Russel,
ntop works as follow:
when ntop sees a 'local' packet then the MAC address is used, otherwise
the IP address is used. In your case, if with -m you specify local
subnets and you use 192.168.0.0/16 as a local subnet then ntop assumes,
for instance, that is a packet comes from 08:00:20:C1:30:FC/192.168.1.2
then this packet is sent from a local host, then 08:00:20:C1:30:FC is
the real MAC address of 192.168.1.2. If 192.168.1.2 is not *really*
local to your interface you use for grabbing packets, then it means that
08:00:20:C1:30:FC is the MAC address of (one of) your router -> ntop
believes that this machine is multihomed.
Bottom line: don't misuse the -m flag.
That's all, Luca
Russell Mosemann wrote:
>
> I grabbed the September 7 download for Linux 2.4.7 (RedHat 7.0). When I
> run ntop, I use the -m switch to specify additional subnets as local, for
> example, 192.168.0.0/16. Ntop seems to pick a particular host, collects a
> set of IP addresses and then claims that the host is multihomed. That
> messes up the information such as how much traffic the host is moving and
> what connections it is making, because all of the hosts are treated as
> one.
>
> All of the hosts are on the other side of a router. The only thing I can
> imagine is that ntop is seeing all of these addresses come from the same
> MAC address (the router). So, it assumes that this is a multihomed
> computer. If I don't use the -m switch, things work, but hosts that are
> not on the local network segment are identified as remote. Is this the way
> this is supposed to work or am I doing something wrong?
>
> On a different topic, ntop seems to give up too early for resolving IP
> addresses to host names. All of our local hosts are defined in our name
> server, but ntop only resolves some of the IP addresses.
>
> ----
> Russell Mosemann, Ph.D. * Computing Services * Concordia University, Nebraska
> "I decided to go into computer programming instead of music because
> my Bach was worse than my byte." - my quote in Reader's Digest
>
> _______________________________________________
> Ntop mailing list
> [EMAIL PROTECTED]
> http://listmanager.unipi.it/mailman/listinfo/ntop
--
Luca Deri NETikos S.p.A.
Via Matteucci 34/B 56124 Pisa, Italy.
Ph. +39/050/968.639 Fax. +39/050/968.626
Personal: [EMAIL PROTECTED] Business: [EMAIL PROTECTED]
WWW: http://www.lucaderi.org/ ICQ: 68183632
One's destination is never a place but rather a new way of
looking at things - Henry Miller
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop
