In Ntop's man page, we have :
ntop [EMAIL PROTECTED] [-a|--access-log-path
<path>] [-b|--disable-decoders] [-c|--sticky-hosts]
[-f|--traffic-dump-file file>]
[-g|--track-local-hosts]
[-h|--help] [-k|--filter-_expression_-in-extra-frame]
[-l|--pcap-log <path>] [-m|--local-subnets
<addresses>] [-n|--numeric-ip-addresses]
[-o|--no-mac] [-p|--protocols <list>] [-q|--create-suspicious-packets]
[-r|--refresh-time
<number>] [-s|--no-promiscuous]
[-t|--trace-level <number>] [-w|--http-server <port>]
[-z|--disable-sessions] [-A|--set-admin-
password password]
[-B|--filter-_expression_ _expression_] [-C|--large-network]
[-D|--domain <name>] [-F|--flow-spec <specs>]
[-M|--no-interface-merge] [-O|----output-packet-path]
[-P|--db-file-path <path>] [-R|--filter-rule <file>] <number>]
[-U|--mapper
<URL>] [-V|--version]
[--throughput-bar-chart] [--dynamic-purge-limits] [--reuse-rrd-graphics]
[--p3p-cp] [--p3p-uri] [--disable-
stopcap]
and then a description of every option individually.
Every ? No ! At least on my Ntop 2.2, there is no description for [-R|--filter-rule
<file>] <number>].
Neither is there in http://www.ntop.org/ntop-man.html...
Another question : I need to set a different pcap filter on each interface.
How can I do that (in the man, nothing makes me think that -B would handle
such a thing) ?
If the answer is "you can't", maybe you guys will have an idea about
how to solve my problem :
I have a WAN with 4 remote sites. The traffic arrives
at my site on an (operator) router, and then goes into a switch (where
I can then do port mirroring to grab all the traffic from that router and
feed it into my ntop box). The thing is I need distinct (not merged) ntop
stats for each site...
The constraints are :
- I have only one box on which to run ntop. This
is a Linux box with a 2.4 kernel and my ntop is version 2.2
- I can have up to 5 NICs on that box.
- The only hardware I can have besides my box is
a hub and RJ45 cables.
- I need to have full ntop stats, for each site,
separately and simultaneously.
What I thought I'd do is mirror all the traffic on 1 port, plug this port into a hub, plug 4 of my machine's NICs into that hub, and then define a different filter on each NIC : eth1 has a filter that selects traffic only from/to remote site 1, eth2 has a filter that selects traffic from/to remote site 2, and so on... Then start ntop with -M and I'd have the stats I want by switching between NICs in the Admin Tab...
Any other idea ?
Thank you
Loïc
