Posted: Wed Mar 08, 2023 23:44 Post subject: How to connect DD-WRT to ntop?
There is an old guide here for enabling traffic monitoring by using DD-WRT's RFlow / Netflow capability to send traffic information to an instance of ntop;
However this guide is outdated and does not work anymore.
I have DD-WRT installed and running on my Netgear R7000 router. I have ntopng dashboard running locally on my Mac. In DD-WRT Services, I have Enabled RFlow and set it to my Mac's IP address and the default port 2055 (how do I know if this is the right port for my ntopng???). However at this point, the guide says;
Quote:
Rfow configuration
You have to create a virtual rflow interface. Do this by selecting Plugins | All in the menu listing at the top of the webpage.
In the Active column click on "NO" next to NetFlow to enable the plugin.
Click on "NetFlow" in the Configure column.
Click on "Add NetFlow Device"
I have been searching Google for quite a while now and cannot find any up to date information on how to do this. Right now, my ntop running on my Mac is not able to see any data or metrics or hosts on the network using the en0 interface. I know that ntop itself is working, because when I switch back to a non-DD-WRT router, suddenly ntop is able to see all hosts on the network and limited traffic data on them despite running off my Mac. So it seems to me that the issue must be with the DD-WRT router not sending data. Does anyone know how you get DD-WRT to correctly send data to ntop?
Joined: 18 Mar 2014 Posts: 12904 Location: Netherlands
Posted: Thu Mar 09, 2023 11:11 Post subject:
I will move your thread to the appropriate forum.
See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
What build number are running?
I am using the R7000 build dated '2020-11-03'
when I ssh into the router and check `top`, I can see that `rflow -i br0 -F 192.168.1.133 2055 -d -A 60 -I 15` is running, which is good news. Not sure where to go from there, however.
I have looked at that page but I am not sure how it is supposed to help for this. I am not using RFlowCollector on a Windows PC, but instead I am using ntop (`ntopng`) currently on a macOS device, potentially moving it to a different device after I can prove to myself that it works with DD-WRT. Also worth mentioning that all the links on that page for info and download of RFlowCollector are all broken anyway so even that page appears to be outdated.
Has anyone got ntopng running with dd-wrt using OS X as the ntopng server? Does that require an nprobe license?
I’m just wondering about monitoring my home network with ntopng using DD-WRT’s RFlow sender.
Thanks &
Cheers,
Toby
Luca Deri
8 years ago
Permalink
Toby,
yes for netflow you need nProbe. But why do you want to use rflow if you can run ntopng onto the router? Note that we have ARM packages ready on http://packages.ntop.org <http://packages.ntop.org/> and that weâre working at supporting new platforms.
which suggests a few things, which I could use some clarification on;
- ntop (ntopng) requires nprobe, which requires a license ( https://shop.ntop.org/ ; the cheapest non-Raspberry Pi license costs $300 USD)
- at some point in the past ntop did not require nprobe to collect data from DD-WRT ???
- there is some method for running ntop / ntopng directly on the DD-WRT router ???
Regarding the first point, indeed more recent docs from ntop suggest that nprobe is now required to get data from e.g. DD-WRT to ntopng ;
Regarding the last point, running ntop (ntopng) directly on the DD-WRT device, I have not figured that out either. It seems like the install methods for various Linux and BSD versions listed on their official website ( https://packages.ntop.org/ ) do not directly translate to the environment inside of the DD-WRT device, in particular their package manager instructions are different from what is available inside the R7000 after ssh'ing in. Its also not clear to me if a device like the Netgear R7000 even has enough resources to be a dedicated host for this service.
Joined: 18 Mar 2014 Posts: 12904 Location: Netherlands
Posted: Thu Mar 09, 2023 15:31 Post subject:
You are running an old and outdated build.
Consider upgrading, after upgrading a reset to defaults and put settings in manually is highly recommended as you are coming from an old build (never restore from a backup to a different build).
See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
What build number are running?
I am using the R7000 build dated '2020-11-03'
So, you went to the router database and stopped at that point (11-03-2020-r44715). Please consider upgrading to at least 51937.
