[Ntop-dev] New ntop commit (author deri)
Update of /export/home/ntop/ntop/plugins In directory unknown:/tmp/cvs-serv25896/plugins Modified Files: rrdPlugin.c rrdPlugin.h Log Message: Added ability to modify throughtput granularity ___ Ntop-dev mailing list Ntop-dev@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-dev
RE: [Ntop-dev] BUG: build on FC4
Read my reply earlier in this thread - it seems to be some sort of optimization issue - ntop 3.1 works ok w/o -O2. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Randy Gordey Sent: Wednesday, August 10, 2005 2:55 PM To: ntop-dev@Unipi.IT Subject: RE: [Ntop-dev] BUG: build on FC4 It seems Fedora Core 4 gcc 4.0.1 is breaking a few packages. With released ntop-3.1.tgz source... I installed compat-gcc-32 rpm with yum. I now just needed to tell configure to use gcc 3.2.. [EMAIL PROTECTED]/configure CC=gcc32 ... [EMAIL PROTECTED] ... [EMAIL PROTECTED] install ... And I now have a working ntop binary for Fedora Core 4. I still don't really know what is actually broken with gcc 4.0.1. Regardless, I hope this helps. --rgordey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss Sent: Wednesday, August 03, 2005 7:40 PM To: ntop-dev@Unipi.IT Subject: RE: [Ntop-dev] BUG: build on FC4 Well, if Sarge w/ 2.95 gcc was mis-optimizing a line that wouldn't be the biggest surprise in the universe, now would it? That won't be the same for FC4 w/ gcc 3.3 or 3.4, though... I guess you could copy the memset() from main() in the cvs into 3.1 and give that a try. It would at least initialize the fool thing and couldn't hurt. But w/o some way to make it fail, I'm going to focus on the cvs (3.2). -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ola Lundqvist Sent: Wednesday, August 03, 2005 5:09 PM To: ntop-dev@Unipi.IT Subject: Re: [Ntop-dev] BUG: build on FC4 Hello I have got the same problem (on the same function InitDev) on Debian. The solution to by problem was compiling it from cvs and it worked much better. It is the reason why 3.1 version never got into the stable release. I debugged it down to an exact line but it must be some compiler issue or optimization issue as everything looked good in ddd until a very normal line (an usual assignment) and it broke. So I hope for the 3.2 version so I can release that for Debian (not sarge though). :) Regards // Ola On Mon, Aug 01, 2005 at 05:03:08PM -0400, Randy Gordey wrote: [EMAIL PROTECTED] ~]# gdb ntop GNU gdb Red Hat Linux (6.3.0.0-1.21rh) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i386-redhat-linux-gnu...(no debugging symbols found) Using host libthread_db library /lib/libthread_db.so.1. (gdb) set args -u root -K (gdb) run Starting program: /usr/bin/ntop -u root -K Reading symbols from shared object read from target memory...(no debugging symbols found)...done. Loaded system supplied DSO at 0x50f000 (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread -1208526368 (LWP 30948)] (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) Mon Aug 1 16:58:16 2005 Initializing gdbm databases Mon Aug 1 16:58:16 2005 ntop v.3.1 (Dag Apt RPM Repository) MT (SSL) Mon Aug 1 16:58:16 2005 Configured on Jul 26 2005 7:39:51, built on Jul 26 2005 07:41:59. Mon Aug 1 16:58:16 2005 Copyright 1998-2004 by Luca Deri [EMAIL PROTECTED] Mon Aug 1 16:58:16 2005 Get the freshest ntop from http://www.ntop.org/ Mon Aug 1 16:58:16 2005 Initializing ntop *** buffer overflow detected ***: /usr/bin/ntop terminated (no debugging symbols found) === Backtrace: = /lib/libc.so.6(__chk_fail+0x41)[0x7d0565] /usr/lib/libntop-3.1.so(initDevices+0x29d)[0xf8b474] /usr/lib/libntop-3.1.so(initNtop+0x33e)[0xf81e47] /usr/bin/ntop[0x804aaa5] /lib/libc.so.6(__libc_start_main+0xc6)[0x706de6] /usr/bin/ntop[0x8049bb1] === Memory map: 00111000-00209000 r-xp fd:00 1556499/lib/libcrypto.so.0.9.7f 00209000-0021b000 rwxp 000f8000
[Ntop] Can't get NTOP to start on Trustix 3.0
Hello list, I've recently compiled and installed NTOP 3.1 on a Trustix 3.0 box. I'm running the latest Shorewall (v2.5.0) as well. When I start NTOP, I get the following in my /var/log/messages: Aug 11 10:15:22 arcturus ntop[28276]: ntop v.3.1 MT (SSL) Aug 11 10:15:22 arcturus ntop[28276]: Configured on Aug 11 2005 9:32:40, built on Aug 11 2005 09:48:59. Aug 11 10:15:22 arcturus ntop[28276]: Copyright 1998-2004 by Luca Deri [EMAIL PROTECTED] Aug 11 10:15:22 arcturus ntop[28276]: Get the freshest ntop from http://www.ntop.org/ Aug 11 10:15:22 arcturus ntop[28276]: Initializing ntop Aug 11 10:15:22 arcturus kernel: eth0: Setting promiscuous mode. Aug 11 10:15:22 arcturus kernel: device eth0 entered promiscuous mode Aug 11 10:15:22 arcturus ntop[28276]: Checking eth0 for additional devices Aug 11 10:15:22 arcturus ntop[28276]: Resetting traffic statistics for device eth0 Aug 11 10:15:22 arcturus ntop[28276]: DLT: Device 0 [eth0] is 1, mtu 1514, header 14 Aug 11 10:15:22 arcturus kernel: eth1: Setting promiscuous mode. Aug 11 10:15:22 arcturus kernel: device eth1 entered promiscuous mode Aug 11 10:15:22 arcturus ntop[28276]: Checking eth1 for additional devices Aug 11 10:15:22 arcturus ntop[28276]: Resetting traffic statistics for device eth1 Aug 11 10:15:22 arcturus ntop[28276]: DLT: Device 1 [eth1] is 1, mtu 1514, header 14 Aug 11 10:15:22 arcturus kernel: eth2: Setting promiscuous mode. Aug 11 10:15:22 arcturus kernel: device eth2 entered promiscuous mode Aug 11 10:15:22 arcturus ntop[28276]: Checking eth2 for additional devices Aug 11 10:15:22 arcturus ntop[28276]: Resetting traffic statistics for device eth2 Aug 11 10:15:22 arcturus ntop[28276]: DLT: Device 2 [eth2] is 1, mtu 1514, header 14 Aug 11 10:15:22 arcturus ntop[28276]: Initializing gdbm databases Aug 11 10:15:22 arcturus ntop[28276]: VENDOR: Loading MAC address table. Aug 11 10:15:22 arcturus ntop[28276]: VENDOR: Checking for MAC address table file Aug 11 10:15:22 arcturus ntop[28276]: VENDOR: File './specialMAC.txt.gz' does not need to be reloaded Aug 11 10:15:22 arcturus ntop[28276]: VENDOR: ntop continues ok Aug 11 10:15:22 arcturus ntop[28276]: VENDOR: Checking for MAC address table file Aug 11 10:15:22 arcturus ntop[28276]: VENDOR: File './oui.txt.gz' does not need to be reloaded Aug 11 10:15:22 arcturus ntop[28276]: VENDOR: ntop continues ok Aug 11 10:15:22 arcturus ntop[28276]: Fingeprint: Loading signature file. Aug 11 10:15:22 arcturus ntop[28276]: Fingeprint: ...loaded 1697 records Aug 11 10:15:22 arcturus ntop[28277]: INIT: Bye bye: I'm becoming a daemon... Aug 11 10:15:22 arcturus ntop[28276]: INIT: Parent process is exiting (this is normal) Aug 11 10:15:22 arcturus ntop[28277]: Now running as a daemon Aug 11 10:15:22 arcturus ntop[28277]: ASN: Checking for Autonomous System Number table file Aug 11 10:15:22 arcturus ntop[28277]: **WARNING** ASN: Unable to open file 'AS-list.txt' Aug 11 10:15:22 arcturus ntop[28277]: I18N: This instance of ntop does not support multiple languages Aug 11 10:15:22 arcturus ntop[28277]: IP2CC: Checking for IP address - Country Code mapping file Aug 11 10:15:22 arcturus ntop[28277]: IP2CC: Loading file '/usr/local/etc/ntop/p2c.opt.table.gz' Aug 11 10:15:23 arcturus ntop[28277]: IP2CC: ...found 52395 lines Aug 11 10:15:23 arcturus ntop[28277]: GDVERCHK: Guessing at libgd version Aug 11 10:15:23 arcturus ntop[28277]: GDVERCHK: ... as 2.0.21+ Aug 11 10:15:23 arcturus ntop[28277]: Initializing external applications Aug 11 10:15:23 arcturus ntop[28277]: THREADMGMT: Started thread (-1237148720) for network packet analyser Aug 11 10:15:23 arcturus ntop[28277]: THREADMGMT: Started thread (-1245537328) for fingerprinting Aug 11 10:15:23 arcturus ntop[28277]: THREADMGMT: Started thread (-1253925936) for idle hosts detection Aug 11 10:15:23 arcturus ntop[28277]: THREADMGMT: Started thread (-1262314544) for DNS address resolution Aug 11 10:15:23 arcturus ntop[28277]: Calling plugin start functions (if any) Aug 11 10:15:23 arcturus ntop[28277]: SSL: Initializing... Aug 11 10:15:23 arcturus ntop[28277]: SSL_PRNG: Automatically initialized! Aug 11 10:15:23 arcturus ntop[28277]: SSL initialized successfully Aug 11 10:15:23 arcturus ntop[28277]: INITWEB: Initializing web server Aug 11 10:15:23 arcturus ntop[28277]: INITWEB: Initializing tcp/ip socket connections for web server Aug 11 10:15:24 arcturus ntop[28277]: **FATAL_ERROR** INITWEB: Unable to create a new socket - returned 0, error is 'Success'(0) Aug 11 10:15:24 arcturus kernel: device eth0 left promiscuous mode Aug 11 10:15:24 arcturus kernel: device eth1 left promiscuous mode Aug 11 10:15:24 arcturus kernel: device eth2 left promiscuous mode I'm not sure what's going on here, as the error it gets during INITWEB appears to be Success but it is still bombing out. Can anyone point me in the right direction as to why it would not be able to create a socket? Thanks.
Re: [Ntop] ntop and netflow v9
William, v9 support on 3.1 had bugs. In the current CVS it should work. If you experience problems please capture some packets containing flows using ethereal and mail them to me so that I can see what's wrong. Cheers, Luca William Wollman wrote: I am getting the following error messages when using cisco's netflow v9 with ntop any ideas on what may be causing this? TIA, Bill W. Wed 10 Aug 2005 10:44:19 AM EDT THREADMGMT: netFlow thread(-241136720) started Wed 10 Aug 2005 10:44:54 AM EDT **WARNING** NETFLOW: Truncated network size(device NetFlow-device.2) to 1024 hosts(real netmask 255.255.0.0). Wed 10 Aug 2005 10:53:31 AM EDT **WARNING** Template 23 has wrong size [actual=50492/expected=584]: skipped Wed 10 Aug 2005 11:03:32 AM EDT **WARNING** Template 33 has wrong size [actual=50492/expected=11936]: skipped ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop -- Luca Deri [EMAIL PROTECTED] http://luca.ntop.org/ skype://lucaderi Hacker: someone who loves to program and enjoys being clever about it - Richard Stallman ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
[Ntop] New to Ntop. Need initial issues resolved.
Hi, I have searched the archive and really haven't found a good answer to my simple question. I apologize if this question is a problem, but I have looked at all the available documents and haven't read an answer. Anyway, my question is this. I see that Ntop can run as a host, border gateway, or sniffer. I just want to analyze traffic on our switched 192 network and wanted to know what commands I have to enter at runtime to make ntop see all the traffice on the network, or do I have to put it on a box that is a gateway? Thanks in advance. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
RE: [Ntop] New to Ntop. Need initial issues resolved.
Read docs/FAQ - there are articles on switched networks. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Hoss Sent: Thursday, August 11, 2005 11:19 AM To: Ntop Subject: [Ntop] New to Ntop. Need initial issues resolved. Hi, I have searched the archive and really haven't found a good answer to my simple question. I apologize if this question is a problem, but I have looked at all the available documents and haven't read an answer. Anyway, my question is this. I see that Ntop can run as a host, border gateway, or sniffer. I just want to analyze traffic on our switched 192 network and wanted to know what commands I have to enter at runtime to make ntop see all the traffice on the network, or do I have to put it on a box that is a gateway? Thanks in advance. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
RE: [Ntop] New to Ntop. Need initial issues resolved.
You don't have to do anythint with Ntop specifically for switched networks. Unless I misunderstood your question, the issue is one of general networking. Ntop can't report on traffic that it doesn't see -- and it wouldn't see all by default in a switched environment. Investigate network taps or even span ports. Andrew -Original Message- From: Jason Hoss [mailto:[EMAIL PROTECTED] Sent: Thursday, August 11, 2005 9:19 AM To: Ntop Subject: [Ntop] New to Ntop. Need initial issues resolved. Hi, I have searched the archive and really haven't found a good answer to my simple question. I apologize if this question is a problem, but I have looked at all the available documents and haven't read an answer. Anyway, my question is this. I see that Ntop can run as a host, border gateway, or sniffer. I just want to analyze traffic on our switched 192 network and wanted to know what commands I have to enter at runtime to make ntop see all the traffice on the network, or do I have to put it on a box that is a gateway? Thanks in advance. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to [EMAIL PROTECTED] - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
RE: [Ntop] AS numbers on nTOP
Give it the file -- at the end of 'make install', ntop tells you how to install the AS file. Do be aware that the one supplied with ntop is out of date and yet the data file you create via the script (also through make) to recreate it is worse - check the back traffic for 'AfriNIC' about this. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Diego de Oliveira Sent: Wednesday, August 10, 2005 3:55 PM To: ntop@Unipi.IT Subject: [Ntop] AS numbers on nTOP Hi Folk, How can I setting up ntop to shown me the AS numbers ?? Regards, ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
Re: [Ntop] New to Ntop. Need initial issues resolved.
I got the point and I know how switched networks work. This was more of a question about how NTop worked. I realize that if the traffic does not go by the port, it will not know it existed. I was just looking for a bit of help in the command line switching needed for border gateway operation is all. No problem... Burton Strauss wrote: You've missed the point - without configuring your network to send all the traffic to ntop, you won't see it. That's true of EVERY network tool. That's why I pointed you to the articles in docs/FAQ, which discuss how Ethernet works and how switched networks work. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Hoss Sent: Thursday, August 11, 2005 1:03 PM To: ntop@Unipi.IT Subject: Re: [Ntop] New to Ntop. Need initial issues resolved. That is what I thought but I wasn't sure if NTOP was just a passive monitoring tool or if it had some active features I was not aware of. I will keep looking. Thanks for the replies. Willy, Andrew wrote: You don't have to do anythint with Ntop specifically for switched networks. Unless I misunderstood your question, the issue is one of general networking. Ntop can't report on traffic that it doesn't see -- and it wouldn't see all by default in a switched environment. Investigate network taps or even span ports. Andrew -Original Message- From: Jason Hoss [mailto:[EMAIL PROTECTED] Sent: Thursday, August 11, 2005 9:19 AM To: Ntop Subject: [Ntop] New to Ntop. Need initial issues resolved. Hi, I have searched the archive and really haven't found a good answer to my simple question. I apologize if this question is a problem, but I have looked at all the available documents and haven't read an answer. Anyway, my question is this. I see that Ntop can run as a host, border gateway, or sniffer. I just want to analyze traffic on our switched 192 network and wanted to know what commands I have to enter at runtime to make ntop see all the traffice on the network, or do I have to put it on a box that is a gateway? Thanks in advance. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to [EMAIL PROTECTED] - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
RE: [Ntop] New to Ntop. Need initial issues resolved.
