I've just about got NTOP doing everything I want, but w/ an
essentially stock FreeBSD 4.8-RELEASE, I have occasions (like now) where
traffic from certain local hosts isn't reliably tracked by NTOP. That is,
if I invoke NTOP to monitor rl0 (a brand-new Realtek card) which hosts
IP a.b.c.48, NTOP will not "see" quite a few hosts, like a.b.c.31. I
know that a.b.c.31's traffic is passing thru rl0, bec I can see it via
tcpdump (tcpdump -i rl0 host a.b.c.31). BTW, it was behaving this way
when I had a different Ethernet card (a dc-based card.)
It's funny bec some hosts show up instantly (w/in 10s) upon booting
NTOP. a.b.c.31 and others just won't show up unless I repeatedly
restart NTOP until these special hosts appear (via the IP Traffic:L->R
link). It's not an odd-even thing, just certain hosts don't show up.
Here's the cmd-line I use:
/usr/local/bin/ntop -u nobody -d -P /data0/ntop -w 3000 -i rl0,dc0 \
-m a.b.c.0/26,192.168.1.0/24 -M -L
Here's the rl0 device:
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet a.b.c.48 netmask 0xffffffc0 broadcast a.b.c.63
inet6 fe80::2e0:4cff:feea:c6d5%rl0 prefixlen 64 scopeid 0x1
ether 00:e0:4c:ea:c6:d5
media: Ethernet autoselect (10baseT/UTP)
status: active
It's not a speed issue, bec the host system is a 1GHz Dell P-III w/
128MB of RAM and the system's lightly loaded (NTOP, NAMED, MySQL, NTPD).
And NTOP has almost all of the CPU time.
Next, I'm going to try yet another Ethernet card, this time, an Intel
EtherExpress, altho I doubt that even the most recommended Ethernet card
is going to make a diff. Anyone else have any other suggestions ?
Later....Jet
=============== From the desk of Jethro Wright, III ================
+ Nothing causes self-delusion quite so readily as power. =
=== [EMAIL PROTECTED] ========================= Liu Binyan ===
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
