search

ntop / ntopng

Web-based Traffic and Security Network Traffic Monitoring
http://www.ntop.org
GNU General Public License v3.0
6.23k stars 654 forks source link

NTOPNG zero MAC Address #502

Closed samwaniskrezi closed 8 years ago

samwaniskrezi commented 8 years ago

I already follow the solution from issue #427 , but the issue still happened.

nprobe.conf

-b=2
-G=
-V=9
--zmq=tcp://*:5556
--collector-port=2055
--tunnel
--no-promisc
-i=none
-n=none
-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IN_SRC_MAC %OUT_DST_MAC %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %SRC_MASK %DST_MASK"

ntop1

simonemainardi commented 8 years ago

you are using nprobe in netflow collector mode. Make sure the device that is exporting on 2055 is actually sending mac addresses as well.

samwaniskrezi commented 8 years ago

i have cisco catalyst 6500 exporting on port 2055 for all vlans. how can i make sure that these devices exporting mac address.

simonemainardi commented 8 years ago

quick and dirty: use wireshark and sniff some cisco traffic towards port 2055. Then inspect captured packets and see if mac addresses are there. Otherwise you should check cisco configuration.

lucaderi commented 8 years ago

@samwaniskrezi nprobe does not collect MAC addresses even if they are exported (I doubt they are exported). Shall you be interested please file an issue https://github.com/ntop/nProbe/issues