i am having trouble understanding the border sniffer mode option and how it affects NTOP's other flags...
i have setup a hub inbetween our router and our firewall and plugged the interface that NTOP is monitoring on into this hub. we are using NAT for all of our hosts so the main host MAC address for several machines is going to show up to NTOP as the same for www, mx1, ns1, ns2, ns3 etc. whenever i turn on NTOP *without* border sniffer mode, it can only see one of the hosts that is behind our firewall and track it, im guessing it resolves the first packet it sees in the local subnet that ive defined and then resolves that IP and only tracks traffic with that host name and that MAC and it must disreguard all other traffic with the same MAC address. is this the case? if it is i have a reccomendation that there be an option to track by IP or MAC if at all possible, this would help people in the same situation as me, or if this is already built in please point me in the right direction.... also when i use the -j option i cannot log to a mysql database? am i *forced* to log to the flat files? i enter the -b localhost:4000 option into the startup script but whenever i have that along with -j, then the webpage that displays the config alway shows that the mysql database is inactive or is this output false? and how do you disable the purge hosts option when using ntop in border sniffer mode? or in regular mode for that matter. it seems that no matter what i do i cannot disable this, its really driving me up a wall, ive used the -c (sticky hosts) option and its *still* purging hosts on me! thanks eoin _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://lists.ntop.org/mailman/listinfo/ntop
