Mailing List Archive

IPv6 flow
Hello,

This is my settings but didn't get IPv6(IPv4 works fine) flow

nprobe.conf
--zmq="tcp://*:5551"
-i=none
-n=none
--collector-port=2055
-V=9
-T="%EXPORTER_IPV4_ADDRESS %EXPORTER_IPV6_ADDRESS %IP_PROTOCOL_VERSION
%IPV4_SRC_ADDR %IPV6_SRC_ADDR %IPV4_DST_ADDR %IPV6_DST_ADDR
%IPV4_NEXT_HOP %IPV6_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS
%IN_BYTES
%FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS
%PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_MASK
%IPV4_DST_MASK %IPV6_DST_MASK"

ntopng.conf
-i="tcp://127.0.0.1:5551"
-i="tcp://127.0.0.1:5552"
-G=/var/run/ntopng.pid
-m=192.168.0.0/24
-m=172.16.0.0/16


Anything missed here ?

Thanks in Advanced.

--
Sincerely,
Joni Lee
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: IPv6 flow [ In reply to ]
Hi,

thanks for pointing this out and count me in, as mine stopped working
too. My configs:

NPROBE 1 - version: 8.3.180129-6049

--zmq="tcp://127.0.0.1:5556"
--collector-port=4711
-n=none
-i=none
--pid-file=/var/run/nprobe-rh.pid
-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP
%OUTPUT_SNMP %IN_PKTS %IN_BYTES %FLOW_START_MILLISECONDS
%FLOW_END_MILLISECONDS %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL
%SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_ADDR %IPV6_DST_ADDR
%IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %FIRST_SWITCHED
%LAST_SWITCHED %EXPORTER_IPV4_ADDRESS"
--online-license-check

NPROBE 2 - version: 8.3.180129-6049

--zmq="tcp://127.0.0.1:5557"
--collector-port=4712
-n=none
-i=none
--pid-file=/var/run/nprobe-tk.pid
-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP
%OUTPUT_SNMP %IN_PKTS %IN_BYTES %FLOW_START_MILLISECONDS
%FLOW_END_MILLISECONDS %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL
%SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_ADDR %IPV6_DST_ADDR
%IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %FIRST_SWITCHED
%LAST_SWITCHED %EXPORTER_IPV4_ADDRESS"
--online-license-check

NTOPNG - version: 3.3.180129-4062

-G=/var/run/ntopng.pid
--interface="tcp://127.0.0.1:5556"
--interface="tcp://127.0.0.1:5557"
-F="mysql;localhost;ntop;flows;ntop;ntop"
-m="XX.XXX.XXX.XXX,YY.YYY.YYY.YYY/29,ZZZ.ZZZ.ZZZ.Z/24,AAAA:BBBB:CCCC:1::2/64,EEEE:FFFF:AAAA:2::252/64,BBBB:CCCC:DDDD:3::1/64"
-D=all
-p="/etc/ntopng/protos.txt"
--online-license-check


Next Issue: In the Debian packages there is a dependency issue. The
current versions could not be installed.

pfring-dkms : depends on: pfring (= 7.1.0-1734) but 7.1.0-1736 is installed

Matthias



Am 10.02.2018 um 12:31 schrieb Joni Lee:
> Hello,
>
> This is my settings but didn't get IPv6(IPv4 works fine) flow
>
> nprobe.conf
> --zmq="tcp://*:5551"
> -i=none
> -n=none
> --collector-port=2055
> -V=9
> -T="%EXPORTER_IPV4_ADDRESS %EXPORTER_IPV6_ADDRESS %IP_PROTOCOL_VERSION
> %IPV4_SRC_ADDR %IPV6_SRC_ADDR %IPV4_DST_ADDR %IPV6_DST_ADDR
> %IPV4_NEXT_HOP %IPV6_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES
>  %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS
> %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_MASK
> %IPV4_DST_MASK %IPV6_DST_MASK"
>
> ntopng.conf
> -i="tcp://127.0.0.1:5551"
> -i="tcp://127.0.0.1:5552"
> -G=/var/run/ntopng.pid
> -m=192.168.0.0/24
> -m=172.16.0.0/16
>
>
> Anything missed here ?
>
> Thanks in Advanced.
>



