Dear,
Thanks for the reply.
The traffic is delivered to NtopNg with WAN port mirroring.
But what I do not understand is why is the NopNG web interface, in the flow, the link to the server is the real IP address of the client, and the link is server name !
Is there some debug/trace level that I could activated.
Thanks.
Christophe.
De : ntop-bounces@listgateway.unipi.it <ntop-bounces@listgateway.unipi.it> De la part de Simone Mainardi
Envoy? : jeudi 23 janvier 2020 15:10
? : ntop@unipi.it
Cc : ntop@listgateway.unipi.it
Objet : Re: [Ntop] Client/Server hostname/IP Mismatch
Please,
Explain how to reproduce and how you are delivering traffic to ntopng. It could be that the first SYN packet of the flow hasn't been seen - indeed, I don't see any SYN in the server -> client TCP flags - so ntopng has been tricked into thinking the server (who actually responded with a SYN+ACK) is the client.
This happens because a new flow gets it client and server assigned depending on the first seen packet.
Simone
On 22 Jan 2020, at 11:11, Christophe Gierski <c.gierski@traxens.com<mailto:c.gierski@traxens.com>> wrote:
Dear all,
I have installed NTopNG 3.8.200120 - Enterprise Edition on Ubuntu 18.04.2 LTS
And It seems there is error as the flow display information between same machine and seems to invert Client/Server.
<image003.png>
Thx & Rgds,
Christophe.
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop