ntop can track any packets it sees. What precisely it can see is a matter
of your network layout and you really don't give enough info to understand
it. The comment "when the NTOP was installed in a different machine" is
confusing. If the picture is this:
+-----+
WS----| hub |----FW----rest of world
+-----+
|
ntop
Then, yeah, it should see the traffic.
Random thoughts...
1. Run tcpdump or another packet sniffer and see if you're really seeing
traffic.
2. Check if that hub is really a hub.
I've seen a lot of current model 'hubs' that are internally switches. Among
the offenders are Linksys' Network Everywhere and their EFAH08W v3 (not to
pick on Linksys, I've seen it on others too, but I own a LOT of Linksys
gear).
Be wary of dual-speed hubs, as most of them are configured w/ a 10BaseT
segment and a 100BaseT segment (hubs) with a switch between the segments.
3. Is this the demo version for Win32? That's limited to 1K packets...
4. SMP? Only the patched version of libpcap @ ntop's pages on SourceForge
and supposedly the v3 beta support SMP...
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 3:43 AM
To: [EMAIL PROTECTED]
Subject: [Ntop] Help in configuring NTOP
Dear All,
I am currently attempting to accomplish a project in which NTOP plays a key
role. However much about what I need for NTOP seems a little vague in this
regard. It has been already more than a month since the start of my project
and I really really need help already. My project is something to replace
MRTG with something similar... the current MRTG configuration in my office
was designed to monitor network bandwidth on the firewall and router's
interfaces. We wanted to have more information on the graphs and and so I
thought NTOP may have an answer for this if it works. Information such as
HTTP usage, SMTP usage, etc etc segregated among the interfaces of the
firewall and routers.
I already compiled NTOP and had the machine connected a hub where the
internal firewall interface is located. However, the graphs were absolutely
empty even though I tweaked the protoUsage.pl to check dumpData.html for the
IP interface of the firewall. I also tried configuring the libpcap filtering
expression but all my attempts in using "gateway" expression failed. I'm
currently using Windows2000.
So my question is: Can NTOP track packets going through the interfaces of
the firewall/routers and have RRD tool graph them by protocol even when the
NTOP was installed in a different machine? If so, am I missing something?
Regards,
Paolo Vinoya - MCP
Network Engineer
NOC Team, IT Department
TrendLabs HQ, Trend Micro, Incorporated
Web: http://www.antivirus.com
p.s. If the project is successful, I'll be glad to support your group for
furthering your research with NTOP. ;)
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
