Ajit, you need nProbe to decode GRE tunneled traffic: http://www.ntop.org/products/netflow/nprobe/
On Tue, Mar 8, 2016 at 1:12 PM, Ajit Sarnaik <[email protected]> wrote: > Hell Simone, > > This issue does not address the GRE question though. > > Regards, > > Ajit > > On Tue, Mar 8, 2016 at 4:03 AM, Simone Mainardi <[email protected]> wrote: > >> Ajit, please refer to the following issue: >> https://github.com/ntop/ntopng/issues/432 >> >> On Tue, Mar 8, 2016 at 12:42 PM, Ajit Sarnaik <[email protected]> >> wrote: >> >>> Hello Luca, >>> >>> Are GRE tunnels supported by NTOPNG please. Will file the issue request. >>> >>> Regards, >>> >>> Ajit >>> >>> On Tue, Mar 8, 2016 at 3:35 AM, Luca Deri <[email protected]> wrote: >>> >>>> Hi Ajit, >>>> please file an issue request >>>> >>>> Luca >>>> >>>> On 03/08/2016 12:28 PM, Ajit Sarnaik wrote: >>>> >>>> Hello Simone, >>>> >>>> Is there support for GRE tunnels in ntopng please. >>>> >>>> Regards, >>>> >>>> Ajit >>>> >>>> On Tue, Mar 8, 2016 at 3:27 AM, Ajit Sarnaik <[email protected]> >>>> wrote: >>>> >>>>> Hello Simone, >>>>> >>>>> Thanks for the quick response. By host statistics, you mean native, >>>>> right? We have checked that and also did a tcpdump to verify that we are >>>>> getting responses. Below is the json that is returned from one of the >>>>> runs, >>>>> >>>>> hbase-metadata-devjson: >>>>> { >>>>> u'ip': {u'ipVersion': 4, u'ip': u'172.25.3.132', u'localHost': >>>>> False}, >>>>> u'icmp_rcvd': {u'bytes': 0, u'packets': 0}, >>>>> u'pktStats.recv': {}, >>>>> u'contacts': { >>>>> u'client': { u'192.168.254.1': u'62', u'239.255.255.250': u'1'}, >>>>> u'server': {} >>>>> }, >>>>> u'tcp_sent': {u'bytes': 117789898, u'packets': 86207}, >>>>> u'symbolic_name': u'172.25.3.132', >>>>> u'throughput_trend_pps': u'Stable', >>>>> u'ndpiStats': { >>>>> u'Unknown': {u'packets': {u'rcvd': 0, u'sent': 347}, u'bytes': >>>>> {u'rcvd': 0, u'sent': 69306}}, >>>>> u'SSDP': {u'packets': {u'rcvd': 0, u'sent': 1}, u'bytes': >>>>> {u'rcvd': 0, u'sent': 180}}, >>>>> u'RTSP': {u'packets': {u'rcvd': 0, u'sent': 85860}, u'bytes': >>>>> {u'rcvd': 0, u'sent': 117720592}} >>>>> }, >>>>> u'pktStats.sent': { >>>>> u'upTo6500': 678, >>>>> u'upTo1024': 2201, >>>>> u'upTo2500': 836, >>>>> u'upTo128': 1082, >>>>> u'upTo1518': 73338, >>>>> u'upTo512': 1346, >>>>> u'upTo256': 6695, >>>>> u'upTo9000': 65 >>>>> }, >>>>> u'dns': {u'rcvd': {u'stats': {}}, u'sent': {u'stats': {}}}, >>>>> u'mac_address': u'02:C4:92:CA:3F:FD', >>>>> u'throughput_bps': 0.0, >>>>> u'throughput_pps': 0.0, >>>>> u'other_ip_rcvd': {u'bytes': 0, u'packets': 0}, >>>>> u'sent': {u'bytes': 117790078, u'packets': 86208}, >>>>> u'http': {}, >>>>> u'other_ip_sent': {u'bytes': 0, u'packets': 0}, >>>>> u'throughput_trend_bps': u'Stable', >>>>> u'flows.as_client': 63, >>>>> u'activityStats': {u'1456688976': 60, u'1456689036': 48, >>>>> u'1456688916': 60, u'1456688856': 60}, >>>>> u'rcvd': {u'bytes': 0, u'packets': 0}, >>>>> u'flows.as_server': 0, >>>>> u'asn': 14138, >>>>> u'localHost': True, >>>>> u'udp_rcvd': {u'bytes': 0, u'packets': 0}, >>>>> u'udp_sent': {u'bytes': 180, u'packets': 1}, >>>>> u'num_alerts': 0, >>>>> u'epp': {u'rcvd': {}, u'sent': {}}, >>>>> u'systemHost': False, >>>>> u'asname': u'AS14138', >>>>> u'icmp_sent': {u'bytes': 0, u'packets': 0}, >>>>> u'tcp_rcvd': {u'bytes': 0, u'packets': 0} >>>>> } >>>>> >>>>> >>>>> Notice the tcp_sent, which does have data. Let me know if I can >>>>> provide any other information that can help. >>>>> >>>>> Regards, >>>>> >>>>> Ajit >>>>> >>>>> On Mon, Mar 7, 2016 at 7:55 AM, Simone Mainardi < <[email protected]> >>>>> [email protected]> wrote: >>>>> >>>>>> ifnum is not recognized as valid param. Since it's unknown, I guess >>>>>> ntopng is replying with host statistics related to the currently active >>>>>> interface. Check hosts statistics against the active interface. >>>>>> >>>>>> Simone >>>>>> >>>>>> On Mon, Mar 7, 2016 at 4:46 PM, Ajit Sarnaik < >>>>>> <[email protected]>[email protected]> wrote: >>>>>> >>>>>>> Hello Simone, >>>>>>> >>>>>>> Here is the request, >>>>>>> >>>>>>> " >>>>>>> http://localhost:6398/lua/host_get_json.lua?ifnum=4&host=172.25.3.130 >>>>>>> " >>>>>>> >>>>>>> We do