Hi Luca, Thank you for the information. I misunderstood the capabilities of the Windows version of nProbe. I have asked ntop if there is a way to swap out licenses and move forward with the Linux version instead.
Thank you, Daniel From: [email protected] [mailto:[email protected]] On Behalf Of Luca Deri Sent: Tuesday, March 31, 2015 5:24 AM To: [email protected] Subject: Re: [Ntop-misc] nprobe and Netflow-Lite configuration On 03/31/2015 02:44 AM, Lewton, Daniel A wrote: Hello! This is my first post to this list. I recently purchased the Windows version of nprobe with the understanding that it can receive Netflow-lite flows from a Cisco 4948 and forward them to another collector in Netflow v9 format. I have had some mild success getting the flows forwarded but it appears that not much data is getting sent. I don't see any interface data from our switch. And looking at wireshark it seems that all the packets show the nprobe server as the source, instead of the switch. Is there a way to make the nprobe server "invisible" to the collector? And second, is it possible to see things like ingress and egress interfaces as well as type of traffic and host? Hi Daniel 1. We can spoof the switch IP only on the Linux/Unix version 2. The interface id should be parsed by nprobe when receiving NFlite flows, as well host. As of the traffic (do you mean DPI?) using sampled traffic it is hard to do (perhaps just on UDP). Regards Luca Thank you in advance for any insight you can provide! Dan _______________________________________________ Ntop-misc mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
