I am trying to have a traffic and bandwidth analysis setup for my home's
local network. I have nProbe running on my ERL. How do I have nProbe report
the post NAT (i.e. after translation) IP address for the flows? I will be
including my configuration file below. The eth1 interface is where my pppoe
interface is.
--collector none
--interface eth1
--verbose 0
-T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP
%IN_PKTS %L4_DST_PORT %L4_SRC_PORT %IN_BYTES %FIRST_SWITCHED %LAST_SWITCHED
%PROTOCOL %IPV4_SRC_MASK %IPV4_DST_MASK %IN_SRC_MAC %OUT_DST_MAC %TCP_FLAGS
%CLIENT_NW_LATENCY_MS %SERVER_NW_LATENCY_MS %APPL_LATENCY_MS %L7_PROTO
%L7_PROTO_NAME"
--local-networks 10.39.0.0/21
--redis db01.internal.navarro.space
--account-l2
--host
--tcp "gwaihir.internal.navarro.space:5656"
--json-labels
Using the above configuration file, some flows are using the translated IP
addresses as the IPV4_(SRC/DST_ADDR); but there are more flows that have
their IP addresses set as my WAN IP.
As a test, I streamed a YouTube video on my desktop PC. All flows that were
logged to my ELK setup with a filter of L7_PROTO_NAME:(http.youtube or
ssl.youtube) were pointing to my router's WAN IP.
For all BitTorrent traffic however, some flows have the IP address for my
VM running the torrent client; but a lot more of them still have the
router's WAN IP.
local network. I have nProbe running on my ERL. How do I have nProbe report
the post NAT (i.e. after translation) IP address for the flows? I will be
including my configuration file below. The eth1 interface is where my pppoe
interface is.
--collector none
--interface eth1
--verbose 0
-T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP
%IN_PKTS %L4_DST_PORT %L4_SRC_PORT %IN_BYTES %FIRST_SWITCHED %LAST_SWITCHED
%PROTOCOL %IPV4_SRC_MASK %IPV4_DST_MASK %IN_SRC_MAC %OUT_DST_MAC %TCP_FLAGS
%CLIENT_NW_LATENCY_MS %SERVER_NW_LATENCY_MS %APPL_LATENCY_MS %L7_PROTO
%L7_PROTO_NAME"
--local-networks 10.39.0.0/21
--redis db01.internal.navarro.space
--account-l2
--host
--tcp "gwaihir.internal.navarro.space:5656"
--json-labels
Using the above configuration file, some flows are using the translated IP
addresses as the IPV4_(SRC/DST_ADDR); but there are more flows that have
their IP addresses set as my WAN IP.
As a test, I streamed a YouTube video on my desktop PC. All flows that were
logged to my ELK setup with a filter of L7_PROTO_NAME:(http.youtube or
ssl.youtube) were pointing to my router's WAN IP.
For all BitTorrent traffic however, some flows have the IP address for my
VM running the torrent client; but a lot more of them still have the
router's WAN IP.