[Ntop] VLAN Tags

Mon, 02 Feb 2004 12:12:49 -0800

I’ve been reading through the documentation and the forums but I haven’t found a clear answer to this question, so I figure it can’t hurt to ask it.

 

I’m running NTOP on an install of Fedora. It works fine when I plug it into my local network. I set up a mirrored port of our internal firewall port to use to monitor traffic using NTOP. When I switched NTOP to this other interface I only receive OSI/Bridge/VLAN traffic. After looking at the tcpdump of the interface I realize that the traffic is being VLAN tagged.

 

Example:

 

tcpdump -i eth1

tcpdump: listening on eth1

11:02:33.512569 802.1Q vlan#6 P0 192.168.255.189.1281 > 209.249.64.204.available.above.net.http: . ack 1992470965 win 65520 (DF)

11:02:33.516807 802.1Q vlan#6 P0 adsl-67-39-1-248.dsl.dytnoh.ameritech.net.2879 > 192.168.255.94.8767: udp 20

11:02:33.517181 802.1Q vlan#6 P0 192.168.255.94.8767 > adsl-67-39-1-248.dsl.dytnoh.ameritech.net.2879: udp 24

11:02:33.527425 802.1Q vlan#6 P0 192.168.255.182.1046 > baym-cs125.msgr.hotmail.com.1863: P 1816452568:1816452573(5) ack 869861626 win 65453 (DF)

11:02:33.527924 802.1Q vlan#6 P0 192.168.255.119.1169 > 64-202-98-060.streamguys.net.http: . ack 2372648139 win 64512 (DF)

11:02:33.529673 802.1Q vlan#6 P0 64-202-98-060.streamguys.net.http > 192.168.255.81.1060: P 1962520487:1962521328(841) ack 3707418226 win 16199 (DF)

11:02:33.529922 802.1Q vlan#6 P0 chcgil2-ar2-4-64-097-188.chcgil2.dsl-verizon.net.3584 > 192.168.255.94.8767: udp 155

11:02:33.530048 802.1Q vlan#6 P0 192.168.255.94.8767 > 24.247.222.219.kzo.mi.chartermi.net.1128: udp 161

 

I’m still researching the possibility of stripping these VLAN tags off, but I was hoping someone could point me to perhaps something in my configuration or compiled version of NTOP I’m running.

 

This port is being mirrored from a Cisco Catalyst 6509. The non-mirrored port runs between the 6509 (Core switch) and the firewall (A Cisco pix 5225).

 

This is how I’m starting NTOP: ntop -i eth1 -m 192.168.0.0/255.255.0.0 -w 8080 –d

 

I’m running NTOP version 2.2. I’m hoping that there is support for VLAN tags, but I didn’t compile it when I built NTOP.  Any help or suggestions would be appreciated. Thanks!

 

Kevin J

Systems Admin

Reply via email to