Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NTop>
  3. Misc
spoofing source IP
nitzan.tzelniker at gmail
Oct 17, 2016, 6:12 AM
Post #1 of 2 (713 views)
Permalink
Hi,

I am using nprobe to convert from sflow to netflow v9 and send it to
logstash.
I am facing a problem with the fact that logstash see all flows from
127.0.0.1 and I cant identify the source host for the sflow data.
I know I can run multiple nprobe process with diffarent ports but I dont
want to go this way.

Is there any way to export the flows with a spoofed source IP of the sflow
source or add a field that include the source host

Thanks

Nitzan
Re: spoofing source IP [ In reply to ]
nitzan.tzelniker at gmail
Oct 17, 2016, 11:01 AM
Post #2 of 2 (705 views)
Permalink
I found a solution to send the expoter_ipv4_address that include the
original source but I hit a bug as the ip address is reverse (If the sflow
exporter is 1.2.3.4 the expoter_ipv4_address is 4.3.2.1 )

Thanks

Nitzan

On Mon, Oct 17, 2016 at 4:12 PM, Nitzan Tzelniker <
nitzan.tzelniker@gmail.com> wrote:

> Hi,
>
> I am using nprobe to convert from sflow to netflow v9 and send it to
> logstash.
> I am facing a problem with the fact that logstash see all flows from
> 127.0.0.1 and I cant identify the source host for the sflow data.
> I know I can run multiple nprobe process with diffarent ports but I dont
> want to go this way.
>
> Is there any way to export the flows with a spoofed source IP of the sflow
> source or add a field that include the source host
>
> Thanks
>
> Nitzan
>
>
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal