Dear, Thanks for the reply. The traffic is delivered to NtopNg with WAN port mirroring. But what I do not understand is why is the NopNG web interface, in the flow, the link to the server is the real IP address of the client, and the link is server name !
Is there some debug/trace level that I could activated. Thanks. Christophe. De : ntop-boun...@listgateway.unipi.it <ntop-boun...@listgateway.unipi.it> De la part de Simone Mainardi Envoyé : jeudi 23 janvier 2020 15:10 À : n...@unipi.it Cc : ntop@listgateway.unipi.it Objet : Re: [Ntop] Client/Server hostname/IP Mismatch Please, Explain how to reproduce and how you are delivering traffic to ntopng. It could be that the first SYN packet of the flow hasn't been seen - indeed, I don't see any SYN in the server -> client TCP flags - so ntopng has been tricked into thinking the server (who actually responded with a SYN+ACK) is the client. This happens because a new flow gets it client and server assigned depending on the first seen packet. Simone On 22 Jan 2020, at 11:11, Christophe Gierski <c.gier...@traxens.com<mailto:c.gier...@traxens.com>> wrote: Dear all, I have installed NTopNG 3.8.200120 - Enterprise Edition on Ubuntu 18.04.2 LTS And It seems there is error as the flow display information between same machine and seems to invert Client/Server. <image003.png> Thx & Rgds, Christophe. _______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it<mailto:Ntop@listgateway.unipi.it> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
