Whoa boss ... try reading ntop's man page - it points you at man tcpdump which has stuff all about expressions. There are NOT and ANDs and ORs and thingys like that in them thar 'spreasions...
-----Burton > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf > Of Josh Schulenberg > Sent: Tuesday, April 20, 2004 12:31 PM > To: [EMAIL PROTECTED] > Subject: RE: [Ntop-dev] Unhealthy Host > > > > that would work, except that we have 600+ hosts and I'm sure a 600 line > BPF would bog ntop down. It seems that there is there is no exclusive > rule..its just all inclusive? > > > > On Tue, 2004-04-20 at 10:37, Burton M. Strauss III wrote: > > Well, if it's traffic you are generating yourself, you could > use a filter > > expression (-B "" option) to kill it before ntop sees it > > > > -B "host whatsup.me.com and port 80" > > > > -B "host bigbrother.me.com" > > > > etc. > > > > -----Burton > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf > > > Of Josh Schulenberg > > > Sent: Tuesday, April 20, 2004 10:07 AM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [Ntop-dev] Unhealthy Host > > > > > > > > > > > > It is UDP port to closed and RST. This is all normal network > > > traffic...the help file also mentions that as well. We are using Big > > > Brother to monitor services, as well as WhatsUp gold. I have a friend > > > who runs this on another network and has similar > issues...these networks > > > both heavily use Windows 2000/2003 and a few Linux hosts. > > > > > > > > > > > > On Tue, 2004-04-20 at 09:48, Burton M. Strauss III wrote: > > > > -o is frequently useful if the MAC addresses are being > > > re-written (this is > > > > the most common cause of wrongly attributed multi-homed hosts). > > > > > > > > But, basically, fix the network problems comes to mind. What > > > item(s) is/are > > > > being flaged. There are quite a few, with DETAILED > > > descriptions available > > > > on the help pages linked from the list of flagged items. Once > > > you know what > > > > ntop is seeing, then you'll have to fix the root cause on > the network. > > > > > > > > -----Burton > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] Behalf > > > > > Of Josh Schulenberg > > > > > Sent: Tuesday, April 20, 2004 9:24 AM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: [Ntop-dev] Unhealthy Host > > > > > > > > > > > > > > > > > > > > Is there a way to disable 'Unhealthy Host'. It seems to tag > > > almost every > > > > > host as 'Unhealthy'. I looked at archives of this list and I > > > could only > > > > > find a suggestion to use '-o' to disable mac address > tagging. I tried > > > > > that to no avail. I can't find anything in the > documentation on how to > > > > > turn this off. This is ntop 3.0.0 stable, btw. > > > > > > > > > > > > > > > > > > > > > > > > __________________________________________________________________________ > > > > > > > > > > "The information transmitted is intended only for the person > > > or entity to > > > > > which it is addressed and may contain confidential, > > > proprietary, and/or > > > > > privileged material. Any review, retransmission, > > > dissemination or other > > > > > use of, or taking of any action in reliance upon, this > information by > > > > > persons or entities other than the intended recipient is > prohibited. > > > > > If you received this in error, please contact the sender > and delete > > > > > the material from all computers." > > > > > _______________________________________________ > > > > > Ntop-dev mailing list > > > > > [EMAIL PROTECTED] > > > > > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > > > > > > _______________________________________________ > > > > Ntop-dev mailing list > > > > [EMAIL PROTECTED] > > > > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > > > > > > > > __________________________________________________________________________ > > > > > > "The information transmitted is intended only for the person > or entity to > > > which it is addressed and may contain confidential, > proprietary, and/or > > > privileged material. Any review, retransmission, > dissemination or other > > > use of, or taking of any action in reliance upon, this information by > > > persons or entities other than the intended recipient is prohibited. > > > If you received this in error, please contact the sender and delete > > > the material from all computers." > > > _______________________________________________ > > > Ntop-dev mailing list > > > [EMAIL PROTECTED] > > > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > > _______________________________________________ > > Ntop-dev mailing list > > [EMAIL PROTECTED] > > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > __________________________________________________________________________ > > "The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential, proprietary, and/or > privileged material. Any review, retransmission, dissemination or other > use of, or taking of any action in reliance upon, this information by > persons or entities other than the intended recipient is prohibited. > If you received this in error, please contact the sender and delete > the material from all computers." > _______________________________________________ > Ntop-dev mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop-dev _______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
