SRC port and DST port number are switched sometimes in ntopng #8899
Comments
|
Can you please show the TCP flags per direction (cli->srv and src->cli) of the abnormal flows. Please also report the nprobe configuration for -T |
|
Here is the configuraion for -T: And, I will also show the TCP flags per direction once I get it from my client. |
Please show the TCP flags per direction (cli->srv and src->cli) of the abnormal flows. Paste a picture showing one of those flows with wrong direction, to understand the problem. |
Environment:
What happened:
In ntopng, when checking the flow, there are occasional cases where the source port and target port are swapped. For example, in the case of port 443, which should typically be considered the target port, there are flows that are sometimes displayed as the source port. I previously reported this bug, and Matteo mentioned that it was fixed in version 6.0, but the issue still persists in the latest version.
Regarding the issue mentioned above,
1) Could it be a problem with nprobe, or is it a problem with ntopng?
How did you reproduce it?
FYI, here is my configuration of ntop products:
nProbe(export over ZMQ) --> ntopng(export over Syslog) --> Elastic Search
In my environment, nprobe sends flows data to ntopng via ZMQ. The data volume is very high, and due to limited bandwidth between nprobe and ntopng, a large number of ZMQ drops are occurring.
2) Could these ZMQ drops be the cause of the issue mentioned above?
Debug Information:
The text was updated successfully, but these errors were encountered: