I receive Netflow from multiple source IPs, I can see them being received in tcpdump/wireshark. But when I forward them using Samplicator to an external collector, only one source IP is kept for all the flows.
For example, I receive flows from the following IPs:
192.168.1.1
192.168.2.1
192.168.3.1
192.168.4.1
When forwarded using Samplicator to my external tool (nfcapd and ELK), all of the flows show source IP (exporter IP) to be 192.168.1.1.
Does Samplicator spoof the source IPs dynamically or does it "remembers" the first it sees? How can I fix this behaviour so each packet has its proper source IP?
I receive Netflow from multiple source IPs, I can see them being received in tcpdump/wireshark. But when I forward them using Samplicator to an external collector, only one source IP is kept for all the flows.
For example, I receive flows from the following IPs:
192.168.1.1 192.168.2.1 192.168.3.1 192.168.4.1
When forwarded using Samplicator to my external tool (nfcapd and ELK), all of the flows show source IP (exporter IP) to be 192.168.1.1.
Does Samplicator spoof the source IPs dynamically or does it "remembers" the first it sees? How can I fix this behaviour so each packet has its proper source IP?
Thanks!