----- Original Message ----- From: "John Hally" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 13, 2003 7:17 AM Subject: [Ntop] Best way to implement Ntop
> > Hello, > > I'm trying to get a feel for inbound/outbound traffic on our network, and > need some advice. To gather this info, would it be better to: > Depends on whats most important to you.... > mirror the internal interface of the firewall? If your Firewall has only 1 internal interface then this is best. Often people have many (Inside, DMZ, Security, etc./..), so probe placement on the inside of the Firewall becomes tricky. > > mirror the entire exit vlan? Do able. Sometimes you end up having to use the -o option outside of the firewall (I'm thinking about PIX and the arp proxy.) Also you might not see all Local -> Local Traffic. > > or just plug the ntop box into the exit vlan? Same as above really depend on how you can "plug in" if it's a hub the everything is fine, if it is a switch then you need to mirror. I'm sure others could add better information.. Mike Tremaine [EMAIL PROTECTED] _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
