Hopefully someone can assist my ignorance in regards to using NTOP as a NetFlow collector. If not ... thats cool! Just thought I would ask. I just have a few basic questions, which are listed below after I describe my environment.
------------------------- My environment explained; ------------------------- ########### NTOP SERVER ########### ./ntop -a ntop.access.log -i eth0 -w 10.4.4.51:3999 -m 10.0.0.0/255.0.0.0,192.168.0.0/255.255.0.0 -p protocol.list -E -P /eth1/ -u ntopuser -d RH7.3 ntop-02-09-25 Dell Pentium PC -- 2 NICS ETH0 10.4.4.51 (web server listening) ETH1 1.1.1.1 (Cisco switch port monitoring router port) NetFLow pluging: enabled Local Collector UDP port: 2055 Interface Name NetFlow Enabled eth0 Yes NetFlow-device No Flow Statistics # Pkts Rcvd.value 366 # Flows Rcvd.value 10,980 # Flow with Bad Version 0 Flow Senders 192.168.2.1 [366 pkts] ############# Router Config ############# ip flow-export source FastEthernet0/0 ip flow-export version 5 ip flow-export destination 10.4.4.51 2055 interface FastEthernet0/0 description <<GLASRTR01 User/Admin/Server Secondary IP's>> ip address 10.4.4.1 255.255.254.0 secondary ip address 10.6.16.1 255.255.252.0 secondary ip address 192.168.1.5 255.255.255.0 secondary ip address 192.168.2.1 255.255.255.0 ip directed-broadcast ip route-cache flow speed 100 full-duplex ---------- Questions: ---------- 1) I have 2 options when switching NIC's; eth0 and NetFLow-device. Im assuming eth1 (which is the monitoring port) is labeled NetFlow-device because since NetFlow is enabled ... it is the interface which can export NetFLow to another collector. However, my question is what interface should I select to view NetFLow data received from the router I am sending NetFlow data? eth0 (ip 10.4.4.51)? 2) Say for instance you are only using NTOP to view NetFlow data received from a router. What & where would you see NetFlow data presented in NTOP? Im assuming I will not see sessions because NetFlow data are sessions which have ended? It seems like I should see everything else however it appears as though I am only seeing broadcasts NTOP is able to pickup off that port on the switch (and me connecting to it via 80 and 22). Hopefully I explained this so that you can understand my question. __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://lists.ntop.org/mailman/listinfo/ntop
