InterMapper.comiMapper Community 
 
Configuring the nProbe NetFlow Exporter

nProbe is a software-only NetFlow exporter. You can use it to gather NetFlow traffic statistics if you don't have NetFlow-compatible routers or switches. nProbe listens to traffic on an interface, and exports NetFlow v5 & v9 flow records to a program like InterMapper Flows.

nProbe is open source software available from http://ntop.org. It has been created by the same people who make the well-known ntop network traffic probe software.

nProbe is fairly simple to use: you can install it on an old Windows, Linux, or OSX box, and configure it to send the flows to InterMapper Flows. We use it for testing here, connected to a hub between a router and the firewall.

Although Dartware cannot give support for using nProbe, we have received reports that nProbe works fine on Windows XP/2000, and on various flavors of Linux.

Getting nProbe

You can retrieve nProbe from this URL. Scroll to the bottom of the page, and look for the "demo copy" link after the Availability table. That page also has a link to their store where you can purchase a pre-built non-expiring version for your platform.

http://ntop.org/nProbe.html

This demo version has a limit of only 2000 flows exports before stopping.

Installation

On Windows, run the .exe file. I places nProbe in C:\Program Files\nProbe-Win32

On Linux/Unix/OSX, unzip the file, then chmod +x to make it executable.

Configuration

Running nProbe from the command line the is easiest method, especially for a demo situation, because you can peruse the debug messages. The following options are the most important:

  • /c - output to console (Windows only)
  • -n <address>:<port> - IP address and port that should receive the flow records
  • -b 1 - modest level of reporting
  • -i <interface> - generally 1 on Windows; en0/eth0 on Linux; en0 for Ethernet on OSX, en1 for wireless
  • -u <in-index> - sets the ingress interface for all flows (use 1)
  • -Q <out-index> - sets the egress interface for all flows (use 2)

Thus the command line for Windows might be:

    C:\Program Files\nProbe-Win32> nprobe /c -i 1 -n 192.168.2.11:2055 -b 1 -u 1 -Q 2


For Linux/Unix, the command line might be:

    % nprobe -i eth0 -n 192.168.2.11:2055 -b 1 -u 1 -Q 2


Each of these commands would send flow records to InterMapper Flows at the IP address 192.168.2.11, on port 2055.
 

InterMapper Flows

Using InterMapper Flows with sFlow


Using InterMapper Flows


Installing and Configuring InterMapper Flows


Enabling NetFlow on Cisco Equipment


Configuring the nProbe NetFlow Exporter


Configuring NetFlow on an ImageStream TransPort Router


Configuring the Softflowd NetFlow Exporter


module by Inspiration

About Us  |  Contact Us  |  Sitemap  |  Privacy

Network Monitoring Software  |  Network Management Software  |  Netflow Analyzer

© Copyright 2010, Dartware, LLC