Never seen it. Would have been nice to have reported this earlier, instead of hoping it would magically get fixed. Days before the planned release is very late in the game.
Gang: Anyone else having this problem? I haven't seen it, but I have a very simple network. ntop doesn't use the ARP data. If the gethostbyname() and other functions use it under the covers, that could cause issues, but once ntop resolves an name, it doesn't re-resolve it. IIRC - without diging into the code - the name in the "info about" line is the 'resolved' name, which is a char[] represention of the ip address as a last resort. Thoughts - is this a complex, switched environment? Some switches re-write packets with their own MAC addresses, this causes all sorts of pain. If you have multiple redundant links and the switches are reconfiguring the spanning tree, then I could see how packets would 'change' their MAC-IP address connection. That would confuse the heck out of ntop. Try the -o | --no-mac switch and let us know... that should disable the MAC stuff, making ntop a pure layer 3 monitoring tool, vs. the hybrid. -----Burton > -----Original Message----- > From: pc [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 26, 2003 9:07 PM > To: [EMAIL PROTECTED] > Subject: Issues w/ ntop 2.2.93 <snip/> > ntop confuses default router and linux box & known host names change > > If I startup ntop and then go and ping everything in my network, all of the hosts are displayed nice and pretty by ntop. But after a while this seems to fall apart. Some things revert back to their manufacturer/MAC address and some others become a simple host name without the domain suffix and sometimes they become an IP address. The one very problematic one is that my box that I run ntop on becomes displayed as the IP address of the default router???? When I look at the host in the ntop web page it in fact displays both the IP addresses in the output. The record for the default router may or may not exist at the time. THIS IS NOT NEW TO v2.2.93! I was having this same issue with 2.2c (and was hoping it might be somehow corrected in the new version). In some of my debugging efforts I've noticed that ntop seems to be very sensitive to the contents of the arp cache at the time the web page is displayed. But once the data for the default route and local machine seemingly merge, nothing corrects it without a restart of ntop. I've attached a web page example of this. Note that the host name that ntop has named it is 172.22.22.254 but the actual IP address is 172.22.22.55. The initial name that ntop named it was pc5.localnet which is in line with it's actual host name. (see: > ntopIPmismatch.zip) _______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
