Mailing List Archive

Mar 1, 2018, 11:35 AM

Post #2 of 21 (3429 views)

ntopng decapsulates GRE tunnels by default. nprobe needs the following option to account for decapsulated traffic:

[--tunnel|-5] | Compute flows on tunnelled traffic rather than
| on the external envelope

Simone

> On 28 Feb 2018, at 18:28, Rokkhan <rokkhan@gmail.com> wrote:
>
> Hi,
>
> I am sending traffic to one of the ntop interfaces with ERSPAN but traffic info shows application as "GRE".
>
> ¿Coudl it be configured to inspect the traffic inside the ERSPAN and show the real application?
>
> Saludos.
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: Ntop and ERSPAN [ In reply to ]

Mar 1, 2018, 11:35 AM

Post #3 of 21 (3429 views)

Re: Ntop and ERSPAN [ In reply to ]

Mar 1, 2018, 11:40 AM

Post #4 of 21 (3429 views)

Hi,
I am using ntopng and it shows traffic flows as gre, instead of the real
traffic.
Do i have to enable any option?
Greetings

El 1 mar. 2018 20:35, "Simone Mainardi" <mainardi@ntop.org> escribió:

> ntopng decapsulates GRE tunnels by default. nprobe needs the following
> option to account for decapsulated traffic:
>
> [--tunnel|-5] | Compute flows on tunnelled traffic
> rather than
> | on the external envelope
>
>
> Simone
>
> > On 28 Feb 2018, at 18:28, Rokkhan <rokkhan@gmail.com> wrote:
> >
> > Hi,
> >
> > I am sending traffic to one of the ntop interfaces with ERSPAN but
> traffic info shows application as "GRE".
> >
> > ¿Coudl it be configured to inspect the traffic inside the ERSPAN and
> show the real application?
> >
> > Saludos.
> > _______________________________________________
> > Ntop mailing list
> > Ntop@listgateway.unipi.it
> > http://listgateway.unipi.it/mailman/listinfo/ntop
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Re: Ntop and ERSPAN [ In reply to ]

Mar 1, 2018, 11:40 AM

Post #5 of 21 (3429 views)

Re: Ntop and ERSPAN [ In reply to ]

Mar 1, 2018, 11:54 AM

Post #6 of 21 (3429 views)

As you can see from https://github.com/ntop/ntopng/blob/dev/src/NetworkInterface.cpp#L1521 <https://github.com/ntop/ntopng/blob/dev/src/NetworkInterface.cpp#L1521> ntopng decapsulates GRE traffic. Are you using the latest version? Can you enclose a pcap file so we can try and reproduce?

> On 1 Mar 2018, at 20:40, Rokkhan <rokkhan@gmail.com> wrote:
>
> Hi,
> I am using ntopng and it shows traffic flows as gre, instead of the real traffic.
> Do i have to enable any option?
> Greetings
>
>
> El 1 mar. 2018 20:35, "Simone Mainardi" <mainardi@ntop.org <mailto:mainardi@ntop.org>> escribió:
> ntopng decapsulates GRE tunnels by default. nprobe needs the following option to account for decapsulated traffic:
>
> [--tunnel|-5] | Compute flows on tunnelled traffic rather than
> | on the external envelope
>
>
> Simone
>
> > On 28 Feb 2018, at 18:28, Rokkhan <rokkhan@gmail.com <mailto:rokkhan@gmail.com>> wrote:
> >
> > Hi,
> >
> > I am sending traffic to one of the ntop interfaces with ERSPAN but traffic info shows application as "GRE".
> >
> > ¿Coudl it be configured to inspect the traffic inside the ERSPAN and show the real application?
> >
> > Saludos.
> > _______________________________________________
> > Ntop mailing list
> > Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> > http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>_______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Re: Ntop and ERSPAN [ In reply to ]

Mar 1, 2018, 11:54 AM

Post #7 of 21 (3429 views)

Re: Ntop and ERSPAN [ In reply to ]

Mar 1, 2018, 12:36 PM

Post #8 of 21 (3429 views)

Hi,

I am using v.3.3.180125 version. I send you attached an small pcap.

Greetings

2018-03-01 20:54 GMT+01:00 Simone Mainardi <mainardi@ntop.org>:

> As you can see from https://github.com/ntop/ntopng/blob/dev/src/
> NetworkInterface.cpp#L1521 ntopng decapsulates GRE traffic. Are you using
> the latest version? Can you enclose a pcap file so we can try and reproduce?
>
>
> On 1 Mar 2018, at 20:40, Rokkhan <rokkhan@gmail.com> wrote:
>
> Hi,
> I am using ntopng and it shows traffic flows as gre, instead of the real
> traffic.
> Do i have to enable any option?
> Greetings
>
>
> El 1 mar. 2018 20:35, "Simone Mainardi" <mainardi@ntop.org> escribió:
>
>> ntopng decapsulates GRE tunnels by default. nprobe needs the following
>> option to account for decapsulated traffic:
>>
>> [--tunnel|-5] | Compute flows on tunnelled traffic
>> rather than
>> | on the external envelope
>>
>>
>> Simone
>>
>> > On 28 Feb 2018, at 18:28, Rokkhan <rokkhan@gmail.com> wrote:
>> >
>> > Hi,
>> >
>> > I am sending traffic to one of the ntop interfaces with ERSPAN but
>> traffic info shows application as "GRE".
>> >
>> > ¿Coudl it be configured to inspect the traffic inside the ERSPAN and
>> show the real application?
>> >
>> > Saludos.
>> > _______________________________________________
>> > Ntop mailing list
>> > Ntop@listgateway.unipi.it
>> > http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Re: Ntop and ERSPAN [ In reply to ]

Mar 1, 2018, 12:36 PM

Post #9 of 21 (3429 views)

Re: Ntop and ERSPAN [ In reply to ]

Mar 1, 2018, 1:09 PM

Post #10 of 21 (3429 views)

I have upgraded to v.3.3.180301 and I still see GRE traffic.

Greetings.

2018-03-01 21:36 GMT+01:00 Rokkhan <rokkhan@gmail.com>:

> Hi,
>
> I am using v.3.3.180125 version. I send you attached an small pcap.
>
>
>
>
> Greetings
>
> 2018-03-01 20:54 GMT+01:00 Simone Mainardi <mainardi@ntop.org>:
>
>> As you can see from https://github.com/ntop/n
>> topng/blob/dev/src/NetworkInterface.cpp#L1521 ntopng decapsulates GRE
>> traffic. Are you using the latest version? Can you enclose a pcap file so
>> we can try and reproduce?
>>
>>
>> On 1 Mar 2018, at 20:40, Rokkhan <rokkhan@gmail.com> wrote:
>>
>> Hi,
>> I am using ntopng and it shows traffic flows as gre, instead of the real
>> traffic.
>> Do i have to enable any option?
>> Greetings
>>
>>
>> El 1 mar. 2018 20:35, "Simone Mainardi" <mainardi@ntop.org> escribió:
>>
>>> ntopng decapsulates GRE tunnels by default. nprobe needs the following
>>> option to account for decapsulated traffic:
>>>
>>> [--tunnel|-5] | Compute flows on tunnelled traffic
>>> rather than
>>> | on the external envelope
>>>
>>>
>>> Simone
>>>
>>> > On 28 Feb 2018, at 18:28, Rokkhan <rokkhan@gmail.com> wrote:
>>> >
>>> > Hi,
>>> >
>>> > I am sending traffic to one of the ntop interfaces with ERSPAN but
>>> traffic info shows application as "GRE".
>>> >
>>> > ¿Coudl it be configured to inspect the traffic inside the ERSPAN and
>>> show the real application?
>>> >
>>> > Saludos.
>>> > _______________________________________________
>>> > Ntop mailing list
>>> > Ntop@listgateway.unipi.it
>>> > http://listgateway.unipi.it/mailman/listinfo/ntop
>>>
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>
>

Re: Ntop and ERSPAN [ In reply to ]

Mar 1, 2018, 1:09 PM

Post #11 of 21 (3429 views)

Re: Ntop and ERSPAN [ In reply to ]

Mar 2, 2018, 12:21 PM

Post #12 of 21 (3428 views)

Thanks for providing the pcap. We have added GRE ERSPAN detunneling in https://github.com/ntop/ntopng/commit/9d82df748f27da6bc7c51e7e726600b09670c518 <https://github.com/ntop/ntopng/commit/9d82df748f27da6bc7c51e7e726600b09670c518>

