Re your switch issue...
When you say "connected to a switch", what do you mean?
Think about how a switch operates...
A switch receives a packet on an interface.
It analyzes the packet (MAC address) and determines which port the
destination is on.
The packet is copied to that port (and ONLY that port).
Broadcast traffic is copied out all ports except the incoming one
So, if server a is on port 1, server b on port 2, the workstations (hubbed)
on port 3 and NTop on port 4:
A workstation -> server A message would be visible only on
* the workstation segment
* port 1
ports 2 and 4 would see no traffic
Sounds like your problem, eh?
Note that many high-end switches have a "mirror" or "monitoring" option
which can be enabled to copy all traffic to a specific port.
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Stuart Herd - IT Dept.
Sent: Friday, January 04, 2002 2:52 PM
To: [EMAIL PROTECTED]
Subject: [Ntop] switches, traffic and exchange..
<snip>
I am collecting data, but not all, not by far.
Monitoring station is connected to a 3com 3300xm vlan enabled switch. All
main servers and router are connected to this in order for me to monitor the
traffic.
The file server does not show any active connections even though all clients
map to it. This and the mail server "should" be the most active yet the only
data i show for our mail (Exchange) server is notification mail that is sent
from the monitoring box, which uses exchange as its relay. I understand that
exchange uses port 135 and rpc based app for it's functions. Does anyone
have a way to track this?
Another example would be that i ftp from my workstation to an outside site.
To get there the traffic is going through the router (3640) out the firewall
and back.
All traffic on this lan goes through this router, it is connected to the
switch in question, ntop should pick this traffic up, should it not??
Same thing for http traffic, it all goes to our proxy, again on the switch.
But no traffic is being seen from/to the proxy, this should also be heavy.
I need some clarification on working with ntop within a switched
environment. I don't understand why i am getting so little data.
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop
