I'm pretty sure I've already replied, but it showed up new... Update to 2.0.99 and use the -j | --border-sniffer-mode (it's not available in 2.0), what this does is to eliminate ntop's usage of MAC addresses, which are being changed by the switch as part of the mirroring process (it has to do this to send out valid TCP/IP packets).
-----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sancho Lerena Sent: Tuesday, May 14, 2002 3:16 AM To: [EMAIL PROTECTED] Subject: [Ntop] Problems with IP / MAC in a VRRP enviroment. Hello, I'm using NTOP in a production enviroment to check network traffic and efficiency of our network. We have detected a problem with NTOP: it assign MAC to IP with nosense. We have about 100 hosts in out NOC, and NTOP tell us that three "hosts" are taking all the load... If you look at the MAC you find a VRRP MAC assigned to an IP of SMTP server. I think that something was wrong. I suppose that Cabletron Load Balancing and/or VRRP setup of our firewalls and Cabletron Switches can be confusing NTOP. We have a FastEthernet portmirror on a Cabletron 8000 and 8600 (we have two NTOP's and we have similar problems). Examples: Info about host 10.y.x.41 (taking about 90% of our NOC traffic, impossible in real life). IP Address 10.y.x.41 [unicast] First/Last Seen 05/06/02 19:52:10 - 05/14/02 10:48:03 [7 day(s) 14:55:53] Last MAC Address/Router 00:00:5E:00:01:04 In other 2.0 version it has a "Duplicated IP or Wrong netmask" warning, but I'm using ntop v.2.0.0 MT [i686-pc-linux-gnu] (03/11/02 03:38:09 PM build) and this error dont appear. This host is a Debian Woody with kernel 2.4.6 and 3Com PCI 3c905B Cyclone NIC's. I'm using other NTOP, version ntop v.2.0.0 MT [i686-pc-linux-gnu] (04/12/02 11:48:31 AM build), with debian Woody using 2.2.19 kernel, and the same nic's. Setup is a basic debian config with some changes in /etc/init.d/ntop script USER="ntop" GETOPT=" -E -n -c -m z.x.y.0/16,z.x.y.0/16" PORT="xxxx" INTERFACES="eth1" SAVE="2" TRACE="2" start-stop-daemon --start --quiet --name $NAME --exec $DAEMON -- \ -d -L -u $USER -w $PORT -p /etc/ntop/protocol.list -P $HOMEDIR \ -S $SAVE -a /var/lib/ntop -R /etc/ntop/rules -i $INTERFACES \ -t $TRACE -O $LOGDIR $GETOPT Thanks for your help, Un saludo, Sancho Lerena _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
