You need to be sure that ntop can see the traffic you want it to report on, and understand how it will be seeing the traffic WRT a gateway/router and things like NAT etc. Sometimes you just have to sit down with a paper diagram of the network and map out the flows to be sure.
Also, make sure it's really a hub - see stuff I've posted on that issue previously. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roberto Katalinic Sent: Wednesday, March 26, 2003 9:08 AM To: [EMAIL PROTECTED] Subject: RE: [Ntop] Ntop in Border sniffing mode Hi Burton, Thanks for your suggestions. I've installed it and it works fine. However, I am a bit confused regarding the physical setup. My Ntop box is on a separate hub with our gateway box. It only has one nic though. Do I have to change something in this setup? Do I have to put one more nic in the box, set it as a default gateway on my network so that it can count all the traffic going thru??? thanks again Regards Roberto -----Original Message----- From: Burton M. Strauss III [mailto:[EMAIL PROTECTED] Sent: 26 March 2003 14:54 To: [EMAIL PROTECTED] Subject: RE: [Ntop] Ntop in Border sniffing mode There are rpm packages for 2.1.90 @ SourceForge - should just be able to rpm -Fv Both suggestions 2 and 3 can apply to either version. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roberto Katalinic Sent: Wednesday, March 19, 2003 7:23 AM To: [EMAIL PROTECTED] Subject: RE: [Ntop] Ntop in Border sniffing mode OK, I have version 2.1.3... Are you suggesting to upgrade to v.2.1.5 or 2.1.9??? Also, I installed it as an RPM package. Does that mean that I have to remove the rpm package and then install from source or I can install over it?? Thanks Roberto -----Original Message----- From: Burton Strauss [mailto:[EMAIL PROTECTED] Sent: 19 March 2003 11:36 To: [EMAIL PROTECTED] Subject: Re: [Ntop] Ntop in Border sniffing mode 1) -j is obsolete in the 2.1.5x and now 2.1.9x series - replaced my more granular switches. Read a current docs/FAQ 2) Try telling ntop to look only at the external interface via -i 3) Use a -B "bpf filter" to limit the address ranges. -----Burton ---------- Original Message ---------------------------------- From: "Roberto Katalinic" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Tue, 18 Mar 2003 13:02:49 -0000 >Hi All, > >I hope some of you guys have had experience with what I am trying to do. >And that is border sniffing mode. I just want Ntop to tell me how much data goes out of our network and how much data each client receives or sends outside our local network. > >The setup. > >I have a RH8.0 box with Ntop installed on it as a service. I have set the service to start with several command line options: >daemon prog$ -j -n -E -m 192.168.1.0/24 -p /home/protocol.list -P /home/admin admin >The machine is set on a separate segment with our gateway box which runs Smoothwall. > >The problem >Everything seems to be fine except one thing: The Ntop box seems to register internal traffic as well and that is what I don't want. For example, it tells me that one of our internal servers has done so much traffic, however, that server never sees the light of the Internet, it's just a file server. >The only thing that I suspect might be the physical setup of the Ntop box but I'm not sure. > > >How do I get Ntop to register just the Internet traffic???? > >Any help will be greatly appreciated >Thank you > >Roberto > > > > > > > > > > > > > > >Information contained in this e-mail is intended for the use of the addressee only, and is confidential and may be the subject of Legal Professional Privilege. Any dissemination, distribution, copying or use of this communication without prior permission of the addressee is strictly prohibited.The views of the author may not necessarily constitute the views of Kuju Entertainment Ltd. Nothing in this email shall bind Kuju Entertainment Ltd in any contract or obligation. > >The contents of an attachment to this e-mail may contain software viruses which could damage your own computer system. While Kuju Entertainment has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment. > >_______________________________________________ >Ntop mailing list >[EMAIL PROTECTED] >http://listgateway.unipi.it/mailman/listinfo/ntop > ____________________________________________________________ Free 20MB Web Site Hosting and Personalized E-mail Service! Get It Now At Doteasy.com http://www.doteasy.com/et/ _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop Information contained in this e-mail is intended for the use of the addressee only, and is confidential and may be the subject of Legal Professional Privilege. Any dissemination, distribution, copying or use of this communication without prior permission of the addressee is strictly prohibited.The views of the author may not necessarily constitute the views of Kuju Entertainment Ltd. Nothing in this email shall bind Kuju Entertainment Ltd in any contract or obligation. The contents of an attachment to this e-mail may contain software viruses which could damage your own computer system. While Kuju Entertainment has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment. _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
