Discussion:
[Ntop] Ntop and ERSPAN
Rokkhan
2018-02-28 17:28:06 UTC
Permalink
Hi,

I am sending traffic to one of the ntop interfaces with ERSPAN but traffic
info shows application as "GRE".

¿Coudl it be configured to inspect the traffic inside the ERSPAN and show
the real application?

Saludos.
Rokkhan
2018-03-01 19:40:23 UTC
Permalink
Hi,
I am using ntopng and it shows traffic flows as gre, instead of the real
traffic.
Do i have to enable any option?
Greetings
ntopng decapsulates GRE tunnels by default. nprobe needs the following
[--tunnel|-5] | Compute flows on tunnelled traffic
rather than
| on the external envelope
Simone
Post by Rokkhan
Hi,
I am sending traffic to one of the ntop interfaces with ERSPAN but
traffic info shows application as "GRE".
Post by Rokkhan
¿Coudl it be configured to inspect the traffic inside the ERSPAN and
show the real application?
Post by Rokkhan
Saludos.
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
Rokkhan
2018-03-01 20:36:06 UTC
Permalink
Hi,

I am using v.3.3.180125 version. I send you attached an small pcap.




Greetings
As you can see from https://github.com/ntop/ntopng/blob/dev/src/
NetworkInterface.cpp#L1521 ntopng decapsulates GRE traffic. Are you using
the latest version? Can you enclose a pcap file so we can try and reproduce?
Hi,
I am using ntopng and it shows traffic flows as gre, instead of the real
traffic.
Do i have to enable any option?
Greetings
ntopng decapsulates GRE tunnels by default. nprobe needs the following
[--tunnel|-5] | Compute flows on tunnelled traffic
rather than
| on the external envelope
Simone
Post by Rokkhan
Hi,
I am sending traffic to one of the ntop interfaces with ERSPAN but
traffic info shows application as "GRE".
Post by Rokkhan
¿Coudl it be configured to inspect the traffic inside the ERSPAN and
show the real application?
Post by Rokkhan
Saludos.
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
Rokkhan
2018-03-01 21:09:53 UTC
Permalink
I have upgraded to v.3.3.180301 and I still see GRE traffic.

Greetings.
Post by Rokkhan
Hi,
I am using v.3.3.180125 version. I send you attached an small pcap.
Greetings
As you can see from https://github.com/ntop/n
topng/blob/dev/src/NetworkInterface.cpp#L1521 ntopng decapsulates GRE
traffic. Are you using the latest version? Can you enclose a pcap file so
we can try and reproduce?
Hi,
I am using ntopng and it shows traffic flows as gre, instead of the real
traffic.
Do i have to enable any option?
Greetings
ntopng decapsulates GRE tunnels by default. nprobe needs the following
[--tunnel|-5] | Compute flows on tunnelled traffic
rather than
| on the external envelope
Simone
Post by Rokkhan
Hi,
I am sending traffic to one of the ntop interfaces with ERSPAN but
traffic info shows application as "GRE".
Post by Rokkhan
¿Coudl it be configured to inspect the traffic inside the ERSPAN and
show the real application?
Post by Rokkhan
Saludos.
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
Rokkhan
2018-03-02 20:29:50 UTC
Permalink
Sorry, I am quite newbie at this? what do i have to do? update? overwrite a
file?
Greetings!
Thanks for providing the pcap. We have added GRE ERSPAN detunneling in
https://github.com/ntop/ntopng/commit/9d82df748f27da6bc7c51e7e726600
b09670c518
Please check it out and report. Thanks,
Simone
I have upgraded to v.3.3.180301 and I still see GRE traffic.
Greetings.
Post by Rokkhan
Hi,
I am using v.3.3.180125 version. I send you attached an small pcap.
<imagen.png>
Greetings
As you can see from https://github.com/ntop/n
topng/blob/dev/src/NetworkInterface.cpp#L1521 ntopng decapsulates GRE
traffic. Are you using the latest version? Can you enclose a pcap file so
we can try and reproduce?
Hi,
I am using ntopng and it shows traffic flows as gre, instead of the real
traffic.
Do i have to enable any option?
Greetings
ntopng decapsulates GRE tunnels by default. nprobe needs the following
[--tunnel|-5] | Compute flows on tunnelled
traffic rather than
| on the external envelope
Simone
Post by Rokkhan
Hi,
I am sending traffic to one of the ntop interfaces with ERSPAN but
traffic info shows application as "GRE".
Post by Rokkhan
¿Coudl it be configured to inspect the traffic inside the ERSPAN and
show the real application?
Post by Rokkhan
Saludos.
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
Rokkhan
2018-03-04 22:25:45 UTC
Permalink
Hi,

I have updated to latest version but now I am unable to dump any packet. It
does not even generate the pcap folder on interface folder.

Greetings.
Just wait until tomorrow (new builds are being generated) ad update ntopng
to the latest 3.3 version.
Simone
Sorry, I am quite newbie at this? what do i have to do? update? overwrite
a file?
Greetings!
Thanks for providing the pcap. We have added GRE ERSPAN detunneling in
https://github.com/ntop/ntopng/commit/9d82df748f27da6bc7c
51e7e726600b09670c518
Please check it out and report. Thanks,
Simone
I have upgraded to v.3.3.180301 and I still see GRE traffic.
Greetings.
Post by Rokkhan
Hi,
I am using v.3.3.180125 version. I send you attached an small pcap.
<imagen.png>
Greetings
As you can see from https://github.com/ntop/n
topng/blob/dev/src/NetworkInterface.cpp#L1521 ntopng decapsulates GRE
traffic. Are you using the latest version? Can you enclose a pcap file so
we can try and reproduce?
Hi,
I am using ntopng and it shows traffic flows as gre, instead of the
real traffic.
Do i have to enable any option?
Greetings
ntopng decapsulates GRE tunnels by default. nprobe needs the following
[--tunnel|-5] | Compute flows on tunnelled
traffic rather than
| on the external envelope
Simone
Post by Rokkhan
Hi,
I am sending traffic to one of the ntop interfaces with ERSPAN but
traffic info shows application as "GRE".
Post by Rokkhan
¿Coudl it be configured to inspect the traffic inside the ERSPAN and
show the real application?
Post by Rokkhan
Saludos.
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
Loading...