I you haven't read the FAQ recently, you haven't read the FAQ. The version with 3.0 is a pretty extensive update/rewrite, although some stuff has changed since I did that in December...
See inline. -----Burton > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Michael Handiboe > Sent: Tuesday, March 16, 2004 9:08 AM > To: [EMAIL PROTECTED] > Subject: Re: [Ntop] plea for information > > > Having read the FAQ (but a while ago), I thought Burton would either > barrage me or The Boss. :-) > > Thanks to all for the many responses. I will do two things: > > 1-continue reading up on our 3Com 3300TM (3C16986A) > But from what I've seen, it looks like I can only 'connect' one > port to one port for purposes of traffic "mirroring". Yes, but think creatively and you'll be amazed at what you can do if you can 'waste' a pair of ports. Say you configure 24 to monitor 23. What's on 23??? It can be every VLAN in the box. With or without 802.1q tagging. So for example, I have four vlans - RED (unfiltered ethernet - from my ISP), GREEN and YELLOW/ORANGE (two DMZs). For sanity sake, I don't want to mix the RED lan with anything else, so I use two wires to uplink to my 3c16981 (one RED, no tagging, one GREEN+YELLOW+ORANGE, 802.1q tagged). But for ntop, I can put all four VLANs, untagged on port 23. Then monitor it on port 24, so that there's no chance of injecting traffic into the mixed port. Dump that into a hub and you can easily have two ntop hosts monitor the same flows. Now, a Cisco span port can do a lot more - I've got a client who uses FOUR spans. They do something like NAT on some of the traffic, but they want ntop to see the un-NATed traffic, so they combine NAT-in + NAT-out + notNAT-in + notNAT-out from different points in their switching fabric, netFlow that and have a full picture of the traffic. But I paid $36 on eBay for the 3c16985XM, vs. $600 used or $2000 new for the Cisco... > 2-(re)look over the stuff Burton talked about and I'll post my > command line here. > > Yeah, my Boss is a self-made (and self-proclaimed) networking guru. > I'm in a bit of a pinch -- ya'll can see that I'm hardly a > networking ninja. > > Anyway, three cheers to the Open Source community! > _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
