I am trying to have a traffic and bandwidth analysis setup for my home's local network. I have nProbe running on my ERL. How do I have nProbe report the post NAT (i.e. after translation) IP address for the flows? I will be including my configuration file below. The eth1 interface is where my pppoe interface is.
--collector none --interface eth1 --verbose 0 -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %L4_DST_PORT %L4_SRC_PORT %IN_BYTES %FIRST_SWITCHED %LAST_SWITCHED %PROTOCOL %IPV4_SRC_MASK %IPV4_DST_MASK %IN_SRC_MAC %OUT_DST_MAC %TCP_FLAGS %CLIENT_NW_LATENCY_MS %SERVER_NW_LATENCY_MS %APPL_LATENCY_MS %L7_PROTO %L7_PROTO_NAME" --local-networks 10.39.0.0/21 --redis db01.internal.navarro.space --account-l2 --host --tcp "gwaihir.internal.navarro.space:5656" --json-labels Using the above configuration file, some flows are using the translated IP addresses as the IPV4_(SRC/DST_ADDR); but there are more flows that have their IP addresses set as my WAN IP. As a test, I streamed a YouTube video on my desktop PC. All flows that were logged to my ELK setup with a filter of L7_PROTO_NAME:(http.youtube or ssl.youtube) were pointing to my router's WAN IP. For all BitTorrent traffic however, some flows have the IP address for my VM running the torrent client; but a lot more of them still have the router's WAN IP.
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
