lucaderi
commented
8 years ago @yslarmie Hi, I have looked at the pcap but it contains just flows (no template). Please try again.
Closed yslarmie closed 7 years ago
lucaderi
commented
8 years ago @yslarmie Hi, I have looked at the pcap but it contains just flows (no template). Please try again.
yslarmie
commented
8 years ago Apologies Luca, here is the pcap with the template:
yslarmie
commented
8 years ago Good day, I know this is a best-effort service, but could you give me a timeframe within which you'll have a look at this please?
lucaderi
commented
8 years ago Sorry for the delay. I have looked at the pcap you sent me but as you can see it lacks many fields we need to create flows. For instance we do not see IP addresses (only one), protocol, port just to mention a few. We can emulate this information (e.g. adding 0.0.0.0) but your flows will be incomplete and I doubt you can do much with them with any netflow collector. Please advise.
yslarmie
commented
8 years ago Thanks Luca,
The university intends to use ntop in the capacity of real-time layer 7 inspection. So as long as a mac address is identifiable along with the application, then your development work to fill in the blanks would still be of value to us.
Sent from my Windows Phone
From: Luca Derimailto:notifications@github.com Sent: 2016-03-19 11:07 AM To: ntop/nProbemailto:nProbe@noreply.github.com Cc: yslarmiemailto:yassers_za@hotmail.com Subject: Re: [nProbe] nprobe support for Cisco WLC netflow export (#21)
Sorry for the delay. I have looked at the pcap you sent me but as you can see it lacks many fields we need to create flows. For instance we do not see IP addresses (only one), protocol, port just to mention a few. We can emulate this information (e.g. adding 0.0.0.0) but your flows will be incomplete and I doubt you can do much with them with any netflow collector. Please advise.
You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: https://github.com/ntop/nProbe/issues/21#issuecomment-198671549
ValentinaViscarelli
commented
7 years ago Sorry for delay, but with this information nprobe is not able to create flows. The nprobe task is the flows creation and in order to do this it needs of ip address (src and dst) and ports. In your pcap file I don't see these information.
lucaderi
commented
1 month ago This feature has been implemented in the current software version
Hello team,
After reading through the following blog post:
http://mrncciew.com/2013/02/13/who-really-support-wlc-netflow/
It seems that Cisco sends these unique fields in their Wireless LAN Controller netflow v9 exports:
• applicationTag • ipDiffServCodePoint • octetDeltaCount • packetDeltaCount • postIpDiffServCodePoint • staIPv4Address • staMacAddress • wlanSSID • wtpMacAddress
Could you please help me in getting these fields incorporated into nprobe? Currently, ntopng shows zero data for the received netflow packets coming from the WLC.
I'm attaching the pcap file for a netflow capture taken on the nprobe server where I used the following: "tcpdump -n host 137.158.248.10 -w WLC -s 0" :
http://1drv.ms/1PyuWCz
The nprobe and ntopng commands that I used are as follows:
nprobe --zmq tcp://127.0.0.1:2055 --collector-port 9991 -i none -n none -b 2 &
ntopng -i tcp://127.0.0.1:2055 &
Best regards, Yasser