https://packages.ntop.org/apt/
Then instruct your cisco router to export flows to the machine ip, port 2055
For more information, please see our user guide https://github.com/ntop/ntopng/blob/dev/doc/UserGuide.pdf and this blog post https://www.ntop.org/nprobe/advanced-flow-collection-with-ntopng-and-nprobe/
https://www.sudorambles.com/dockerised-ntopng-on-a-raspberry-pi-4/
https://github.com/MSarandev/ntopng-docker-raspberry
https://github.com/BernLeWal/ntopng-docker-raspi/blob/master/docker-compose.yml
https://weberblog.net/using-netflow-with-nprobe-for-ntopng/|blog how to configure
nprobe.conf --zmq="tcp://*:5556" --collector-port=2055 -n=none -i=none
ntopng.conf --interface="tcp://127.0.0.1:5556"
brctl setageing br0 0
If you want to make it persistent, put this in /etc/network/interfaces Code:
auto br0
iface br0 inet manual
bridge_ports nic0
bridge_stp off
bridge_fd 0
bridge_ageing 0
bridges:
br0:
macaddress: 00:e0:4c:12:09:83
interfaces: [eth0,eth1,wlan0]
dhcp4: false
addresses: [10.11.13.244/24]
gateway4: 10.11.13.3
nameservers:
addresses: [10.11.13.3]
parameters:
ageing-time: 0
br1:
interfaces: [eth2,eth3]
dhcp4: false
optional: true
sudo apt-get install daemonlogger
sudo daemonlogger -i <input_interface> -o <mirror_interface>
"-i <interface>" Set interface to grab data from to <interface>.
"-o <interface>" Disable logging, instead mirror traffic from -i <interface> to -o <interface>.