I used:
tcpdump -i eth1 net 10.127
not /16 or /24
You think what if I'll use
tcpdump -i eth1 net 10.127.0.0/16
the results can be change?
Rivalino Matias Jr. ha scritto:
Just a doubt, in your CIDR notation for the tcpdump commmand line is it /24 or
/16 ?
Rivalino
-----Mensagem original-----
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nome de
[EMAIL PROTECTED]
Enviada em: quarta-feira, 16 de maio de 2007 10:14
Para: [EMAIL PROTECTED]
Assunto: [Ntop] Why for a subnet I see only a host and not all the
hosts?
Excuse in the preceding topic I wrote bad ip address.
I've installed an ntop3.2rc using the rpm ntop-3.2rc2_centos41-1 and
it's running on a linux server with OS centOS 4.4 and linux kernel
2.6.9-42.0.10.EL-i686.
I want see the host's traffic of a subnet who I can see with the eth1.
Using tcpdump I can see the different hosts of the subnet 10.127.0.0
/24
Using ntop in this way:
/usr/bin/ntop -P /usr/share/ntop -u ntop -i eth1 -d -B "net 10.127.0.0
/16" -m 10.127.0.0/16 --sticky-hosts
I can see only a little part of this hosts
For example if I see with the tcpdump the traffic of the host
10.127.11.14 with port 1050
10.127.10.20 with port 1080
10.127.14.25 with port 1090
10.127.12.34 with port 1120
using ntop I see only one host with the ports of the 4 different hosts
10.127.11.14 with port 1050, 1080, 1090, 1120
Why I see a traffic aggregate and not the details of the local traffic?
Naviga e telefona senza limiti con Tiscali
Scopri le promozioni Tiscali adsl: navighi e telefoni senza canone Telecom
http://abbonati.tiscali.it/adsl/
_______________________________________________
Ntop mailing list
Ntop@unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
Ntop@unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
Ntop@unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop