What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Netflow V9 (Custom) Channel Definition - Post NAT Address

Votes:

0

Hi,

How can I get Post NAT IPv4 Address from Netflow V9 (Custom) sensor ?

Here the output Template captured from wireshark: 

Frame 3432: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0
Ethernet II, Src: xxx, Dst: xxx
Internet Protocol Version 4, Src: xxx, Dst: xxx
User Datagram Protocol, Src Port: 2055, Dst Port: 2055
Cisco NetFlow/IPFIX
    Version: 9
    Count: 2
    SysUptime: 2340069.690000000 seconds
    Timestamp: xxx
    FlowSequence: 1761501
    SourceId: 0
    FlowSet 1 [id=0] (Data Template): 256,257
        FlowSet Id: Data Template (V9) (0)
        FlowSet Length: 200
        Template (Id = 256, Count = 24)
            Template Id: 256
            Field Count: 24
            Field (1/24): LAST_SWITCHED
            Field (2/24): FIRST_SWITCHED
            Field (3/24): PKTS
            Field (4/24): BYTES
            Field (5/24): INPUT_SNMP
            Field (6/24): OUTPUT_SNMP
            Field (7/24): IP_SRC_ADDR
            Field (8/24): IP_DST_ADDR
            Field (9/24): PROTOCOL
            Field (10/24): IP_TOS
            Field (11/24): L4_SRC_PORT
            Field (12/24): L4_DST_PORT
            Field (13/24): IP_NEXT_HOP
            Field (14/24): DST_MASK
            Field (15/24): SRC_MASK
            Field (16/24): TCP_FLAGS
            Field (17/24): DESTINATION_MAC
            Field (18/24): SRC_MAC
            Field (19/24): DST_MAC
            Field (20/24): SOURCE_MAC
            Field (21/24): postNATSourceIPv4Address
            Field (22/24): postNATDestinationIPv4Address
            Field (23/24): postNAPTSourceTransportPort
            Field (24/24): postNAPTDestinationTransportPort
        Template (Id = 257, Count = 23)


From the manual, I'm not able to find any valid field for channel definitions that match those item.

Thank you.

channel custom-sensor netflow-v9

Created on Sep 7, 2021 7:07:11 AM



2 Replies

Votes:

0

Sorry I cannot add and save old post (always get internal server error) so I post it here.

Hi,

How can I get Post NAT IPv4 Source Address (Type 225) and Post NAT IPv4 Destination Address (Type 226) from Netflow V9 (Custom) sensor ?

Here the output Template captured from wireshark: 

Frame 3432: 262 bytes on wire (2096 bits), 262 bytes captured (2096 bits) on interface 0
Ethernet II, Src: xxx, Dst: xxx
Internet Protocol Version 4, Src: xxx, Dst: xxx
User Datagram Protocol, Src Port: 2055, Dst Port: 2055
Cisco NetFlow/IPFIX
    Version: 9
    Count: 2
    SysUptime: 2340069.690000000 seconds
    Timestamp: xxx
    FlowSequence: 1761501
    SourceId: 0
    FlowSet 1 [id=0] (Data Template): 256,257
        FlowSet Id: Data Template (V9) (0)
        FlowSet Length: 200
        Template (Id = 256, Count = 24)
            Template Id: 256
            Field Count: 24
            Field (1/24): LAST_SWITCHED
            Field (2/24): FIRST_SWITCHED
            Field (3/24): PKTS
            Field (4/24): BYTES
            Field (5/24): INPUT_SNMP
            Field (6/24): OUTPUT_SNMP
            Field (7/24): IP_SRC_ADDR
            Field (8/24): IP_DST_ADDR
            Field (9/24): PROTOCOL
            Field (10/24): IP_TOS
            Field (11/24): L4_SRC_PORT
            Field (12/24): L4_DST_PORT
            Field (13/24): IP_NEXT_HOP
            Field (14/24): DST_MASK
            Field (15/24): SRC_MASK
            Field (16/24): TCP_FLAGS
            Field (17/24): DESTINATION_MAC
            Field (18/24): SRC_MAC
            Field (19/24): DST_MAC
            Field (20/24): SOURCE_MAC
            Field (21/24): postNATSourceIPv4Address
                Type: postNATSourceIPv4Address (225)
                Length: 4
            Field (22/24): postNATDestinationIPv4Address
                Type: postNATDestinationIPv4Address (226)
                Length: 4
            Field (23/24): postNAPTSourceTransportPort
            Field (24/24): postNAPTDestinationTransportPort
        Template (Id = 257, Count = 23)


From the manual, I'm not able to find any valid field for channel definition that match those types.

Perhaps a new field (generic) for manually defined field type ?

Thank you.

Created on Sep 8, 2021 1:35:14 AM



Votes:

0

Hey,

If you want to monitor source and destination IP addresses then we need to ask you to install a proxy in your network, as PRTG cannot monitor such information.

Created on Sep 8, 2021 11:23:40 AM by Marijan Horsky [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.