RE: [Ntop] Ntop netflows not exported

Sat, 04 May 2002 13:53:54 -0700 

That's a Linux issue.  All ntop does is send a packet to the network addressed
to your destination.

    rc = sendto(myGlobals.netFlowOutSocket,
                (void*)&myGlobals.theRecord,
                /* Fix below courtesy of Rami AlZaid <[EMAIL PROTECTED]> */
                (myGlobals.globalFlowPktCount*sizeof(struct flow_ver5_rec)
                 +sizeof(struct flow_ver5_hdr)),
                0, (struct sockaddr *)&myGlobals.netFlowDest,
                sizeof(myGlobals.netFlowDest));

do a man sendto to see the docs on the call...

So, it's basically how the Linux stack decides to route it.  That would usually
be based on the routing table's metric value.  Do a "route -v  -n" to see it...

The MOST SPECIFIC route with the lowest metric # would be selected.  E.g., if
this is the table:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0    0.0.0.0          255.255.255.0   U     0      0        0 eth0
192.168.2.129  0.0.0.0          255.255.255.128 U     0      0        0 eth2
192.168.2.146  0.0.0.0          255.255.255.255 U     0      0        0 eth1
192.168.2.146  0.0.0.0          255.255.255.255 U     1      0        0 eth2
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.2.1     0.0.0.0         UG    0      0        0 eth0

A packet to 192.168.2.146 goes via eth1 (equally specific routes, so it chooses
based on the metric 0 vs. 1)

A packet to 192.168.2.145 goes via eth2  (192.168.2.129/25 is more specific than
192.168.2.0/24)
A packet to 192.168.2.46 goes via eth0
A packet to 10.1.1.1 goes via eth0 (the gateway is the least specific route, but
it is the best match)

-----Burton

-----Original Message-----
From: Adrian ISTRATE [mailto:[EMAIL PROTECTED]]
Sent: Saturday, May 04, 2002 6:14 AM
To: Burton M. Strauss III; [EMAIL PROTECTED]
Subject: RE: [Ntop] Ntop netflows not exported


At 01:02 PM 5/4/2002, Burton M. Strauss III wrote:
>Same answer - give us information about your setup and environment, and we may
>be able to help you.
>
>-----Burton

First, thanks for the quick answer and sorry for not giving all the details.
Finnally, I got it to work and I'll give some explanations below.
The dual homed linux is NAT-ing the private network of our University. It
is where ntop is running, it's a Mandrake 8.0 on a PIII-600MHz/256 RAM/SCSI
U2W machine.
Since our NAT policy is rather complex and I won't discuss it here, there
are multiple addresses (aliases) on each NIC. So I configured the ntop and
the collector to use the private segment (10.xx..) to transfer data.
Everything worked very well, but the data files were containing no data, as
I said. Finnaly, after some tcpdumping on the interfaces I noticed that the
udp packets were sent through another IP address than I was expecting.
After configuring the collector to accept packets from that address,
everything started to work (as I am now writing some special scripts to get
what I want from the flows..)
That's about it.
Is there any parameter to set to tell ntop which interface/ip address to
use when exporting the flows?
Anyway, thank you very much for that work, I really appreciate it!!
Best regards,
Adrian

>-----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>Adrian ISTRATE
>Sent: Saturday, May 04, 2002 3:23 AM
>To: [EMAIL PROTECTED]
>Subject: [Ntop] Ntop netflows not exported
>
>
>Hi everybody,
>I am trying to use ntop on a linux dual homed and export the flows to
>another linux box to do some traffic monitoring.
>Everything went just fine when compiling/installing ntop, but the netflows
>are not exported, although I configured well the plugin.
>The packets are sent to the collector, but there is no flow information
>inside.
>Could anyone give me a hint on this?
>Regards,
>Adrian
>
>____________________________________________________________
>Adrian ISTRATE
>Junior Lecturer - Network & Systems Administrator
>University "Dunarea de Jos" Galati
>Computer Science and Engineering Department             Home
>
>email: [EMAIL PROTECTED]                           email:
>[EMAIL PROTECTED]
>www: http://www.cs.ugal.ro/staff
>Private phone (Romania):  +40 92 686 123
>Private phone (Switzerland):  +41 79 722 67 18
>ICQ UIN: 5335688                MSN Msg.:  [EMAIL PROTECTED]
>____________________________________________________________
>
>_______________________________________________
>Ntop mailing list
>[EMAIL PROTECTED]
>http://listgateway.unipi.it/mailman/listinfo/ntop


_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop

Reply via email to