makes perfect sense. I will look into the management capabilities of the switch.. Thank you.
< doh! > -----Original Message----- From: Burton M. Strauss III [mailto:[EMAIL PROTECTED]] Sent: Friday, January 04, 2002 5:02 PM To: Ntop Cc: [EMAIL PROTECTED] Subject: RE: [Ntop] switches, traffic and exchange.. Re your switch issue... When you say "connected to a switch", what do you mean? Think about how a switch operates... A switch receives a packet on an interface. It analyzes the packet (MAC address) and determines which port the destination is on. The packet is copied to that port (and ONLY that port). Broadcast traffic is copied out all ports except the incoming one So, if server a is on port 1, server b on port 2, the workstations (hubbed) on port 3 and NTop on port 4: A workstation -> server A message would be visible only on * the workstation segment * port 1 ports 2 and 4 would see no traffic Sounds like your problem, eh? Note that many high-end switches have a "mirror" or "monitoring" option which can be enabled to copy all traffic to a specific port. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stuart Herd - IT Dept. Sent: Friday, January 04, 2002 2:52 PM To: [EMAIL PROTECTED] Subject: [Ntop] switches, traffic and exchange.. <snip> I am collecting data, but not all, not by far. Monitoring station is connected to a 3com 3300xm vlan enabled switch. All main servers and router are connected to this in order for me to monitor the traffic. The file server does not show any active connections even though all clients map to it. This and the mail server "should" be the most active yet the only data i show for our mail (Exchange) server is notification mail that is sent from the monitoring box, which uses exchange as its relay. I understand that exchange uses port 135 and rpc based app for it's functions. Does anyone have a way to track this? Another example would be that i ftp from my workstation to an outside site. To get there the traffic is going through the router (3640) out the firewall and back. All traffic on this lan goes through this router, it is connected to the switch in question, ntop should pick this traffic up, should it not?? Same thing for http traffic, it all goes to our proxy, again on the switch. But no traffic is being seen from/to the proxy, this should also be heavy. I need some clarification on working with ntop within a switched environment. I don't understand why i am getting so little data. PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message. If you are not the addressee indicated in this message or the employee or agent responsible for delivering it to the addressee, you are hereby on notice that you are in possession of confidential and privileged information. Any dissemination, distribution, or copying of this e-mail is strictly prohibited. In such case, you should destroy this message and kindly notify the sender by reply e-mail. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions, and other information in this message that do not relate to the official business of the sender's firm shall be understood as neither given nor endorsed by it. E-mail cannot be guaranteed to be secure, error free or free from viruses. Royal does not accept any liability whatsoever for any loss or damage which may be caused as a result of the transmission of this e-mail. _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop
