Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NTop: Misc

[nProbe] GeoIP ASNum and IPv6 Trafic

  

 
NTop misc RSS feed   Index | Next | Previous | View Threaded


Olivier.Beytrison at hefr

Jul 30, 2012, 10:29 PM

Post #1 of 4 (413 views)
Permalink
[nProbe] GeoIP ASNum and IPv6 Trafic
Hello,

I'm using nProbe to generate netFlow records from our dual internet
connexion. I use the GeoIP ASNum database to insert the AS numbers in the
flows. This works very well for all the NetFlow records for ipv4 trafic, but
the AS numbers are not added to the IPv6 flows.

I'm using nProbe version v.6.9.7 ($Revision: 2406 $)
The GeoIP files are correctly loaded at startup time
[util.c:293] GeoIP: loaded AS config file /usr/local/nprobe/GeoIPASNum.dat
[util.c:302] GeoIP: loaded AS IPv6 config file
/usr/local/nprobe/GeoIPASNumv6.dat

Any hints about this ?

Regards,
Olivier B.
--------------------------------------------------------------------
Olivier Beytrison
Administrateur Réseau & Sécurité
HES-SO Fribourg, Bd de Pérolles 80, 1705 Fribourg, Switzerland
Tél : +41 26 429 69 49 / Fax : +41 26 429 65 28
olivier.beytrison [at] hefr  http://www.hefr.ch
--------------------------------------------------------------------
Attachments: smime.p7s (5.53 KB)


deri at ntop

Aug 5, 2012, 12:27 AM

Post #2 of 4 (382 views)
Permalink
Re: [nProbe] GeoIP ASNum and IPv6 Trafic [In reply to]
Olivier
GeoIP has many limitations with IPv6 as its database is very small. I think this is the source of your problem

Luca

On Jul 31, 2012, at 7:29 AM, Beytrison Olivier <Olivier.Beytrison [at] hefr> wrote:

> Hello,
>
> I'm using nProbe to generate netFlow records from our dual internet
> connexion. I use the GeoIP ASNum database to insert the AS numbers in the
> flows. This works very well for all the NetFlow records for ipv4 trafic, but
> the AS numbers are not added to the IPv6 flows.
>
> I'm using nProbe version v.6.9.7 ($Revision: 2406 $)
> The GeoIP files are correctly loaded at startup time
> [util.c:293] GeoIP: loaded AS config file /usr/local/nprobe/GeoIPASNum.dat
> [util.c:302] GeoIP: loaded AS IPv6 config file
> /usr/local/nprobe/GeoIPASNumv6.dat
>
> Any hints about this ?
>
> Regards,
> Olivier B.
> --------------------------------------------------------------------
> Olivier Beytrison
> Administrateur Réseau & Sécurité
> HES-SO Fribourg, Bd de Pérolles 80, 1705 Fribourg, Switzerland
> Tél : +41 26 429 69 49 / Fax : +41 26 429 65 28
> olivier.beytrison [at] hefr http://www.hefr.ch
> --------------------------------------------------------------------
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


Olivier.Beytrison at hefr

Aug 5, 2012, 10:42 PM

Post #3 of 4 (378 views)
Permalink
Re: [nProbe] GeoIP ASNum and IPv6 Trafic [In reply to]
Hello,

I had a look to the CSV version of the latests GeoIPASNumv6 database and it
contains quite a lot of entries.

Moreover, I made a simple test using perl and Geo::IP and it successfully
lookup the AS for several IPv6 Addresses.

I didn't have a look to the nProbe code yet, but my config.h contains
#define HAVE_GEOIP_IPv6 1
The database is the latest available. The libgeoip version is 1.4.6 (could
update manually to 1.4.8, which is the latest available on maxmind.com).

But still, I think there's something wrong with the v6 lookup in nProbe.

Best regards,
Olivier B.
--------------------------------------------------------------------
Olivier Beytrison
Administrateur Réseau & Sécurité
HES-SO Fribourg, Bd de Pérolles 80, 1705 Fribourg, Switzerland
Tél : +41 26 429 69 49 / Fax : +41 26 429 65 28
olivier.beytrison [at] hefr  http://www.hefr.ch
--------------------------------------------------------------------


-----Original Message-----
From: ntop-misc-bounces [at] listgateway
[mailto:ntop-misc-bounces [at] listgateway] On Behalf Of Luca Deri
Sent: dimanche 5 août 2012 09:28
To: ntop-misc [at] listgateway
Subject: Re: [Ntop-misc] [nProbe] GeoIP ASNum and IPv6 Trafic

