Mailing List Archive: IP version mismatch: client:4 server:0

IP version mismatch: client:4 server:0 - flow will be ignored

May 16, 2018, 10:13 AM

Post #1 of 4 (841 views)

Hello,

I am using pmacct as NetFlow v9 exporter and nprobe as collector and
in ntopng logs I am getting this error:"WARNING: IP version mismatch:
client:4 server:0 - flow will be ignored".

Here's a captured flow it's obvious that IPVersion is set in flow record.

Flow 1
[Duration: 0.778000000 seconds (switched)]
Octets: 4724
Packets: 31
IPVersion: 4
InputInt: 0
OutputInt: 0
Direction: Ingress (0)
SrcAddr: 192.168.111.9
DstAddr: 191.234.99.47
SrcPort: 51101
DstPort: 2222
IP ToS: 0x00
TCP Flags: 0x1f, ACK, PSH, RST, SYN, FIN
Protocol: TCP (6)

nProbe v.8.5.180512 (r6153)

/usr/local/bin/nprobe --zmq tcp://127.0.0.1:20001 -i none -n none
--collector-port 20001 -V 9 --disable-cache --zmq-disable-buffering
-T%IPV4_SRC_ADDR %IPV4_DST_ADDR %IN_BYTES %L4_SRC_PORT %L4_DST_PORT
%TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IN_SRC_MAC %OUT_DST_MAC
%IPV6_SRC_ADDR %IPV6_DST_ADDR %FIRST_SWITCHED %LAST_SWITCHED %IPV4_NEXT_HOP
%INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %EXPORTER_IPV4_ADDRESS

Re: IP version mismatch: client:4 server:0 - flow will be ignored [ In reply to ]

deri at ntop

May 16, 2018, 2:59 PM

Post #2 of 4 (839 views)

Permalink

Marek
is there any chance to mail ma (in private) a pcap file with template+flow I can use to reproduce the bug?

Luca

> On 16 May 2018, at 19:13, Marek Des <desmarek1@gmail.com> wrote:
>
> Hello,
>
> I am using pmacct as NetFlow v9 exporter and nprobe as collector and
> in ntopng logs I am getting this error:"WARNING: IP version mismatch: client:4 server:0 - flow will be ignored".
>
> Here's a captured flow it's obvious that IPVersion is set in flow record.
>
> Flow 1
> [Duration: 0.778000000 seconds (switched)]
> Octets: 4724
> Packets: 31
> IPVersion: 4
> InputInt: 0
> OutputInt: 0
> Direction: Ingress (0)
> SrcAddr: 192.168.111.9
> DstAddr: 191.234.99.47
> SrcPort: 51101
> DstPort: 2222
> IP ToS: 0x00
> TCP Flags: 0x1f, ACK, PSH, RST, SYN, FIN
> Protocol: TCP (6)
>
>
> nProbe v.8.5.180512 (r6153)
>
> /usr/local/bin/nprobe --zmq tcp://127.0.0.1:20001 <http://127.0.0.1:20001/> -i none -n none --collector-port 20001 -V 9 --disable-cache --zmq-disable-buffering -T%IPV4_SRC_ADDR %IPV4_DST_ADDR %IN_BYTES %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IN_SRC_MAC %OUT_DST_MAC %IPV6_SRC_ADDR %IPV6_DST_ADDR %FIRST_SWITCHED %LAST_SWITCHED %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %EXPORTER_IPV4_ADDRESS
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Re: IP version mismatch: client:4 server:0 - flow will be ignored [ In reply to ]

deri at ntop

May 16, 2018, 2:59 PM

Post #3 of 4 (839 views)

Permalink

Re: IP version mismatch: client:4 server:0 - flow will be ignored [ In reply to ]

desmarek1 at gmail

May 23, 2018, 9:18 AM

Post #4 of 4 (829 views)

Permalink

Hello,

I removed exporter IP address from -T and added quotes after -T and it's
working.
That was only 2 differencies between other nprobe configurations I have.

Marek

On Wed, May 16, 2018 at 11:59 PM, Luca Deri <deri@ntop.org> wrote:

> Marek
> is there any chance to mail ma (in private) a pcap file with template+flow
> I can use to reproduce the bug?
>
> Luca
>
> On 16 May 2018, at 19:13, Marek Des <desmarek1@gmail.com> wrote:
>
> Hello,
>
> I am using pmacct as NetFlow v9 exporter and nprobe as collector and
> in ntopng logs I am getting this error:"WARNING: IP version mismatch:
> client:4 server:0 - flow will be ignored".
>
> Here's a captured flow it's obvious that IPVersion is set in flow record.
>
> Flow 1
> [Duration: 0.778000000 seconds (switched)]
> Octets: 4724
> Packets: 31
> IPVersion: 4
> InputInt: 0
> OutputInt: 0
> Direction: Ingress (0)
> SrcAddr: 192.168.111.9
> DstAddr: 191.234.99.47
> SrcPort: 51101
> DstPort: 2222
> IP ToS: 0x00
> TCP Flags: 0x1f, ACK, PSH, RST, SYN, FIN
> Protocol: TCP (6)
>
>
> nProbe v.8.5.180512 (r6153)
>
> /usr/local/bin/nprobe --zmq tcp://127.0.0.1:20001 -i none -n none
> --collector-port 20001 -V 9 --disable-cache --zmq-disable-buffering
> -T%IPV4_SRC_ADDR %IPV4_DST_ADDR %IN_BYTES %L4_SRC_PORT %L4_DST_PORT
> %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IN_SRC_MAC %OUT_DST_MAC
> %IPV6_SRC_ADDR %IPV6_DST_ADDR %FIRST_SWITCHED %LAST_SWITCHED %IPV4_NEXT_HOP
> %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %EXPORTER_IPV4_ADDRESS
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>