Previously, we covered the basic configuration of nProbe and nTop to visualize and forward NetFlow data from a remote exporter.
In this article, we will configure nProbe to collect traffic on the wire and forward it to nTop for visualization, as well as export a NetFlow of its own to a remote collector.
Collecting Traffic over the Wire
In the nBox UI, navigate to "Applications > nProbe" and then select the interface you wish to capture on from the sub-menu.
From this page, there are three parameters we are interested in.
1) Collectors IP
If you wish to have nProbe export a NetFlow based on the traffic over the wire, you should configure the address of your remote collector here.
2) ZMQ Endpoint
This is the address that nProbe will listen on. nTop will connect to this address to retrieve information from nProbe.
In this example, we listen on all interfaces.
3) Flow Export Format
Finally, if you have configured a remote NetFlow collector in step one, we must select the format of our NetFlow export.
Now that the interface parameters have been set, we can navigate back to the "status" tab and enable it.
Visualizing the Traffic with nTop
Once nProbe has been configured and started, we can now start visualizing the traffic with nTop.
In the nBox UI, navigate to "Applications > ntopng", and select the "Set Configuration" tab.
nTop can either act as a stand-alone capture system, or as a head-end for nProbe.
Since we are receiving remote traffic from nProbe, we will select "Collector Only" from the interface list.
2) Collector Endpoint
This is the address and port of the nProbe ZMQ endpoint we configured previously.
Our nProbe's IP address is 192.168.10.100.
Once this configuration is complete, restart nTop, and navigate to its Web UI.
You will see that now, the traffic being captured from the remote nProbe machine is being displayed.