Hi to the lists
I have the following problem.
Ntop seems to detect too much broadcast traffic (more than the 50%).
I've checked with tcpdump but there is not so much broadcast traffic.
So I've checked the source code and I've seen that exists the macro
"broadcastHost(a)".
I've debugged the code and I've discovered that the condition of the
macro broadcastHost cmpSerial(&a->hostSerial,
&myGlobals.broadcastEntry->hostSerial) is often true.
What does the meaning of this condition?
When I log the the dstHost structure in the updatePacketCount funciotn
the ip address and the l2Family field are undefined. What does it means?
The ntop command line is:
/usr/local/bin/ntop -i eth2 --user root --daemon --db-file-path
/usr/local/share/ntop --domain xxx.xx --interface eth2 -m XXX.XXX.0.0/18
-p /usr/local/share/ntop/protocol.list --trace-level 3
--use-syslog=local4 --http-server 3000 --no-mac --track-local-hosts
--disable-sessions --disable-schedyield -d
Thank you very much
Best regards
--
Sergio SAGLIOCCO
SecureLAB - http://www.securelab.it
CSP s.c. a r.l. - http://www.csp.it
______________________________________________
Villa Gualino
Viale Settimo Severo, 63 - 10133 Torino [IT]
tel. +39 011 481 5140 - Mobile +39 348 6024078
fax +39 011 481 5001
______________________________________________
_______________________________________________
Ntop-dev mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