--

MHC SoftWare GmbH
Fichtera 17
96274 Itzgrund/Germany

voice: +49-(0)9533-92006-0
fax: +49-(0)9533-92006-6
e-mail: info@mhcsoftware.de

HR Coburg: B2242
Geschaeftsfuehrer: Matthias Henze



_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: IPv6 flow [ In reply to ]
Can you guys generate and send privately/upload a NetFlow pcap that contains both template and data records for IPv4 and IPv6? I want to try and reproduce.

Thanks,

Simone

> On 10 Feb 2018, at 12:52, Matthias Henze <lists@mhcsoftware.de> wrote:
>
> Hi,
>
> thanks for pointing this out and count me in, as mine stopped working too. My configs:
>
> NPROBE 1 - version: 8.3.180129-6049
>
> --zmq="tcp://127.0.0.1:5556 <tcp://127.0.0.1:5556>"
> --collector-port=4711
> -n=none
> -i=none
> --pid-file=/var/run/nprobe-rh.pid
> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %FIRST_SWITCHED %LAST_SWITCHED %EXPORTER_IPV4_ADDRESS"
> --online-license-check
>
> NPROBE 2 - version: 8.3.180129-6049
>
> --zmq="tcp://127.0.0.1:5557 <tcp://127.0.0.1:5557>"
> --collector-port=4712
> -n=none
> -i=none
> --pid-file=/var/run/nprobe-tk.pid
> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %FIRST_SWITCHED %LAST_SWITCHED %EXPORTER_IPV4_ADDRESS"
> --online-license-check
>
> NTOPNG - version: 3.3.180129-4062
>
> -G=/var/run/ntopng.pid
> --interface="tcp://127.0.0.1:5556 <tcp://127.0.0.1:5556>"
> --interface="tcp://127.0.0.1:5557 <tcp://127.0.0.1:5557>"
> -F="mysql;localhost;ntop;flows;ntop;ntop"
> -m="XX.XXX.XXX.XXX,YY.YYY.YYY.YYY/29,ZZZ.ZZZ.ZZZ.Z/24,AAAA:BBBB:CCCC:1::2/64,EEEE:FFFF:AAAA:2::252/64,BBBB:CCCC:DDDD:3::1/64"
> -D=all
> -p="/etc/ntopng/protos.txt"
> --online-license-check
>
>
> Next Issue: In the Debian packages there is a dependency issue. The current versions could not be installed.
>
> pfring-dkms : depends on: pfring (= 7.1.0-1734) but 7.1.0-1736 is installed
>
> Matthias
>
>
>
> Am 10.02.2018 um 12:31 schrieb Joni Lee:
>> Hello,
>> This is my settings but didn't get IPv6(IPv4 works fine) flow
>> nprobe.conf
>> --zmq="tcp://*:5551"
>> -i=none
>> -n=none
>> --collector-port=2055
>> -V=9
>> -T="%EXPORTER_IPV4_ADDRESS %EXPORTER_IPV6_ADDRESS %IP_PROTOCOL_VERSION %IPV4_SRC_ADDR %IPV6_SRC_ADDR %IPV4_DST_ADDR %IPV6_DST_ADDR %IPV4_NEXT_HOP %IPV6_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES
>> %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_MASK %IPV4_DST_MASK %IPV6_DST_MASK"
>> ntopng.conf
>> -i="tcp://127.0.0.1:5551"
>> -i="tcp://127.0.0.1:5552"
>> -G=/var/run/ntopng.pid
>> -m=192.168.0.0/24
>> -m=172.16.0.0/16
>> Anything missed here ?
>> Thanks in Advanced.
>
>
>
> --
>
> MHC SoftWare GmbH
> Fichtera 17
> 96274 Itzgrund/Germany
> voice: +49-(0)9533-92006-0
> fax: +49-(0)9533-92006-6
> e-mail: info@mhcsoftware.de <mailto:info@mhcsoftware.de>
>
> HR Coburg: B2242
> Geschaeftsfuehrer: Matthias Henze
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
Re: IPv6 flow [ In reply to ]
Can you guys generate and send privately/upload a NetFlow pcap that contains both template and data records for IPv4 and IPv6? I want to try and reproduce.

Thanks,

Simone

> On 10 Feb 2018, at 12:52, Matthias Henze <lists@mhcsoftware.de> wrote:
>
> Hi,
>
> thanks for pointing this out and count me in, as mine stopped working too. My configs:
>
> NPROBE 1 - version: 8.3.180129-6049
>
> --zmq="tcp://127.0.0.1:5556 <tcp://127.0.0.1:5556>"
> --collector-port=4711
> -n=none
> -i=none
> --pid-file=/var/run/nprobe-rh.pid
> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %FIRST_SWITCHED %LAST_SWITCHED %EXPORTER_IPV4_ADDRESS"
> --online-license-check
>
> NPROBE 2 - version: 8.3.180129-6049
>
> --zmq="tcp://127.0.0.1:5557 <tcp://127.0.0.1:5557>"
> --collector-port=4712
> -n=none
> -i=none
> --pid-file=/var/run/nprobe-tk.pid
> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %FIRST_SWITCHED %LAST_SWITCHED %EXPORTER_IPV4_ADDRESS"
> --online-license-check
>
> NTOPNG - version: 3.3.180129-4062
>
> -G=/var/run/ntopng.pid
> --interface="tcp://127.0.0.1:5556 <tcp://127.0.0.1:5556>"
> --interface="tcp://127.0.0.1:5557 <tcp://127.0.0.1:5557>"
> -F="mysql;localhost;ntop;flows;ntop;ntop"
> -m="XX.XXX.XXX.XXX,YY.YYY.YYY.YYY/29,ZZZ.ZZZ.ZZZ.Z/24,AAAA:BBBB:CCCC:1::2/64,EEEE:FFFF:AAAA:2::252/64,BBBB:CCCC:DDDD:3::1/64"
> -D=all
> -p="/etc/ntopng/protos.txt"
> --online-license-check
>
>
> Next Issue: In the Debian packages there is a dependency issue. The current versions could not be installed.
>
> pfring-dkms : depends on: pfring (= 7.1.0-1734) but 7.1.0-1736 is installed
>
> Matthias
>
>
>
> Am 10.02.2018 um 12:31 schrieb Joni Lee:
>> Hello,
>> This is my settings but didn't get IPv6(IPv4 works fine) flow
>> nprobe.conf
>> --zmq="tcp://*:5551"
>> -i=none
>> -n=none
>> --collector-port=2055
>> -V=9
>> -T="%EXPORTER_IPV4_ADDRESS %EXPORTER_IPV6_ADDRESS %IP_PROTOCOL_VERSION %IPV4_SRC_ADDR %IPV6_SRC_ADDR %IPV4_DST_ADDR %IPV6_DST_ADDR %IPV4_NEXT_HOP %IPV6_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES
>> %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_MASK %IPV4_DST_MASK %IPV6_DST_MASK"
>> ntopng.conf
>> -i="tcp://127.0.0.1:5551"
>> -i="tcp://127.0.0.1:5552"
>> -G=/var/run/ntopng.pid
>> -m=192.168.0.0/24
>> -m=172.16.0.0/16
>> Anything missed here ?
>> Thanks in Advanced.
>
>
>
> --
>
> MHC SoftWare GmbH
> Fichtera 17
> 96274 Itzgrund/Germany
> voice: +49-(0)9533-92006-0
> fax: +49-(0)9533-92006-6
> e-mail: info@mhcsoftware.de <mailto:info@mhcsoftware.de>
>
> HR Coburg: B2242
> Geschaeftsfuehrer: Matthias Henze
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
Re: IPv6 flow [ In reply to ]
Hi Simone,

I just don't remember how to do this.

BTW: For me this used to work and stopped with one update. I don't know
which as I do not use Ntop to frequently.

What about the Debian dependency problem?

TIA
Matthias

Am 10.02.2018 um 13:42 schrieb Simone Mainardi:
> Can you guys generate and send privately/upload a NetFlow pcap that
> contains both template and data records for IPv4 and IPv6? I want to try
> and reproduce.
>
> Thanks,
>
> Simone
>
>> On 10 Feb 2018, at 12:52, Matthias Henze <lists@mhcsoftware.de
>> <mailto:lists@mhcsoftware.de>> wrote:
>>
>> Hi,
>>
>> thanks for pointing this out and count me in, as mine stopped working
>> too. My configs:
>>
>> NPROBE 1 - version: 8.3.180129-6049
>>
>> --zmq="tcp://127.0.0.1:5556"
>> --collector-port=4711
>> -n=none
>> -i=none
>> --pid-file=/var/run/nprobe-rh.pid
>> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP
>> %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FLOW_START_MILLISECONDS
>> %FLOW_END_MILLISECONDS %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL
>> %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_ADDR %IPV6_DST_ADDR
>> %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %FIRST_SWITCHED
>> %LAST_SWITCHED %EXPORTER_IPV4_ADDRESS"
>> --online-license-check
>>
>> NPROBE 2 - version: 8.3.180129-6049
>>
>> --zmq="tcp://127.0.0.1:5557"
>> --collector-port=4712
>> -n=none
>> -i=none
>> --pid-file=/var/run/nprobe-tk.pid
>> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP
>> %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FLOW_START_MILLISECONDS
>> %FLOW_END_MILLISECONDS %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL
>> %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_ADDR %IPV6_DST_ADDR
>> %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %FIRST_SWITCHED
>> %LAST_SWITCHED %EXPORTER_IPV4_ADDRESS"
>> --online-license-check
>>
>> NTOPNG - version: 3.3.180129-4062
>>
>> -G=/var/run/ntopng.pid
>> --interface="tcp://127.0.0.1:5556"
>> --interface="tcp://127.0.0.1:5557"
>> -F="mysql;localhost;ntop;flows;ntop;ntop"
>> -m="XX.XXX.XXX.XXX,YY.YYY.YYY.YYY/29,ZZZ.ZZZ.ZZZ.Z/24,AAAA:BBBB:CCCC:1::2/64,EEEE:FFFF:AAAA:2::252/64,BBBB:CCCC:DDDD:3::1/64"
>> -D=all
>> -p="/etc/ntopng/protos.txt"
>> --online-license-check
>>
>>
>> Next Issue: In the Debian packages there is a dependency issue. The
>> current versions could not be installed.
>>
>> pfring-dkms : depends on: pfring (= 7.1.0-1734) but 7.1.0-1736 is
>> installed
>>
>> Matthias
>>
>>
>>
>> Am 10.02.2018 um 12:31 schrieb Joni Lee:
>>> Hello,
>>> This is my settings but didn't get IPv6(IPv4 works fine) flow
>>> nprobe.conf
>>> --zmq="tcp://*:5551"
>>> -i=none
>>> -n=none
>>> --collector-port=2055
>>> -V=9
>>> -T="%EXPORTER_IPV4_ADDRESS %EXPORTER_IPV6_ADDRESS
>>> %IP_PROTOCOL_VERSION %IPV4_SRC_ADDR %IPV6_SRC_ADDR %IPV4_DST_ADDR
>>> %IPV6_DST_ADDR %IPV4_NEXT_HOP %IPV6_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP
>>> %IN_PKTS %IN_BYTES
>>>  %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS
>>> %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_MASK
>>> %IPV4_DST_MASK %IPV6_DST_MASK"
>>> ntopng.conf
>>> -i="tcp://127.0.0.1:5551"
>>> -i="tcp://127.0.0.1:5552"
>>> -G=/var/run/ntopng.pid
>>> -m=192.168.0.0/24
>>> -m=172.16.0.0/16
>>> Anything missed here ?
>>> Thanks in Advanced.
>>
>>
>>
>> --
>>
>> MHC SoftWare GmbH
>> Fichtera 17
>> 96274 Itzgrund/Germany
>> voice: +49-(0)9533-92006-0
>> fax: +49-(0)9533-92006-6
>> e-mail:info@mhcsoftware.de <mailto:info@mhcsoftware.de>
>>
>> HR Coburg: B2242
>> Geschaeftsfuehrer: Matthias Henze
>>
>>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>



