RE: [Ntop] New to Ntop. Need initial issues resolved.
Read docs/FAQ - there are articles on switched networks. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Hoss Sent: Thursday, August 11, 2005 11:19 AM To: Ntop Subject: [Ntop] New to Ntop. Need initial issues resolved. Hi, I have searched the archive and really haven't found a good answer to my simple question. I apologize if this question is a problem, but I have looked at all the available documents and haven't read an answer. Anyway, my question is this. I see that Ntop can run as a host, border gateway, or sniffer. I just want to analyze traffic on our switched 192 network and wanted to know what commands I have to enter at runtime to make ntop see all the traffice on the network, or do I have to put it on a box that is a gateway? Thanks in advance. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
RE: [Ntop] New to Ntop. Need initial issues resolved.
You don't have to do anythint with Ntop specifically for switched networks. Unless I misunderstood your question, the issue is one of general networking. Ntop can't report on traffic that it doesn't see -- and it wouldn't see all by default in a switched environment. Investigate network taps or even span ports. Andrew -Original Message- From: Jason Hoss [mailto:[EMAIL PROTECTED] Sent: Thursday, August 11, 2005 9:19 AM To: Ntop Subject: [Ntop] New to Ntop. Need initial issues resolved. Hi, I have searched the archive and really haven't found a good answer to my simple question. I apologize if this question is a problem, but I have looked at all the available documents and haven't read an answer. Anyway, my question is this. I see that Ntop can run as a host, border gateway, or sniffer. I just want to analyze traffic on our switched 192 network and wanted to know what commands I have to enter at runtime to make ntop see all the traffice on the network, or do I have to put it on a box that is a gateway? Thanks in advance. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to [EMAIL PROTECTED] - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
Re: [Ntop] New to Ntop. Need initial issues resolved.
I got the point and I know how switched networks work. This was more of a question about how NTop worked. I realize that if the traffic does not go by the port, it will not know it existed. I was just looking for a bit of help in the command line switching needed for border gateway operation is all. No problem... Burton Strauss wrote: You've missed the point - without configuring your network to send all the traffic to ntop, you won't see it. That's true of EVERY network tool. That's why I pointed you to the articles in docs/FAQ, which discuss how Ethernet works and how switched networks work. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Hoss Sent: Thursday, August 11, 2005 1:03 PM To: ntop@Unipi.IT Subject: Re: [Ntop] New to Ntop. Need initial issues resolved. That is what I thought but I wasn't sure if NTOP was just a passive monitoring tool or if it had some active features I was not aware of. I will keep looking. Thanks for the replies. Willy, Andrew wrote: You don't have to do anythint with Ntop specifically for switched networks. Unless I misunderstood your question, the issue is one of general networking. Ntop can't report on traffic that it doesn't see -- and it wouldn't see all by default in a switched environment. Investigate network taps or even span ports. Andrew -Original Message- From: Jason Hoss [mailto:[EMAIL PROTECTED] Sent: Thursday, August 11, 2005 9:19 AM To: Ntop Subject: [Ntop] New to Ntop. Need initial issues resolved. Hi, I have searched the archive and really haven't found a good answer to my simple question. I apologize if this question is a problem, but I have looked at all the available documents and haven't read an answer. Anyway, my question is this. I see that Ntop can run as a host, border gateway, or sniffer. I just want to analyze traffic on our switched 192 network and wanted to know what commands I have to enter at runtime to make ntop see all the traffice on the network, or do I have to put it on a box that is a gateway? Thanks in advance. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to [EMAIL PROTECTED] - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
RE: [Ntop] New to Ntop. Need initial issues resolved.
From docs/FAQ: Q. How do I use ntop in a switched network? A. First off, you need to be or have the support of your network administrator. (Yes, you can do something called ARP poisoning to - maybe - get the switch to send you all the traffic, but that's beyond this FAQ... STFW) Many switches (although not the USD$50 cheap workgroup units) have a special port or mode, where by all the traffic for the entire network gets copied out that port, in addition to the normal switch action. When you invoke the monitoring mode (called span, mirror, monitor, analysis, etc.), you are forcing the entire switch bandwidth out one port. This may exceed the bandwidth of the port. 100Mbps+100Mbps 100Mbps! Traffic that is being sent to the monitoring port in excess of the capacity of that port is usually dropped. It should NOT slow down the switch on other ports. Some switches have some buffering capability and it *may* be able to keep up with an occasional burst of traffic, as long as the average is below the port capacity and the buffer isn't exceeded. See, for example, http://www.cisco.com/warp/public/473/41.html#archXL. One list of switch manufacturers is the document is titled REFERENCE: Configuring a Switch to Monitor All Traffic from Elron Software. (The URL is long, do a Google search for site:elronsoftware.com wi6038). Etc. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Hoss Sent: Thursday, August 11, 2005 2:37 PM To: ntop@Unipi.IT Subject: Re: [Ntop] New to Ntop. Need initial issues resolved. I got the point and I know how switched networks work. This was more of a question about how NTop worked. I realize that if the traffic does not go by the port, it will not know it existed. I was just looking for a bit of help in the command line switching needed for border gateway operation is all. No problem... Burton Strauss wrote: You've missed the point - without configuring your network to send all the traffic to ntop, you won't see it. That's true of EVERY network tool. That's why I pointed you to the articles in docs/FAQ, which discuss how Ethernet works and how switched networks work. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Hoss Sent: Thursday, August 11, 2005 1:03 PM To: ntop@Unipi.IT Subject: Re: [Ntop] New to Ntop. Need initial issues resolved. That is what I thought but I wasn't sure if NTOP was just a passive monitoring tool or if it had some active features I was not aware of. I will keep looking. Thanks for the replies. Willy, Andrew wrote: You don't have to do anythint with Ntop specifically for switched networks. Unless I misunderstood your question, the issue is one of general networking. Ntop can't report on traffic that it doesn't see -- and it wouldn't see all by default in a switched environment. Investigate network taps or even span ports. Andrew -Original Message- From: Jason Hoss [mailto:[EMAIL PROTECTED] Sent: Thursday, August 11, 2005 9:19 AM To: Ntop Subject: [Ntop] New to Ntop. Need initial issues resolved. Hi, I have searched the archive and really haven't found a good answer to my simple question. I apologize if this question is a problem, but I have looked at all the available documents and haven't read an answer. Anyway, my question is this. I see that Ntop can run as a host, border gateway, or sniffer. I just want to analyze traffic on our switched 192 network and wanted to know what commands I have to enter at runtime to make ntop see all the traffice on the network, or do I have to put it on a box that is a gateway? Thanks in advance. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to [EMAIL PROTECTED] - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
Re: [Ntop] New to Ntop. Need initial issues resolved.
Thanks for the help. I appreciate it. Burton Strauss wrote: From docs/FAQ: Q. How do I use ntop in a switched network? A. First off, you need to be or have the support of your network administrator. (Yes, you can do something called ARP poisoning to - maybe - get the switch to send you all the traffic, but that's beyond this FAQ... STFW) Many switches (although not the USD$50 cheap workgroup units) have a special port or mode, where by all the traffic for the entire network gets copied out that port, in addition to the normal switch action. When you invoke the monitoring mode (called span, mirror, monitor, analysis, etc.), you are forcing the entire switch bandwidth out one port. This may exceed the bandwidth of the port. 100Mbps+100Mbps 100Mbps! Traffic that is being sent to the monitoring port in excess of the capacity of that port is usually dropped. It should NOT slow down the switch on other ports. Some switches have some buffering capability and it *may* be able to keep up with an occasional burst of traffic, as long as the average is below the port capacity and the buffer isn't exceeded. See, for example, http://www.cisco.com/warp/public/473/41.html#archXL. One list of switch manufacturers is the document is titled REFERENCE: Configuring a Switch to Monitor All Traffic from Elron Software. (The URL is long, do a Google search for site:elronsoftware.com wi6038). Etc. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Hoss Sent: Thursday, August 11, 2005 2:37 PM To: ntop@Unipi.IT Subject: Re: [Ntop] New to Ntop. Need initial issues resolved. I got the point and I know how switched networks work. This was more of a question about how NTop worked. I realize that if the traffic does not go by the port, it will not know it existed. I was just looking for a bit of help in the command line switching needed for border gateway operation is all. No problem... Burton Strauss wrote: You've missed the point - without configuring your network to send all the traffic to ntop, you won't see it. That's true of EVERY network tool. That's why I pointed you to the articles in docs/FAQ, which discuss how Ethernet works and how switched networks work. -Burton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Hoss Sent: Thursday, August 11, 2005 1:03 PM To: ntop@Unipi.IT Subject: Re: [Ntop] New to Ntop. Need initial issues resolved. That is what I thought but I wasn't sure if NTOP was just a passive monitoring tool or if it had some active features I was not aware of. I will keep looking. Thanks for the replies. Willy, Andrew wrote: You don't have to do anythint with Ntop specifically for switched networks. Unless I misunderstood your question, the issue is one of general networking. Ntop can't report on traffic that it doesn't see -- and it wouldn't see all by default in a switched environment. Investigate network taps or even span ports. Andrew -Original Message- From: Jason Hoss [mailto:[EMAIL PROTECTED] Sent: Thursday, August 11, 2005 9:19 AM To: Ntop Subject: [Ntop] New to Ntop. Need initial issues resolved. Hi, I have searched the archive and really haven't found a good answer to my simple question. I apologize if this question is a problem, but I have looked at all the available documents and haven't read an answer. Anyway, my question is this. I see that Ntop can run as a host, border gateway, or sniffer. I just want to analyze traffic on our switched 192 network and wanted to know what commands I have to enter at runtime to make ntop see all the traffice on the network, or do I have to put it on a box that is a gateway? Thanks in advance. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop NOTICE OF CONFIDENTIALITY-The information in this email, including attachments, may be confidential and/or privileged and may contain confidential health information. This email is intended to be reviewed only by the individual or organization named as addressee. If you have received this email in error please notify Scottsdale Medical Imaging, an affiliate of Southwest Diagnostic Imaging, LTD immediately - by return message to the sender or to [EMAIL PROTECTED] - and destroy all copies of this message and any attachments. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Scottsdale Medical Imaging. Confidential health information is protected by state and federal law, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 and related regulations. ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it
