Right, read the page on "About sorting of 'host' and 'domain'",
hostSortNote.html.  There was a lot of discussion about this in the back
traffic around Dec/Jan.

On reason is that ntop may be learning names for things from sniffing DNS
queries others make.  Those don't necessarily happen at the same time ntop
first sees a host.

-----Burton


> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Jon Garlock
> Sent: Tuesday, June 15, 2004 2:19 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Ntop] ntop newbie
>
>
>
> Ok, I have an update to my own stupid question.
>
> The "dns" portion of this issue resolves itself in time.  After ~10
> minutes (? Guessing), ntop replaces that random machine name with the
> actual dns name of that router.
>
> However, I still do not see any of the traffic from the remote sites.
> It's all associated with the IP address of the router (either that, or
> that router is one busy web surfer!  Lots of AIM pals, too! Heh).
>
> Thanks,
> Jon.
>
> -----Original Message-----
> From: Jon Garlock
> Sent: Tuesday, June 15, 2004 2:55 PM
> To: [EMAIL PROTECTED]
> Subject: [Ntop] ntop newbie
>
> I have what is very likely an extremely basic ntop question.  Apologies
> in advance.  I've recently dumped the win32 version in favor of the
> Linux version, and it's working _extremely_ well.  Course, I have very
> little experience in this area, so it takes me 20 minutes to figure out
> things like "ps ax" and kill :)  So it's not that I'm adverse to reading
> documentation ..
>
> Anyways, my question/issue.  I might be giving more data than required,
> or not enough for that matter, who knows.  Not me - else why would I
> mail? heh
>
> We're currently a "hub and spokes" topology.  Large HQ site (me), about
> 10 remote sites.  HQ is about 4x as large as anybody else.
>
> I'm running ntop 3.0.051 on redhat fedora core 2.  This box is plugged
> into a hub.  Also in the hub is a patch to our backbone, and a patch to
> our firewall.   ntop is started with -d, -u and -m.  I list all the
> subnets for our various offices after -m, separated by commas (ie;
> 10.0.0.0/16, 10.1.0.0/16, etc).
>
> With that out of the way, here's the issue:  for some reason, the IP
> address for the router which is our default gateway in the HQ office is
> assigned some random users DNS name.  All traffic coming from that
> primary router gets assigned to this person/IP.
>
> Did that make sense?  I'll add a bit more detail, because even I'm not
> sure I understand my own english here.
>
> Lets say the IP address for the primary gateway router (a cisco 3745, if
> that matters) is 10.0.0.1.  ntop starts, and in any of the traffic
> reports, 10.0.0.1 is assigned some other DNS name .. lets say jgarlockxp
> .. in all the reports.  It appears as if ANY traffic from ANY remote
> office is "assigned"/attributed to this IP.  Sure makes them seem damned
> busy on the net!
>
> Any idea why this is?  Are there config changes I can do to resolve
> this?  I'm just looking for the top network (well, internet) users in
> our enterprise.
>
> Thanks,
>
> Jon Garlock
>
>
> J.H. Cohn LLP
> 75 Eisenhower Parkway
> Roseland, NJ 07068
> tel (973) 403-7961
>
> www.JHCohn.com <http://www.jhcohn.com/> "Your Source for Business
> Solutions"
> --------------------------------------------------------
> The information in this transmission is privileged and
> confidential and intended only for the recipient listed above. If
> you are not the intended recipient, please advise the sender
> immediately by reply e-mail and delete this message and any
> attachments without retaining a copy. If you are not the intended
> recipient, you are hereby notified that any disclosure, copying
> or distribution of this message, or the taking of any action
> based upon it, is strictly prohibited.
> Thank you.
>
>
>
> _______________________________________________
> Ntop mailing list
> [EMAIL PROTECTED]
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop

Reply via email to