NTOPsters, I joined today .... under pressure.
I have been working with NTOP for a while, trying to get it to see "all" network traffic on our network. My boss has concluded that all NTOP can see is broadcast traffic and therefore he has a low opinion of what I believe to be a fine product (I'm not so quick to accuse PhD's of lousy software, Luca) and I have discovered that, by-golly, NTOP does report what it sees and it only sees what traverses the computer system it's actually running on. (hang on ....) My boss is also convinced that all switches (yeah ...) have the feature where all traffic occuring via that switch will be visible to all ports on the switch, and, since NTOP is plugged into a switch (a 3Com 3300TM), all traffic on that switch should be reported by NTOP. He uses the word "backplane" a lot. The NTOP machine is Fedora Core 1 with the "pre1" rpm from SourceForge. I have it listening for all the data I am interested in and I know that it can see whatever traverses the NTOP machine. I also presently have the NIC forced to promiscous mode. I also have a separate machine running NetProbe, it's on Slackware 9.1 and the NIC is not in promiscous mode. Both machines are plugged into the same 3Com switch. NetProbe sees much more traffic/activity. Question 1: Is it true that NTOP must be plugged into a hub to see "all" network traffic? Question 2: Does anyone else think of switches like my boss does? Question 3: Anyone willing to comment as to why NetProbe sees much more than NTOP on our 3Com switch? Thanks to anyone willing to take this one. Feel free to call names and be mean, if necessary. _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
