V: Flow export version 10 - IPFIX, 9 (v9), 5 (v5) $ sudo nprobe -i Gi1 -V 10 -n 10.0.0.1:2055 -T="%SAMPLING_INTERVAL %IN_BYTES %IN_PKTS %IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %L4_SRC_PORT %L4_DST_PORT %SRC_TOS %TCP_FLAGS %PROTOCOL %IP_PROTOCOL_VERSION %DIRECTION %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %IN_SRC_MAC %OUT_DST_MAC %flowStartSeconds %flowEndSeconds %BIFLOW_DIRECTION %L7_PROTO %L7_PROTO_NAME %L7_PROTO_CATEGORY %INTERFACE_NAME" -t 60 -d 15 -l 60 We use the following nProbe parameters to test Layer-7 visibility of the applications: Note: The nProbe version 9.6 adds %L7_RISK_SCORE extension which associates flow risk score with a flow. However, it may be out of date therefore, visit the ntop - nprobe website to get the latest information. The L7_Protocol_Maping_nProbe.txt file contains a list of mapping L7 application protocol numbers to application names. %L7_PROTO_CATEGORY Layer 7 protocol category.Application visibility at Layer 7 is achieved by adding the following information elements: The nProbe version 6.7 and later allows us to discover more than 250 applications including Skype, BitTorrent and Citrix and advertise the application name in exported flows.
#Ntopng plugins netflow pro
Picture 1 - Network Topology with nProbe Pro The network infrastructure is shown on the Figure 1. In the second part of the tutorial, we will enable the HTTP plugin and check that nProbe correctly decodes the HTTP network traffic parameters and exports them in IPFIX messages. In the first part of this tutorial, we will check the visibility of Layer 7 applications in NetFlow v9 flows and IPFIX messages exported using Nprobe. For example in a proxy mode, nProbe can collect sFlow or NetFlow v5/v9/IPFIX flows and send them towards the collector as NetFlow v5/v9/IPFIX flows. They are other modes available such as proxy or ips mode. If configured in a collector mode, it collects flows from other device such as routers/switches and export them via TCP streaming to Syslog, Splunk etc. In a probe mode, nProbe captures packets on an interface and exports flows to a flow collector (Noction Flow Analyzer, Ntop etc.). Nprobe includes both a NetFlow v5/v9/IPFIX probe and collector.
0 kommentar(er)