get the Tx stats, but Rx (response from server) is 0. >>>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> Ajit >>>>>>> >>>>>>> On Mon, Mar 7, 2016 at 7:05 AM, Simone Mainardi < >>>>>>> <[email protected]>[email protected]> wrote: >>>>>>> >>>>>>>> Ajit, are you calling the http "host_get_json.lua" endpoint >>>>>>>> directly? Could you please post the full http request you make? >>>>>>>> >>>>>>>> simone >>>>>>>> >>>>>>>> On Mon, Mar 7, 2016 at 3:51 AM, Ajit Sarnaik < >>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>> >>>>>>>>> Hello Folks, >>>>>>>>> >>>>>>>>> Just starting using ntop. We would like to capture network >>>>>>>>> statistics for bidirectional traffic and we are using >>>>>>>>> "host_get_json.lua" >>>>>>>>> script to accomplish this. What we are noticing is that the Tx traffic >>>>>>>>> stats are appropriate, where as the Rx traffic stats are 0. We have >>>>>>>>> done a >>>>>>>>> tcpdump to determine if the response are being received on the >>>>>>>>> interface, >>>>>>>>> and they are coming in. Below is the snippet of he config file. >>>>>>>>> >>>>>>>>> # Specifies the network interface or collector endpoint >>>>>>>>> to be used by ntopng for network >>>>>>>>> # monitoring. On Unix you can specify both the interface >>>>>>>>> name (e.g. lo) or the numeric >>>>>>>>> # interface id as shown by ntopng -h. On Windows you must >>>>>>>>> use the interface number instead. >>>>>>>>> # Note that you can specify -i multiple times in order to >>>>>>>>> instruct ntopng to create multiā >>>>>>>>> # ple interfaces. >>>>>>>>> # >>>>>>>>> --interface eth0 >>>>>>>>> --interface eth1 >>>>>>>>> # >>>>>>>>> # -w|--http-port >>>>>>>>> # Sets the HTTP port of the embedded web server. >>>>>>>>> # >>>>>>>>> --http-port 6398 >>>>>>>>> # >>>>>>>>> # -m|--local-networks >>>>>>>>> # ntopng determines the ip addresses and netmasks for each >>>>>>>>> active interface. Any traffic on >>>>>>>>> # those networks is considered local. This parameter >>>>>>>>> allows the user to define additional >>>>>>>>> # networks and subnetworks whose traffic is also considered >>>>>>>>> local in ntopng reports. All >>>>>>>>> # other hosts are considered remote. If not specified the >>>>>>>>> default is set to 192.168.1.0/24. >>>>>>>>> # >>>>>>>>> # Commas separate multiple network values. Both >>>>>>>>> netmask and CIDR notation may be used, >>>>>>>>> # even mixed together, for instance " >>>>>>>>> 131.114.21.0/24,10.0.0.0/255.0.0.0". >>>>>>>>> # >>>>>>>>> --local-networks "172.25.1.0/24,172.25.2.0/24,172.25.3.128/25" >>>>>>>>> # >>>>>>>>> # -n|--dns-mode >>>>>>>>> # Sets the DNS address resolution mode: 0 - Decode DNS >>>>>>>>> responses and resolve only local >>>>>>>>> # (-m) numeric IPs 1 - Decode DNS responses and >>>>>>>>> resolve all numeric IPs 2 - Decode DNS >>>>>>>>> # responses and don't resolve numeric IPs 3 - Don't decode >>>>>>>>> DNS responses and don't resolve >>>>>>>>> # >>>>>>>>> -n=3 >>>>>>>>> >>>>>>>>> Have any of you seen this behavior. Would appreciate any help in >>>>>>>>> this regards. Any pointers to FAQs would also be helpful. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Ajit Sarnaik >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Ntop mailing list >>>>>>>>> <[email protected]>[email protected] >>>>>>>>> <http://listgateway.unipi.it/mailman/listinfo/ntop> >>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Ntop mailing list >>>>>>>> [email protected] >>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Ajit Sarnaik >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ntop mailing list >>>>>>> [email protected] >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Ntop mailing list >>>>>> [email protected] >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Ajit Sarnaik >>>>> >>>> >>>> >>>> >>>> -- >>>> Ajit Sarnaik >>>> >>>> >>>> _______________________________________________ >>>> Ntop mailing >>>> [email protected]http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>>> >>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>> >>> >>> >>> -- >>> Ajit Sarnaik >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > > > > -- > Ajit Sarnaik > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
