Having read the FAQ (but a while ago), I thought Burton would either barrage me or The Boss. :-)
Thanks to all for the many responses. I will do two things: 1-continue reading up on our 3Com 3300TM (3C16986A) But from what I've seen, it looks like I can only 'connect' one port to one port for purposes of traffic "mirroring". 2-(re)look over the stuff Burton talked about and I'll post my command line here. Yeah, my Boss is a self-made (and self-proclaimed) networking guru. I'm in a bit of a pinch -- ya'll can see that I'm hardly a networking ninja. Anyway, three cheers to the Open Source community! ========================================= NetProbe is the one from www.objectplanet.com/Probe and I'm running the freebie 1.0 beta 1. It's on a Slackware 9.1 machine, non-promisc mode and plugged into the same switch as the NTOP machine. (this seems to work fine -- eg, all SSH, NTOP and IPCOP traffic which occurs THROUGH this machine is seen and reported and I get tons of NBios-IP crap, but according to NTOP under Summary:Traffic, it's mostly broadcasts.) Also, remember NTOP is running on a Fedora Core 1 machine, and I have NTOP starting as a service via: /etc/rc.d/init.d/ntop .... and I added two lines to this script at the very top: ifconfig eth0 down if config eth0 up promisc I did this to see if that was what was lacking from my system configuration to enable NTOP to see "everything") I use the /etc/ntop.conf file (and I do not have a " -L " in it, I don't know why there is a --use-syslog AND a -L here ) (from the web page interface) /usr/bin/ntop -d --user watchman --db-file-path /var/ntop --interface eth0 --use-syslog --http-server 3000 --local-subnets 192.168.254.0/24 --domain ameritelusa.com --daemon --max-table-rows 128 --refresh-time 300 --disable-sessions --numeric-ip-addresses --trace-level 2 --protocols /etc/ntop_protocol.list -L /etc/ntop_protocol.list is: FTP=ftp|ftp-data HTTP=http|www|https SQUID=3128 DNS=name|domain Telnet=telnet|login NBios-IP=netbios-ns|netbios-dgm|netbios-ssn Mail=pop-2|pop-3|pop3|kpop|smtp|imap|imap2 DHCP=67-68 SNMP=snmp|snmp-trap NNTP=nntp NFS=mount|pcnfs|bwnfs|nfsd|nfsd-status X11=6000-6010 SSH=22 IPCOP=222|445 Gnutella=6346|6347|6348 Kazaa=1214 WinMX=6699|7730 eDonkey=4661-4665 Messenger=1863|5000|5001|5190-5193 NTOP=3000 NETPROB=7030 _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
