Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA - How to configure nProbe to export flows to Solarwinds NTA

NTA - How to configure nProbe to export flows to Solarwinds NTA

Table of contents
Created by Joseph Esquitin, last modified by Gary O'Donovan on Jan 27, 2017

Views: 201 Votes: 1 Revisions: 13

Overview

If customers do not have equipment in their network that support any type of flow technology ( Netflow, sFlow, J-Flow) they can leverage a third party software call nProbe to collect Netflow data and have IP conversation visibility into their network using non-flow capable devices.

Environment

  • All Netflow versions
  • Windows
  • Linux

Steps

Here’s how to set up nProbe to work with Orion NTA:

1. Download and install nProbe on a Windows (or Linux) server

  • Download an evaluation version of nProbe (© 1998-2016 ntop , available at http://www.ntop.org/, obtained on November 2, 2016.) and install it on a server. As noted in the diagram above, you'll need a server with two NICs - one to connect to the span port of the switch and the other to export flows to the Orion NTA server.   

2. Enable port spanning or port mirroring on your Managed Switch

  • Configure port mirroring or port spanning on your managed switch to the port that the server running nProbe is connected. This will allow nProbe to see all traffic flowing through the switch. You’ll need to consult your switch documentation for how to configure port mirroring or port spanning. If possible, consider only spanning the ports of interest to reduce the amount of flow data collected.

3. Add the nProbe server to Orion

  • Add the server running nProbe to Orion, including all interfaces.
  • Add the server interfaces as monitored NetFlow Sources.
  • Go to NTA settings and enable “Allow monitoring of flows from unmanaged interfaces”.

4. Configure nProbe to export flows to Orion NTA

  • Open command prompt on nProbe server and navigate to C:\Program Files\nProbe-Win32.
  • Run nProbe from CLI using the options listed below:

             nprobe

                 /c - output to console. This is the easiest method, especially for a demo situation, because you can review the debug messages.

                 -n <Orion NTA server address>:<port>  - IP address and port that should receive the flow records. Use 2055 for port.

                 -b 1 - modest level of reporting

                  -i  <interface> - generally 1 on Windows; en0/eth0 on Linux; en0 for Ethernet on OSX, en1 for wireless

                 -u <in-index> - sets the ingress interface for all flows (use 1).

                 -Q <out-index> - sets the egress interface for all flows (use 2).

          E.g. nprobe /c -i 1 -n 10.199.15.50:2055 -b 1 -u 1 -Q 65539

  • NOTE: It’s important the ingress (-u) and egress (-Q) interface indexes be set to the server interfaces being managed in Orion. NTA will drop flows from interfaces that are not managed in Orion. You can see the interface index for the server interfaces in Orion by drilling down to their respective interface details view. So, if your nProbe server had two interfaces being monitored in Orion NTA, you would just set the option –u to the index of one of them and the –Q switch to the index of the other. See nProbe documentation (© 1998-2016 ntop , available at http://www.ntop.org/, obtained on November 2, 2016.) for other command line options.

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

 

Last modified
10:10, 27 Jan 2017

Tags

Classifications

Public