Hi everyone, Starting with ntopng, I have a small issue initially setting it up.
I use port mirroring on a switch to replicate all ports to port 5 where a dedicated ntopng interface 'listens' (Official package on raspbian 10). On that same switch I have my Internet gateway (Unifi USG3P) connected to port 1. This same device also acts as a DHCP/DNS server. When mirroring all ports BUT port 1, I receive alerts about thousands of DNS queries not being answered. I did confirm that with a pcap dump. So I went and started to mirror port 1 along with others, and the missing traffic (DNS replies) started to be collected. The issue is that with that configuration, all flows are listed twice in ntop. Internal hosts are showing normally and with "@1" at the end of the hostname. Is there a way for ntop to discard this duplicated traffic in the accounting of ntopng? It makes sense to me that it is detected as a host's traffic will be seen on its own switch port and then in many cases on port 1. Many thanks.
_______________________________________________ Ntop mailing list Ntop@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
