Hi,
How can I get Post NAT IPv4 Address from Netflow V9 (Custom) sensor ?
Here the output Template captured from wireshark:
Frame 3432: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0
Ethernet II, Src: xxx, Dst: xxx
Internet Protocol Version 4, Src: xxx, Dst: xxx
User Datagram Protocol, Src Port: 2055, Dst Port: 2055
Cisco NetFlow/IPFIX
Version: 9
Count: 2
SysUptime: 2340069.690000000 seconds
Timestamp: xxx
FlowSequence: 1761501
SourceId: 0
FlowSet 1 [id=0] (Data Template): 256,257
FlowSet Id: Data Template (V9) (0)
FlowSet Length: 200
Template (Id = 256, Count = 24)
Template Id: 256
Field Count: 24
Field (1/24): LAST_SWITCHED
Field (2/24): FIRST_SWITCHED
Field (3/24): PKTS
Field (4/24): BYTES
Field (5/24): INPUT_SNMP
Field (6/24): OUTPUT_SNMP
Field (7/24): IP_SRC_ADDR
Field (8/24): IP_DST_ADDR
Field (9/24): PROTOCOL
Field (10/24): IP_TOS
Field (11/24): L4_SRC_PORT
Field (12/24): L4_DST_PORT
Field (13/24): IP_NEXT_HOP
Field (14/24): DST_MASK
Field (15/24): SRC_MASK
Field (16/24): TCP_FLAGS
Field (17/24): DESTINATION_MAC
Field (18/24): SRC_MAC
Field (19/24): DST_MAC
Field (20/24): SOURCE_MAC
Field (21/24): postNATSourceIPv4Address
Field (22/24): postNATDestinationIPv4Address
Field (23/24): postNAPTSourceTransportPort
Field (24/24): postNAPTDestinationTransportPort
Template (Id = 257, Count = 23)
From the manual, I'm not able to find any valid field for channel definitions that match those item.
Thank you.
Article Comments
Hey,
If you want to monitor source and destination IP addresses then we need to ask you to install a proxy in your network, as PRTG cannot monitor such information.
Sep, 2021 - Permalink
Sorry I cannot add and save old post (always get internal server error) so I post it here.
Hi,
How can I get Post NAT IPv4 Source Address (Type 225) and Post NAT IPv4 Destination Address (Type 226) from Netflow V9 (Custom) sensor ?
Here the output Template captured from wireshark:
Frame 3432: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0 Ethernet II, Src: xxx, Dst: xxx Internet Protocol Version 4, Src: xxx, Dst: xxx User Datagram Protocol, Src Port: 2055, Dst Port: 2055 Cisco NetFlow/IPFIX Version: 9 Count: 2 SysUptime: 2340069.690000000 seconds Timestamp: xxx FlowSequence: 1761501 SourceId: 0 FlowSet 1 [id=0] (Data Template): 256,257 FlowSet Id: Data Template (V9) (0) FlowSet Length: 200 Template (Id = 256, Count = 24) Template Id: 256 Field Count: 24 Field (1/24): LAST_SWITCHED Field (2/24): FIRST_SWITCHED Field (3/24): PKTS Field (4/24): BYTES Field (5/24): INPUT_SNMP Field (6/24): OUTPUT_SNMP Field (7/24): IP_SRC_ADDR Field (8/24): IP_DST_ADDR Field (9/24): PROTOCOL Field (10/24): IP_TOS Field (11/24): L4_SRC_PORT Field (12/24): L4_DST_PORT Field (13/24): IP_NEXT_HOP Field (14/24): DST_MASK Field (15/24): SRC_MASK Field (16/24): TCP_FLAGS Field (17/24): DESTINATION_MAC Field (18/24): SRC_MAC Field (19/24): DST_MAC Field (20/24): SOURCE_MAC Field (21/24): postNATSourceIPv4Address Type: postNATSourceIPv4Address (225) Length: 4 Field (22/24): postNATDestinationIPv4Address Type: postNATDestinationIPv4Address (226) Length: 4 Field (23/24): postNAPTSourceTransportPort Field (24/24): postNAPTDestinationTransportPort Template (Id = 257, Count = 23)From the manual, I'm not able to find any valid field for channel definition that match those types.
Perhaps a new field (generic) for manually defined field type ?
Thank you.
Sep, 2021 - Permalink