simonemainardi
commented
7 years ago Hi,
On Mon, Apr 10, 2017 at 8:12 AM, Matthias Henze notifications@github.com wrote:
As noted here:
http://listgateway.unipi.it/pipermail/ntop/2017-April/019768.html
I do not recive IPv4 traffic with Netflow from Mikrotik routers. I use v.7.4.170215 on Linux with:
--zmq="tcp://*:5556" --collector-port=4711 -n=none -i=none
I've tried to add -V 10 and -V 9 with corresponding router configs without success. When I start it in foreground I see:
Don't use a version. That will automatically be determined from the incoming packets.
10/Apr/2017 08:07:18 [nprobe.c:7484] IPv6 traffic will NOT be
exported/accounted by this probe 10/Apr/2017 08:07:18 [nprobe.c:7485] due to configuration options (e.g. use NetFlow v9)
But also:
10/Apr/2017 08:07:19 [collect.c:147] Flow collector listening on port 4711 (IPv4/v6)
It is a matter of fact, that Ntop does not record any IPv6 traffic. I don't know how to capture traffic with "templates" for analysis as suggested on the mailing list. I've tried:
nprobe --collector-port 4711 --dump-pkts /tmp/netflow.pcap -n none -i none
without success.
You have to specify an nProbe template (see option -T) that includes IPV6 address fields. An example template is:
-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK"
you should add fields:
[ 27] %IPV6_SRC_ADDR %sourceIPv6Address IPv6 source address [ 28] %IPV6_DST_ADDR %destinationIPv6Address IPv6 destination address [ 29] %IPV6_SRC_MASK %sourceIPv6PrefixLength IPv6 source mask [ 30] %IPV6_DST_MASK %destinationIPv6PrefixLength IPv6 destination mask
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ntop/nProbe/issues/169, or mute the thread https://github.com/notifications/unsubscribe-auth/ADPYH-9T_V-OJQfhoNAVoksQE-LBaA9Wks5rucg1gaJpZM4M4XBW .
mahescho
IlariExove
As noted here:
http://listgateway.unipi.it/pipermail/ntop/2017-April/019768.html
I do not recive IPv4 traffic with Netflow from Mikrotik routers. I use v.7.4.170215 on Linux with:
--zmq="tcp://*:5556" --collector-port=4711 -n=none -i=noneI've tried to add -V 10 and -V 9 with corresponding router configs without success. When I start it in foreground I see:
10/Apr/2017 08:07:18 [nprobe.c:7484] IPv6 traffic will NOT be exported/accounted by this probe 10/Apr/2017 08:07:18 [nprobe.c:7485] due to configuration options (e.g. use NetFlow v9)But also:
10/Apr/2017 08:07:19 [collect.c:147] Flow collector listening on port 4711 (IPv4/v6)With "-V 9" as suggested here: https://lists.gt.net/ntop/misc/40727?page=last the IPv6 warning will vanish but no IPv6 traffic will be recorded. It is a matter of fact, that Ntop does not record any IPv6 traffic. I don't know how to capture traffic with "templates" for analysis as suggested on the mailing list. I've tried:
nprobe --collector-port 4711 --dump-pkts /tmp/netflow.pcap -n none -i nonewithout success.
Update:
Recently (with -V 9) I see many flows with "NoIP". According to the ports and frequency this may be IPv6 entries. But why are they listed as "NoIP"? The database table for IPv6 is still empty.