-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Naman, if you understand correctly, you use ntop as NetFlow collector, then you switch to the Netflow interface into ntop and ntop shows you a red flag there: is this correct? If so, please capture some netflow flows using tcpdump (-w file.name -s 1514) and mail me file.name so that I can reproduce the problem here.
Note that if you instead sniff from a normal interface and you use traffic mirroring or so, you need to add -o to tell ntop to ignore MAC addresses (hence fix the red flag problem).
Regards, Luca
Naman Latif wrote:
| Hi, For our NetFlow Data, there is a Red Flag appearing corresponding | to one of the Network Devices. This is a VPN Box and all traffic | towards this box is ESP, GRE and TCP (Port 1723), UDP (Port 500). | | When I take the mouse over this Red Flag, it comes up with the info | "High Risk". Back traffic on this list says that it is due to | "Duplicate MAC Address", I am pretty sure that there is no duplicate | address involved. Can there be any other reason for this flag ? | | Regards \\ Naman _______________________________________________ Ntop | mailing list [EMAIL PROTECTED] | http://listgateway.unipi.it/mailman/listinfo/ntop
- -- Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/ Hacker: someone who loves to program and enjoys being clever about it - Richard Stallman -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/tQTgmMhDxnkh3zQRAq2UAJ0deXiJ7WOeV3o86GhbIS99+PwK5wCfQcE1 YjYKoYYLPk1JqbbuIUfySTw= =cOdx -----END PGP SIGNATURE-----
_______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
