBS nprobe kräver licens
@@ Line 10: / Line 36: @@
   sudo ntopng -i tcp://127.0.0.1:5556
- ntopng -i "eth1" -d /home/user -m 10.0.0.0/24 --dump-flows
+== nProbe ==

Navigation menu

Difference between revisions of "Ntopng"

Revision as of 16:52, 12 April 2015

Contents

Installation

Listener Port

Portspegling

vSwitch

dvSwitch

Fysisk switch

ntopng as Flow Collector

nProbe