--

MHC SoftWare GmbH
Fichtera 17
96274 Itzgrund/Germany

voice: +49-(0)9533-92006-0
fax: +49-(0)9533-92006-6
e-mail: info@mhcsoftware.de

HR Coburg: B2242
Geschaeftsfuehrer: Matthias Henze



_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: IPv6 flow [ In reply to ]
Stop - for me it works. I've just watched the wrong interface witch no
IPv6 traffic - sorry for the noise.

There is only the Debian dependency problem left.



Am 10.02.2018 um 14:14 schrieb Matthias Henze:
> Hi Simone,
>
> I just don't remember how to do this.
>
> BTW: For me this used to work and stopped with one update. I don't know
> which as I do not use Ntop to frequently.
>
> What about the Debian dependency problem?
>
> TIA
> Matthias
>
> Am 10.02.2018 um 13:42 schrieb Simone Mainardi:
>> Can you guys generate and send privately/upload a NetFlow pcap that
>> contains both template and data records for IPv4 and IPv6? I want to
>> try and reproduce.
>>
>> Thanks,
>>
>> Simone
>>
>>> On 10 Feb 2018, at 12:52, Matthias Henze <lists@mhcsoftware.de
>>> <mailto:lists@mhcsoftware.de>> wrote:
>>>
>>> Hi,
>>>
>>> thanks for pointing this out and count me in, as mine stopped working
>>> too. My configs:
>>>
>>> NPROBE 1 - version: 8.3.180129-6049
>>>
>>> --zmq="tcp://127.0.0.1:5556"
>>> --collector-port=4711
>>> -n=none
>>> -i=none
>>> --pid-file=/var/run/nprobe-rh.pid
>>> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP
>>> %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FLOW_START_MILLISECONDS
>>> %FLOW_END_MILLISECONDS %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL
>>> %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_ADDR %IPV6_DST_ADDR
>>> %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %FIRST_SWITCHED
>>> %LAST_SWITCHED %EXPORTER_IPV4_ADDRESS"
>>> --online-license-check
>>>
>>> NPROBE 2 - version: 8.3.180129-6049
>>>
>>> --zmq="tcp://127.0.0.1:5557"
>>> --collector-port=4712
>>> -n=none
>>> -i=none
>>> --pid-file=/var/run/nprobe-tk.pid
>>> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP
>>> %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FLOW_START_MILLISECONDS
>>> %FLOW_END_MILLISECONDS %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL
>>> %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_ADDR %IPV6_DST_ADDR
>>> %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %FIRST_SWITCHED
>>> %LAST_SWITCHED %EXPORTER_IPV4_ADDRESS"
>>> --online-license-check
>>>
>>> NTOPNG - version: 3.3.180129-4062
>>>
>>> -G=/var/run/ntopng.pid
>>> --interface="tcp://127.0.0.1:5556"
>>> --interface="tcp://127.0.0.1:5557"
>>> -F="mysql;localhost;ntop;flows;ntop;ntop"
>>> -m="XX.XXX.XXX.XXX,YY.YYY.YYY.YYY/29,ZZZ.ZZZ.ZZZ.Z/24,AAAA:BBBB:CCCC:1::2/64,EEEE:FFFF:AAAA:2::252/64,BBBB:CCCC:DDDD:3::1/64"
>>>
>>> -D=all
>>> -p="/etc/ntopng/protos.txt"
>>> --online-license-check
>>>
>>>
>>> Next Issue: In the Debian packages there is a dependency issue. The
>>> current versions could not be installed.
>>>
>>> pfring-dkms : depends on: pfring (= 7.1.0-1734) but 7.1.0-1736 is
>>> installed
>>>
>>> Matthias
>>>
>>>
>>>
>>> Am 10.02.2018 um 12:31 schrieb Joni Lee:
>>>> Hello,
>>>> This is my settings but didn't get IPv6(IPv4 works fine) flow
>>>> nprobe.conf
>>>> --zmq="tcp://*:5551"
>>>> -i=none
>>>> -n=none
>>>> --collector-port=2055
>>>> -V=9
>>>> -T="%EXPORTER_IPV4_ADDRESS %EXPORTER_IPV6_ADDRESS
>>>> %IP_PROTOCOL_VERSION %IPV4_SRC_ADDR %IPV6_SRC_ADDR %IPV4_DST_ADDR
>>>> %IPV6_DST_ADDR %IPV4_NEXT_HOP %IPV6_NEXT_HOP %INPUT_SNMP
>>>> %OUTPUT_SNMP %IN_PKTS %IN_BYTES
>>>>  %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS
>>>> %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV6_SRC_MASK
>>>> %IPV4_DST_MASK %IPV6_DST_MASK"
>>>> ntopng.conf
>>>> -i="tcp://127.0.0.1:5551"
>>>> -i="tcp://127.0.0.1:5552"
>>>> -G=/var/run/ntopng.pid
>>>> -m=192.168.0.0/24
>>>> -m=172.16.0.0/16
>>>> Anything missed here ?
>>>> Thanks in Advanced.
>>>
>>>
>>>
>>> --
>>>
>>> MHC SoftWare GmbH
>>> Fichtera 17
>>> 96274 Itzgrund/Germany
>>> voice: +49-(0)9533-92006-0
>>> fax: +49-(0)9533-92006-6
>>> e-mail:info@mhcsoftware.de <mailto:info@mhcsoftware.de>
>>>
>>> HR Coburg: B2242
>>> Geschaeftsfuehrer: Matthias Henze
>>>
>>>
>>>
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>
>
>



--

MHC SoftWare GmbH
Fichtera 17
96274 Itzgrund/Germany

voice: +49-(0)9533-92006-0
fax: +49-(0)9533-92006-6
e-mail: info@mhcsoftware.de

HR Coburg: B2242
Geschaeftsfuehrer: Matthias Henze



_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: IPv6 flow [ In reply to ]
On 2018-02-10 20:42, Simone Mainardi wrote:
> Can you guys generate and send privately/upload a NetFlow pcap that
> contains both template and data records for IPv4 and IPv6? I want to
> try and reproduce.

I already sent it to your private mail Simone

Thanks

--
Sincerely,
Joni Lee
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: IPv6 flow [ In reply to ]
Joni, please check again I haven't received anything yet.



> On 12 Feb 2018, at 16:03, Joni Lee <nokoya@hostinginside.com> wrote:
>
> On 2018-02-10 20:42, Simone Mainardi wrote:
>> Can you guys generate and send privately/upload a NetFlow pcap that
>> contains both template and data records for IPv4 and IPv6? I want to
>> try and reproduce.
>
> I already sent it to your private mail Simone
>
> Thanks
>
> --
> Sincerely,
> Joni Lee
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: IPv6 flow [ In reply to ]
Sent just now.

--
Sincerely,
Joni Lee
Office: +886(4)2311-7977
Mobile: +886-970-576-524
HostingInside LTD. / ???????? / AS134522
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: IPv6 flow [ In reply to ]
Joni,

The template has ipv6 source and destination addresses but none of the flows sent as data records has a non-zero value for either the source or the destination IPv6 address. They are all valid IPv4 flows.

You can verify that on your own with the following wireshark filter against your pcap. It will give you empty results:



You should check that.

Simone

> On 12 Feb 2018, at 16:25, Joni Lee <nokoya@hostinginside.com> wrote:
>
> Sent just now.
>
> --
> Sincerely,
> Joni Lee
> Office: +886(4)2311-7977
> Mobile: +886-970-576-524
> HostingInside LTD. / ???????? / AS134522
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop