On 03/31/2015 02:44 AM, Lewton, Daniel A wrote: > > Hello! This is my first post to this list. > > > > I recently purchased the Windows version of nprobe with the > understanding that it can receive Netflow-lite flows from a Cisco 4948 > and forward them to another collector in Netflow v9 format. I have > had some mild success getting the flows forwarded but it appears that > not much data is getting sent. I don’t see any interface data from > our switch. And looking at wireshark it seems that all the packets > show the nprobe server as the source, instead of the switch. Is there > a way to make the nprobe server “invisible” to the collector? And > second, is it possible to see things like ingress and egress > interfaces as well as type of traffic and host? >
Hi Daniel 1. We can spoof the switch IP only on the Linux/Unix version 2. The interface id should be parsed by nprobe when receiving NFlite flows, as well host. As of the traffic (do you mean DPI?) using sampled traffic it is hard to do (perhaps just on UDP). Regards Luca > > > > Thank you in advance for any insight you can provide! > Dan > > > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
