Hello Chris,
Thank you very much for replying to my previous enquiries about ntop. I
really
appreciate it. We're still unable to get ntop to do what we need.
Following is
a more detailed description of what we'd like to do and the problems we're
having.
We have a switch which sits between a router and a server. We'd like to
view
all traffic going both directions between the router and the server.
----------- ----------- ----------
| Router | --------| Switch | ---------- | Server |
----------- ----------- ----------
| |
| |
| |
| | 0
| ---------------------| ntop on Linux |
|
| 1
|
-------------------------------------
The switch is capable of "port mirroring" whereby all traffic going through
one
port (to the server) is mirrorred to another port (the Linux box running
ntop on
eth0). We have a second ethernet interface on the Linux box (eth1) which we
use
to access ntop and view the network traffic stats in a web browser.
We start ntop with "ntop -M -i eth0" so that it separates traffic by
interface
and listens on eth0.
The problem is that when we do this, we are unable to view the local matrix
(Local IP/Local Matrix) in ntop.
Do you have any suggestions on how we might configure our ethernet
interfaces/ntop so that we can view the local matrix?
Muchos Gracias for your help!
Brian Worrell
Network Manager
IU Medical Group
317-860-2737
-----Original Message-----
From: Chris Moore - GMD [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 02, 2004 8:07 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [Ntop] Cisco Port mirror and NTOP
oops, sorry for the subject confusion. My faux-paux.
Here's what I do: I start ntop as a service at boot. In my /etc/ntop.conf
file I specify the interfaces (eth1, eth2) to listen on with the -i flag. I
do not assign addresses to the interfaces I listen on. In this case, ntop
brings the interfaces up without IPs. If I shut one down with ifconfig, I
have to reboot the machine to bring it back up; ifconfig will not bring it
up w/ no IP. So my ifconfig output ends up looking like this (just to prove
I'm not making this up! ;-) ):
eth0 Link encap:Ethernet HWaddr 00:04:AC:25:F1:69
inet addr:10.12.232.223 Bcast:10.12.232.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:534 errors:0 dropped:0 overruns:0 frame:0
TX packets:104 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:49975 (48.8 Kb) TX bytes:23282 (22.7 Kb)
Interrupt:9 Base address:0xef40 Memory:fb9ff000-fb9ff038
eth1 Link encap:Ethernet HWaddr 00:04:76:D4:03:09
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:36960 errors:0 dropped:0 overruns:1 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:6762554 (6.4 Mb) TX bytes:0 (0.0 b)
Interrupt:7 Base address:0xec00
eth2 Link encap:Ethernet HWaddr 00:10:4B:2B:47:9D
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:801 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:158340 (154.6 Kb) TX bytes:0 (0.0 b)
Interrupt:10 Base address:0xee80
Chris
-----Original Message-----
Date: Tue, 1 Jun 2004 18:27:58 -0500
From: Brian Worrell <[EMAIL PROTECTED]>
Subject: RE: [Ntop] Cisco Port mirror and NTOP
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain
I have tried that, and I also tried a different OS, I had fedora, I
tried SUSE 9.1, also RedHat 9. All seem to have the same issue, without
an IP, the interface does not come up, at least where NTOP can see it.
I do not think this is an NTOP issue, but a Linux question. Does anyone
know how to bring up the interface without having an IP?
Brian Worrell
Network Manager
IU Medical Group
317-860-2737
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
