luminous706
commented
3 years ago Nevermind, just found out I was missing some routes so it would drop the packets form those exporters...
Closed luminous706 closed 3 years ago
luminous706
commented
3 years ago Nevermind, just found out I was missing some routes so it would drop the packets form those exporters...
I receive Netflow from multiple source IPs, I can see them being received in tcpdump/wireshark. But when I forward them using Samplicator to an external collector, only one source IP is kept for all the flows.
For example, I receive flows from the following IPs:
192.168.1.1 192.168.2.1 192.168.3.1 192.168.4.1
When forwarded using Samplicator to my external tool (nfcapd and ELK), all of the flows show source IP (exporter IP) to be 192.168.1.1.
Does Samplicator spoof the source IPs dynamically or does it "remembers" the first it sees? How can I fix this behaviour so each packet has its proper source IP?
Thanks!