From docs/FAQ: Q. How do I use ntop in a switched network? A. First off, you need to be or have the support of your network administrator. (Yes, you can do something called ARP poisoning to - maybe - get the switch to send you all the traffic, but that's beyond this FAQ... STFW) Many switches (although not the USD$50 cheap workgroup units) have a special port or mode, where by all the traffic for the entire network gets copied out that port, in addition to the normal switch action. When you invoke the monitoring mode (called span, mirror, monitor, analysis, etc.), you are forcing the entire switch bandwidth out one port. This may exceed the bandwidth of the port. 100Mbps+100Mbps 100Mbps! Traffic that is being sent to the monitoring port in excess of the capacity of that port is usually dropped. It should NOT slow down the switch on other ports. Some switches have some buffering capability and it *may* be able to keep up with an occasional burst of traffic, as long as the average is below the port capacity and the buffer isn't exceeded. See, for example, http://www.cisco.com/warp/public/473/41.html#archXL. One list of switch manufacturers is the document is titled REFERENCE: Configuring a Switch to Monitor All Traffic from Elron Software. (The URL is long, do a Google search for site:elronsoftware.com wi6038). Etc. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Hoss Sent: Thursday, August 11, 2005 2:37 PM To: ntop@Unipi.IT Subject: Re: [Ntop] New to Ntop. Need initial issues resolved. I got the point and I know how switched networks work. This was more of a question about how NTop worked. I realize that if the traffic does not go by the port, it will not know it existed. I was just looking for a bit of help in the command line switching needed for border gateway operation is all. No problem... Burton Strauss wrote: You've missed the point - without configuring your network to send all the traffic to ntop, you won't see it. That's true of EVERY network tool. That's why I pointed you to the articles in docs/FAQ, which discuss how Ethernet works and how switched networks work. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Hoss Sent: Thursday, August 11, 2005 1:03 PM To: ntop@Unipi.IT Subject: Re: [Ntop] New to Ntop. Need initial issues resolved. That is what I thought but I wasn't sure if NTOP was just a passive monitoring tool or if it had some active features I was not aware of. I will keep looking. Thanks for the replies. Willy, Andrew wrote: You don't have to do anythint with Ntop specifically for switched networks. Unless I misunderstood your question, the issue is one of general networking. Ntop can't report on traffic that it doesn't see -- and it wouldn't see all by default in a switched environment. Investigate network taps or even span ports. Andrew -Original Message- From: Jason Hoss [mailto:[EMAIL PROTECTED] Sent: Thursday, August 11, 2005 9:19 AM To: Ntop Subject: [Ntop] New to Ntop. Need initial issues resolved. Hi, I have searched the archive and really haven't found a good answer to my simple question. I apologize if this question is a problem, but I have looked at all the available documents and haven't read an answer. Anyway, my question is this. I see that Ntop can run as a host, border gateway, or sniffer. I just want to analyze traffic on our switched 192 network and wanted to know what commands I have to enter at runtime to make ntop see all the traffice on the network, or do I have to put it on a box that is a gateway? Thanks in advance. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to [EMAIL PROTECTED] - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
Re: [Ntop] New to Ntop. Need initial issues resolved.
