use the .1Q vlan ability in linux to create an interface you can read
http://www.candelatech.com/~greear/vlan.html#setup
you should be able to get NTOP to listen to eth0.6 according to your tcpdump
below.
the .6 ending on the alias specifies which vlan you are on ( in this case 6 ).
note that is a period not full colon as in an alias interface .. a vlan
interface rides the physical interface just as an alias interface does but is
specified differently (ie periods instead of colons).
----Original Message-----
From: Ennul Ennui [mailto:[EMAIL PROTECTED]
Sent: Mon 2/2/2004 2:09 PM
To: [EMAIL PROTECTED]
Cc:
Subject: [Ntop] VLAN Tags
Iâve been reading through the documentation and the forums but I havenât
found a clear answer to this question, so I figure it canât hurt to ask it.
Iâm running NTOP on an install of Fedora. It works fine when I plug it into
my local network. I set up a mirrored port of our internal firewall port to use to
monitor traffic using NTOP. When I switched NTOP to this other interface I only
receive OSI/Bridge/VLAN traffic. After looking at the tcpdump of the interface I
realize that the traffic is being VLAN tagged.
Example:
tcpdump -i eth1
tcpdump: listening on eth1
11:02:33.512569 802.1Q vlan#6 P0 192.168.255.189.1281 >
209.249.64.204.available.above.net.http: . ack 1992470965 win 65520 (DF)
11:02:33.516807 802.1Q vlan#6 P0
adsl-67-39-1-248.dsl.dytnoh.ameritech.net.2879 > 192.168.255.94.8767: udp 20
11:02:33.517181 802.1Q vlan#6 P0 192.168.255.94.8767 >
adsl-67-39-1-248.dsl.dytnoh.ameritech.net.2879: udp 24
11:02:33.527425 802.1Q vlan#6 P0 192.168.255.182.1046 >
baym-cs125.msgr.hotmail.com.1863: P 1816452568:1816452573(5) ack 869861626 win 65453
(DF)
11:02:33.527924 802.1Q vlan#6 P0 192.168.255.119.1169 >
64-202-98-060.streamguys.net.http: . ack 2372648139 win 64512 (DF)
11:02:33.529673 802.1Q vlan#6 P0 64-202-98-060.streamguys.net.http >
192.168.255.81.1060: P 1962520487:1962521328(841) ack 3707418226 win 16199 (DF)
11:02:33.529922 802.1Q vlan#6 P0
chcgil2-ar2-4-64-097-188.chcgil2.dsl-verizon.net.3584 > 192.168.255.94.8767: udp 155
11:02:33.530048 802.1Q vlan#6 P0 192.168.255.94.8767 >
24.247.222.219.kzo.mi.chartermi.net.1128: udp 161
Iâm still researching the possibility of stripping these VLAN tags off, but
I was hoping someone could point me to perhaps something in my configuration or
compiled version of NTOP Iâm running.
This port is being mirrored from a Cisco Catalyst 6509. The non-mirrored port
runs between the 6509 (Core switch) and the firewall (A Cisco pix 5225).
This is how Iâm starting NTOP: ntop -i eth1 -m 192.168.0.0/255.255.0.0 -w
8080 âd
Iâm running NTOP version 2.2. Iâm hoping that there is support for VLAN
tags, but I didnât compile it when I built NTOP. Any help or suggestions would be
appreciated. Thanks!
Kevin J
Systems Admin
#####################################################################################
Note:
This message is for the named person's use only. It may contain confidential,
proprietary or legally privileged information. No confidentiality or privilege
is waived or lost by any mistransmission. If you receive this message in error,
please immediately delete it and all copies of it from your system, destroy any
hard copies of it and notify the sender. You must not, directly or indirectly,
use, disclose, distribute, print, or copy any part of this message if you are not
the intended recipient. Wagner-Weber Associates and any of its subsidiaries each
reserve
the right to monitor all e-mail communications through its networks.
Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorized to state them to be the
views of any such entity.
Thank You.
#####################################################################################
6Ú)™¨¥Šx%ŠËM¶Šnž*bŠØm¶Ÿÿ–+-«^Á®ž*bŠßæj)fjåŠËbú?žÚ)