Olivier
GeoIP has many limitations with IPv6 as its database is very small. I think
this is the source of your problem

Luca

On Jul 31, 2012, at 7:29 AM, Beytrison Olivier <Olivier.Beytrison [at] hefr>
wrote:

> Hello,
>
> I'm using nProbe to generate netFlow records from our dual internet
> connexion. I use the GeoIP ASNum database to insert the AS numbers in
> the flows. This works very well for all the NetFlow records for ipv4
> trafic, but the AS numbers are not added to the IPv6 flows.
>
> I'm using nProbe version v.6.9.7 ($Revision: 2406 $) The GeoIP files
> are correctly loaded at startup time [util.c:293] GeoIP: loaded AS
> config file /usr/local/nprobe/GeoIPASNum.dat [util.c:302] GeoIP:
> loaded AS IPv6 config file /usr/local/nprobe/GeoIPASNumv6.dat
>
> Any hints about this ?
>
> Regards,
> Olivier B.
> --------------------------------------------------------------------
> Olivier Beytrison
> Administrateur Réseau & Sécurité
> HES-SO Fribourg, Bd de Pérolles 80, 1705 Fribourg, Switzerland Tél :
> +41 26 429 69 49 / Fax : +41 26 429 65 28 olivier.beytrison [at] hefr
> http://www.hefr.ch
> --------------------------------------------------------------------
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Attachments: smime.p7s (5.53 KB)


Olivier.Beytrison at hefr

Aug 6, 2012, 12:26 AM

Post #4 of 4 (389 views)
Permalink
Re: [nProbe] GeoIP ASNum and IPv6 Trafic [In reply to]
Hello,

After upgrading to the GeoIP CAPI version 1.4.8, the AS are correctly
inserted in the flow records.

Best regards,
Olivier B.
-----Original Message-----
From: ntop-misc-bounces [at] listgateway
[mailto:ntop-misc-bounces [at] listgateway] On Behalf Of Beytrison
Olivier
Sent: lundi 6 août 2012 07:43
To: ntop-misc [at] listgateway
Subject: Re: [Ntop-misc] [nProbe] GeoIP ASNum and IPv6 Trafic

Hello,

I had a look to the CSV version of the latests GeoIPASNumv6 database and it
contains quite a lot of entries.

Moreover, I made a simple test using perl and Geo::IP and it successfully
lookup the AS for several IPv6 Addresses.

I didn't have a look to the nProbe code yet, but my config.h contains
#define HAVE_GEOIP_IPv6 1 The database is the latest available. The libgeoip
version is 1.4.6 (could update manually to 1.4.8, which is the latest
available on maxmind.com).

But still, I think there's something wrong with the v6 lookup in nProbe.

Best regards,
Olivier B.

-----Original Message-----
From: ntop-misc-bounces [at] listgateway
[mailto:ntop-misc-bounces [at] listgateway] On Behalf Of Luca Deri
Sent: dimanche 5 août 2012 09:28
To: ntop-misc [at] listgateway
Subject: Re: [Ntop-misc] [nProbe] GeoIP ASNum and IPv6 Trafic

Olivier
GeoIP has many limitations with IPv6 as its database is very small. I think
this is the source of your problem

Luca

On Jul 31, 2012, at 7:29 AM, Beytrison Olivier <Olivier.Beytrison [at] hefr>
wrote:

> Hello,
>
> I'm using nProbe to generate netFlow records from our dual internet
> connexion. I use the GeoIP ASNum database to insert the AS numbers in
> the flows. This works very well for all the NetFlow records for ipv4
> trafic, but the AS numbers are not added to the IPv6 flows.
>
> I'm using nProbe version v.6.9.7 ($Revision: 2406 $) The GeoIP files
> are correctly loaded at startup time [util.c:293] GeoIP: loaded AS
> config file /usr/local/nprobe/GeoIPASNum.dat [util.c:302] GeoIP:
> loaded AS IPv6 config file /usr/local/nprobe/GeoIPASNumv6.dat
>
> Any hints about this ?
>
> Regards,
> Olivier B.
> --------------------------------------------------------------------
> Olivier Beytrison
> Administrateur Réseau & Sécurité
> HES-SO Fribourg, Bd de Pérolles 80, 1705 Fribourg, Switzerland Tél :
> +41 26 429 69 49 / Fax : +41 26 429 65 28 olivier.beytrison [at] hefr
> http://www.hefr.ch
> --------------------------------------------------------------------
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Attachments: smime.p7s (5.53 KB)

NTop misc RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.