Thanks for the help. I appreciate it. Burton Strauss wrote: From docs/FAQ: Q. How do I use ntop in a switched network? A. First off, you need to be or have the support of your network administrator. (Yes, you can do something called ARP poisoning to - maybe - get the switch to send you all the traffic, but that's beyond this FAQ... STFW) Many switches (although not the USD$50 cheap workgroup units) have a special port or mode, where by all the traffic for the entire network gets copied out that port, in addition to the normal switch action. When you invoke the monitoring mode (called span, mirror, monitor, analysis, etc.), you are forcing the entire switch bandwidth out one port. This may exceed the bandwidth of the port. 100Mbps+100Mbps 100Mbps! Traffic that is being sent to the monitoring port in excess of the capacity of that port is usually dropped. It should NOT slow down the switch on other ports. Some switches have some buffering capability and it *may* be able to keep up with an occasional burst of traffic, as long as the average is below the port capacity and the buffer isn't exceeded. See, for example, http://www.cisco.com/warp/public/473/41.html#archXL. One list of switch manufacturers is the document is titled REFERENCE: Configuring a Switch to Monitor All Traffic from Elron Software. (The URL is long, do a Google search for site:elronsoftware.com wi6038). Etc. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Hoss Sent: Thursday, August 11, 2005 2:37 PM To: ntop@Unipi.IT Subject: Re: [Ntop] New to Ntop. Need initial issues resolved. I got the point and I know how switched networks work. This was more of a question about how NTop worked. I realize that if the traffic does not go by the port, it will not know it existed. I was just looking for a bit of help in the command line switching needed for border gateway operation is all. No problem... Burton Strauss wrote: You've missed the point - without configuring your network to send all the traffic to ntop, you won't see it. That's true of EVERY network tool. That's why I pointed you to the articles in docs/FAQ, which discuss how Ethernet works and how switched networks work. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Hoss Sent: Thursday, August 11, 2005 1:03 PM To: ntop@Unipi.IT Subject: Re: [Ntop] New to Ntop. Need initial issues resolved. That is what I thought but I wasn't sure if NTOP was just a passive monitoring tool or if it had some active features I was not aware of. I will keep looking. Thanks for the replies. Willy, Andrew wrote: You don't have to do anythint with Ntop specifically for switched networks. Unless I misunderstood your question, the issue is one of general networking. Ntop can't report on traffic that it doesn't see -- and it wouldn't see all by default in a switched environment. Investigate network taps or even span ports. Andrew -Original Message- From: Jason Hoss [mailto:[EMAIL PROTECTED] Sent: Thursday, August 11, 2005 9:19 AM To: Ntop Subject: [Ntop] New to Ntop. Need initial issues resolved. Hi, I have searched the archive and really haven't found a good answer to my simple question. I apologize if this question is a problem, but I have looked at all the available documents and haven't read an answer. Anyway, my question is this. I see that Ntop can run as a host, border gateway, or sniffer. I just want to analyze traffic on our switched 192 network and wanted to know what commands I have to enter at runtime to make ntop see all the traffice on the network, or do I have to put it on a box that is a gateway? Thanks in advance. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to [EMAIL PROTECTED] - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ___ Ntop mailing list Ntop@unipi.it
RE: [Ntop] Can't get NTOP to start on Trustix 3.0
At this stage in the release cycle, I'm not going to support 3.1 code changes. There are other places where the same issue has been fixed, and I'm not going to play chase the code remotely. Use the cvs ... It takes a minute or two to download, the rest of the cycle (./configure, make and make install) is the same. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Preston Kutzner Sent: Thursday, August 11, 2005 4:55 PM To: ntop@Unipi.IT Subject: Re: [Ntop] Can't get NTOP to start on Trustix 3.0 Burton Strauss wrote: Socket zero is ugly. In olden times, some calls used zero as an error return. It's actually legal, but some OSes avoid it and others allow it. There are still some places in the code where we erroneously test for 0 vs. =0. It's been fixed in the cvs, the test is now (*sock 0). (webInterface.c around line 8220) -Burton snip / ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
