Ya know, I was thinking that I was being a bit tripped up by different versions of the FAQ ... I've read the whole 2.2v one and I'm working on the 3.0 now. I see some things I want to change already. It seems the FAQ linked via the web interface is latest.
Thanks again. ----- Original Message ----- From: "Burton M. Strauss III" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 16, 2004 9:33 AM Subject: RE: [Ntop] plea for information > I you haven't read the FAQ recently, you haven't read the FAQ. The version > with 3.0 is a pretty extensive update/rewrite, although some stuff has > changed since I did that in December... > > See inline. > > -----Burton > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > > Michael Handiboe > > Sent: Tuesday, March 16, 2004 9:08 AM > > To: [EMAIL PROTECTED] > > Subject: Re: [Ntop] plea for information > > > > > > Having read the FAQ (but a while ago), I thought Burton would either > > barrage me or The Boss. :-) > > > > Thanks to all for the many responses. I will do two things: > > > > 1-continue reading up on our 3Com 3300TM (3C16986A) > > But from what I've seen, it looks like I can only 'connect' one > > port to one port for purposes of traffic "mirroring". > > Yes, but think creatively and you'll be amazed at what you can do if you can > 'waste' a pair of ports. > > Say you configure 24 to monitor 23. What's on 23??? It can be every VLAN in > the box. With or without 802.1q tagging. > > So for example, I have four vlans - RED (unfiltered ethernet - from my ISP), > GREEN and YELLOW/ORANGE (two DMZs). For sanity sake, I don't want to mix > the RED lan with anything else, so I use two wires to uplink to my 3c16981 > (one RED, no tagging, one GREEN+YELLOW+ORANGE, 802.1q tagged). > > But for ntop, I can put all four VLANs, untagged on port 23. Then monitor > it on port 24, so that there's no chance of injecting traffic into the mixed > port. > > Dump that into a hub and you can easily have two ntop hosts monitor the same > flows. > > > Now, a Cisco span port can do a lot more - I've got a client who uses FOUR > spans. They do something like NAT on some of the traffic, but they want > ntop to see the un-NATed traffic, so they combine NAT-in + NAT-out + > notNAT-in + notNAT-out from different points in their switching fabric, > netFlow that and have a full picture of the traffic. > > But I paid $36 on eBay for the 3c16985XM, vs. $600 used or $2000 new for the > Cisco... > > > > > > > > 2-(re)look over the stuff Burton talked about and I'll post my > > command line here. > > > > Yeah, my Boss is a self-made (and self-proclaimed) networking guru. > > I'm in a bit of a pinch -- ya'll can see that I'm hardly a > > networking ninja. > > > > Anyway, three cheers to the Open Source community! > > > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