Please check it out and report. Thanks,

Simone

> On 1 Mar 2018, at 22:09, Rokkhan <rokkhan@gmail.com> wrote:
>
> I have upgraded to v.3.3.180301 and I still see GRE traffic.
>
> Greetings.
>
> 2018-03-01 21:36 GMT+01:00 Rokkhan <rokkhan@gmail.com <mailto:rokkhan@gmail.com>>:
> Hi,
>
> I am using v.3.3.180125 version. I send you attached an small pcap.
>
>
> <imagen.png>
>
> Greetings
>
> 2018-03-01 20:54 GMT+01:00 Simone Mainardi <mainardi@ntop.org <mailto:mainardi@ntop.org>>:
> As you can see from https://github.com/ntop/ntopng/blob/dev/src/NetworkInterface.cpp#L1521 <https://github.com/ntop/ntopng/blob/dev/src/NetworkInterface.cpp#L1521> ntopng decapsulates GRE traffic. Are you using the latest version? Can you enclose a pcap file so we can try and reproduce?
>
>
>> On 1 Mar 2018, at 20:40, Rokkhan <rokkhan@gmail.com <mailto:rokkhan@gmail.com>> wrote:
>>
>> Hi,
>> I am using ntopng and it shows traffic flows as gre, instead of the real traffic.
>> Do i have to enable any option?
>> Greetings
>>
>>
>> El 1 mar. 2018 20:35, "Simone Mainardi" <mainardi@ntop.org <mailto:mainardi@ntop.org>> escribió:
>> ntopng decapsulates GRE tunnels by default. nprobe needs the following option to account for decapsulated traffic:
>>
>> [--tunnel|-5] | Compute flows on tunnelled traffic rather than
>> | on the external envelope
>>
>>
>> Simone
>>
>> > On 28 Feb 2018, at 18:28, Rokkhan <rokkhan@gmail.com <mailto:rokkhan@gmail.com>> wrote:
>> >
>> > Hi,
>> >
>> > I am sending traffic to one of the ntop interfaces with ERSPAN but traffic info shows application as "GRE".
>> >
>> > ¿Coudl it be configured to inspect the traffic inside the ERSPAN and show the real application?
>> >
>> > Saludos.
>> > _______________________________________________
>> > Ntop mailing list
>> > Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>> > http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>_______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Re: Ntop and ERSPAN [ In reply to ]

Mar 2, 2018, 12:21 PM

Post #13 of 21 (3428 views)

Re: Ntop and ERSPAN [ In reply to ]

Mar 2, 2018, 12:29 PM

Post #14 of 21 (3428 views)

Sorry, I am quite newbie at this? what do i have to do? update? overwrite a
file?
Greetings!

2018-03-02 21:21 GMT+01:00 Simone Mainardi <mainardi@ntop.org>:

> Thanks for providing the pcap. We have added GRE ERSPAN detunneling in
> https://github.com/ntop/ntopng/commit/9d82df748f27da6bc7c51e7e726600
> b09670c518
>
> Please check it out and report. Thanks,
>
> Simone
>
> On 1 Mar 2018, at 22:09, Rokkhan <rokkhan@gmail.com> wrote:
>
> I have upgraded to v.3.3.180301 and I still see GRE traffic.
>
> Greetings.
>
> 2018-03-01 21:36 GMT+01:00 Rokkhan <rokkhan@gmail.com>:
>
>> Hi,
>>
>> I am using v.3.3.180125 version. I send you attached an small pcap.
>>
>>
>> <imagen.png>
>>
>> Greetings
>>
>> 2018-03-01 20:54 GMT+01:00 Simone Mainardi <mainardi@ntop.org>:
>>
>>> As you can see from https://github.com/ntop/n
>>> topng/blob/dev/src/NetworkInterface.cpp#L1521 ntopng decapsulates GRE
>>> traffic. Are you using the latest version? Can you enclose a pcap file so
>>> we can try and reproduce?
>>>
>>>
>>> On 1 Mar 2018, at 20:40, Rokkhan <rokkhan@gmail.com> wrote:
>>>
>>> Hi,
>>> I am using ntopng and it shows traffic flows as gre, instead of the real
>>> traffic.
>>> Do i have to enable any option?
>>> Greetings
>>>
>>>
>>> El 1 mar. 2018 20:35, "Simone Mainardi" <mainardi@ntop.org> escribió:
>>>
>>>> ntopng decapsulates GRE tunnels by default. nprobe needs the following
>>>> option to account for decapsulated traffic:
>>>>
>>>> [--tunnel|-5] | Compute flows on tunnelled
>>>> traffic rather than
>>>> | on the external envelope
>>>>
>>>>
>>>> Simone
>>>>
>>>> > On 28 Feb 2018, at 18:28, Rokkhan <rokkhan@gmail.com> wrote:
>>>> >
>>>> > Hi,
>>>> >
>>>> > I am sending traffic to one of the ntop interfaces with ERSPAN but
>>>> traffic info shows application as "GRE".
>>>> >
>>>> > ¿Coudl it be configured to inspect the traffic inside the ERSPAN and
>>>> show the real application?
>>>> >
>>>> > Saludos.
>>>> > _______________________________________________
>>>> > Ntop mailing list
>>>> > Ntop@listgateway.unipi.it
>>>> > http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>
>>>> _______________________________________________
>>>> Ntop mailing list
>>>> Ntop@listgateway.unipi.it
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>
>>>
>>>
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>
>>
>>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Re: Ntop and ERSPAN [ In reply to ]

Mar 2, 2018, 12:29 PM

Post #15 of 21 (3428 views)

Re: Ntop and ERSPAN [ In reply to ]

Mar 2, 2018, 12:30 PM

Post #16 of 21 (3428 views)

Just wait until tomorrow (new builds are being generated) ad update ntopng to the latest 3.3 version.

Simone

> On 2 Mar 2018, at 21:29, Rokkhan <rokkhan@gmail.com> wrote:
>
> Sorry, I am quite newbie at this? what do i have to do? update? overwrite a file?
> Greetings!
>
> 2018-03-02 21:21 GMT+01:00 Simone Mainardi <mainardi@ntop.org <mailto:mainardi@ntop.org>>:
> Thanks for providing the pcap. We have added GRE ERSPAN detunneling in https://github.com/ntop/ntopng/commit/9d82df748f27da6bc7c51e7e726600b09670c518 <https://github.com/ntop/ntopng/commit/9d82df748f27da6bc7c51e7e726600b09670c518>
>
> Please check it out and report. Thanks,
>
> Simone
>
>> On 1 Mar 2018, at 22:09, Rokkhan <rokkhan@gmail.com <mailto:rokkhan@gmail.com>> wrote:
>>
>> I have upgraded to v.3.3.180301 and I still see GRE traffic.
>>
>> Greetings.
>>
>> 2018-03-01 21:36 GMT+01:00 Rokkhan <rokkhan@gmail.com <mailto:rokkhan@gmail.com>>:
>> Hi,
>>
>> I am using v.3.3.180125 version. I send you attached an small pcap.
>>
>>
>> <imagen.png>
>>
>> Greetings
>>
>> 2018-03-01 20:54 GMT+01:00 Simone Mainardi <mainardi@ntop.org <mailto:mainardi@ntop.org>>:
>> As you can see from https://github.com/ntop/ntopng/blob/dev/src/NetworkInterface.cpp#L1521 <https://github.com/ntop/ntopng/blob/dev/src/NetworkInterface.cpp#L1521> ntopng decapsulates GRE traffic. Are you using the latest version? Can you enclose a pcap file so we can try and reproduce?
>>
>>
>>> On 1 Mar 2018, at 20:40, Rokkhan <rokkhan@gmail.com <mailto:rokkhan@gmail.com>> wrote:
>>>
>>> Hi,
>>> I am using ntopng and it shows traffic flows as gre, instead of the real traffic.
>>> Do i have to enable any option?
>>> Greetings
>>>
>>>
>>> El 1 mar. 2018 20:35, "Simone Mainardi" <mainardi@ntop.org <mailto:mainardi@ntop.org>> escribió:
>>> ntopng decapsulates GRE tunnels by default. nprobe needs the following option to account for decapsulated traffic:
>>>
>>> [--tunnel|-5] | Compute flows on tunnelled traffic rather than
>>> | on the external envelope
>>>
>>>
>>> Simone
>>>
>>> > On 28 Feb 2018, at 18:28, Rokkhan <rokkhan@gmail.com <mailto:rokkhan@gmail.com>> wrote:
>>> >
>>> > Hi,
>>> >
>>> > I am sending traffic to one of the ntop interfaces with ERSPAN but traffic info shows application as "GRE".
>>> >
>>> > ¿Coudl it be configured to inspect the traffic inside the ERSPAN and show the real application?
>>> >
>>> > Saludos.
>>> > _______________________________________________
>>> > Ntop mailing list
>>> > Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>>> > http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>>>
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>>> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>_______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>>> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Re: Ntop and ERSPAN [ In reply to ]

Mar 2, 2018, 12:30 PM

Post #17 of 21 (3428 views)

Re: Ntop and ERSPAN [ In reply to ]

Mar 4, 2018, 2:25 PM

Post #18 of 21 (3417 views)

Hi,

I have updated to latest version but now I am unable to dump any packet. It
does not even generate the pcap folder on interface folder.

Greetings.

2018-03-02 21:30 GMT+01:00 Simone Mainardi <mainardi@ntop.org>:

> Just wait until tomorrow (new builds are being generated) ad update ntopng
> to the latest 3.3 version.
>
> Simone
>
>
> On 2 Mar 2018, at 21:29, Rokkhan <rokkhan@gmail.com> wrote:
>
> Sorry, I am quite newbie at this? what do i have to do? update? overwrite
> a file?
> Greetings!
>
> 2018-03-02 21:21 GMT+01:00 Simone Mainardi <mainardi@ntop.org>:
>
>> Thanks for providing the pcap. We have added GRE ERSPAN detunneling in
>> https://github.com/ntop/ntopng/commit/9d82df748f27da6bc7c
>> 51e7e726600b09670c518
>>
>> Please check it out and report. Thanks,
>>
>> Simone
>>
>> On 1 Mar 2018, at 22:09, Rokkhan <rokkhan@gmail.com> wrote:
>>
>> I have upgraded to v.3.3.180301 and I still see GRE traffic.
>>
>> Greetings.
>>
>> 2018-03-01 21:36 GMT+01:00 Rokkhan <rokkhan@gmail.com>:
>>
>>> Hi,
>>>
>>> I am using v.3.3.180125 version. I send you attached an small pcap.
>>>
>>>
>>> <imagen.png>
>>>
>>> Greetings
>>>
>>> 2018-03-01 20:54 GMT+01:00 Simone Mainardi <mainardi@ntop.org>:
>>>
>>>> As you can see from https://github.com/ntop/n
>>>> topng/blob/dev/src/NetworkInterface.cpp#L1521 ntopng decapsulates GRE
>>>> traffic. Are you using the latest version? Can you enclose a pcap file so
>>>> we can try and reproduce?
>>>>
>>>>
>>>> On 1 Mar 2018, at 20:40, Rokkhan <rokkhan@gmail.com> wrote:
>>>>
>>>> Hi,
>>>> I am using ntopng and it shows traffic flows as gre, instead of the
>>>> real traffic.
>>>> Do i have to enable any option?
>>>> Greetings
>>>>
>>>>
>>>> El 1 mar. 2018 20:35, "Simone Mainardi" <mainardi@ntop.org> escribió:
>>>>
>>>>> ntopng decapsulates GRE tunnels by default. nprobe needs the following
>>>>> option to account for decapsulated traffic:
>>>>>
>>>>> [--tunnel|-5] | Compute flows on tunnelled
>>>>> traffic rather than
>>>>> | on the external envelope
>>>>>
>>>>>
>>>>> Simone
>>>>>
>>>>> > On 28 Feb 2018, at 18:28, Rokkhan <rokkhan@gmail.com> wrote:
>>>>> >
>>>>> > Hi,
>>>>> >
>>>>> > I am sending traffic to one of the ntop interfaces with ERSPAN but
>>>>> traffic info shows application as "GRE".
>>>>> >
>>>>> > ¿Coudl it be configured to inspect the traffic inside the ERSPAN and
>>>>> show the real application?
>>>>> >
>>>>> > Saludos.
>>>>> > _______________________________________________
>>>>> > Ntop mailing list
>>>>> > Ntop@listgateway.unipi.it
>>>>> > http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>>
>>>>> _______________________________________________
>>>>> Ntop mailing list
>>>>> Ntop@listgateway.unipi.it
>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>
>>>> _______________________________________________
>>>> Ntop mailing list
>>>> Ntop@listgateway.unipi.it
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Ntop mailing list
>>>> Ntop@listgateway.unipi.it
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>
>>>
>>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Re: Ntop and ERSPAN [ In reply to ]

Mar 4, 2018, 2:25 PM

Post #19 of 21 (3417 views)

Re: Ntop and ERSPAN [ In reply to ]

Mar 5, 2018, 12:44 AM

Post #20 of 21 (3417 views)