Mailing List Archive

Ignore asymmetric VLAN tags in ntopng
Hi,

In my current port mirroring setup I'm struggling with asymmetric VLAN
tagging in the mirrored traffic. All outgoing packets are VLAN tagged, but
incoming packets are untagged. This confuses ntopng, of course, since a
communicating host is registered twice, see below:

192.168.140.20 (incoming packets)
192.168.140.20@1002 (outgoing packets)

Is there any way to let ntopng or nProbe ignore the VLAN tags completely,
to be able to merge the incoming and outgoing data streams? If not, is
there any way to solve this on the Linux host instead?

Regards,
Markus Einarsson
Re: Ignore asymmetric VLAN tags in ntopng [ In reply to ]
Yes, you can tell nProbe to ignore VLAN tags. See nProbe option -p.

Simone

> On 5 Jan 2018, at 19:56, Markus Einarsson <markus@einarsson.org> wrote:
>
> Hi,
>
> In my current port mirroring setup I'm struggling with asymmetric VLAN tagging in the mirrored traffic. All outgoing packets are VLAN tagged, but incoming packets are untagged. This confuses ntopng, of course, since a communicating host is registered twice, see below:
>
> 192.168.140.20 (incoming packets)
> 192.168.140.20@1002 (outgoing packets)
>
> Is there any way to let ntopng or nProbe ignore the VLAN tags completely, to be able to merge the incoming and outgoing data streams? If not, is there any way to solve this on the Linux host instead?
>
> Regards,
> Markus Einarsson
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: Ignore asymmetric VLAN tags in ntopng [ In reply to ]
Yes, you can tell nProbe to ignore VLAN tags. See nProbe option -p.

Simone

> On 5 Jan 2018, at 19:56, Markus Einarsson <markus@einarsson.org> wrote:
>
> Hi,
>
> In my current port mirroring setup I'm struggling with asymmetric VLAN tagging in the mirrored traffic. All outgoing packets are VLAN tagged, but incoming packets are untagged. This confuses ntopng, of course, since a communicating host is registered twice, see below:
>
> 192.168.140.20 (incoming packets)
> 192.168.140.20@1002 (outgoing packets)
>
> Is there any way to let ntopng or nProbe ignore the VLAN tags completely, to be able to merge the incoming and outgoing data streams? If not, is there any way to solve this on the Linux host instead?
>
> Regards,
> Markus Einarsson
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: Ignore asymmetric VLAN tags in ntopng [ In reply to ]
Markus
Please see the -p option

Regards Luca

> On 5 Jan 2018, at 19:56, Markus Einarsson <markus@einarsson.org> wrote:
>
> Hi,
>
> In my current port mirroring setup I'm struggling with asymmetric VLAN tagging in the mirrored traffic. All outgoing packets are VLAN tagged, but incoming packets are untagged. This confuses ntopng, of course, since a communicating host is registered twice, see below:
>
> 192.168.140.20 (incoming packets)
> 192.168.140.20@1002 (outgoing packets)
>
> Is there any way to let ntopng or nProbe ignore the VLAN tags completely, to be able to merge the incoming and outgoing data streams? If not, is there any way to solve this on the Linux host instead?
>
> Regards,
> Markus Einarsson
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: Ignore asymmetric VLAN tags in ntopng [ In reply to ]
Markus
Please see the -p option

Regards Luca

> On 5 Jan 2018, at 19:56, Markus Einarsson <markus@einarsson.org> wrote:
>
> Hi,
>
> In my current port mirroring setup I'm struggling with asymmetric VLAN tagging in the mirrored traffic. All outgoing packets are VLAN tagged, but incoming packets are untagged. This confuses ntopng, of course, since a communicating host is registered twice, see below:
>
> 192.168.140.20 (incoming packets)
> 192.168.140.20@1002 (outgoing packets)
>
> Is there any way to let ntopng or nProbe ignore the VLAN tags completely, to be able to merge the incoming and outgoing data streams? If not, is there any way to solve this on the Linux host instead?
>
> Regards,
> Markus Einarsson
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop