Right, read the page on "About sorting of 'host' and 'domain'", hostSortNote.html. There was a lot of discussion about this in the back traffic around Dec/Jan.
On reason is that ntop may be learning names for things from sniffing DNS queries others make. Those don't necessarily happen at the same time ntop first sees a host. -----Burton > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Jon Garlock > Sent: Tuesday, June 15, 2004 2:19 PM > To: [EMAIL PROTECTED] > Subject: RE: [Ntop] ntop newbie > > > > Ok, I have an update to my own stupid question. > > The "dns" portion of this issue resolves itself in time. After ~10 > minutes (? Guessing), ntop replaces that random machine name with the > actual dns name of that router. > > However, I still do not see any of the traffic from the remote sites. > It's all associated with the IP address of the router (either that, or > that router is one busy web surfer! Lots of AIM pals, too! Heh). > > Thanks, > Jon. > > -----Original Message----- > From: Jon Garlock > Sent: Tuesday, June 15, 2004 2:55 PM > To: [EMAIL PROTECTED] > Subject: [Ntop] ntop newbie > > I have what is very likely an extremely basic ntop question. Apologies > in advance. I've recently dumped the win32 version in favor of the > Linux version, and it's working _extremely_ well. Course, I have very > little experience in this area, so it takes me 20 minutes to figure out > things like "ps ax" and kill :) So it's not that I'm adverse to reading > documentation .. > > Anyways, my question/issue. I might be giving more data than required, > or not enough for that matter, who knows. Not me - else why would I > mail? heh > > We're currently a "hub and spokes" topology. Large HQ site (me), about > 10 remote sites. HQ is about 4x as large as anybody else. > > I'm running ntop 3.0.051 on redhat fedora core 2. This box is plugged > into a hub. Also in the hub is a patch to our backbone, and a patch to > our firewall. ntop is started with -d, -u and -m. I list all the > subnets for our various offices after -m, separated by commas (ie; > 10.0.0.0/16, 10.1.0.0/16, etc). > > With that out of the way, here's the issue: for some reason, the IP > address for the router which is our default gateway in the HQ office is > assigned some random users DNS name. All traffic coming from that > primary router gets assigned to this person/IP. > > Did that make sense? I'll add a bit more detail, because even I'm not > sure I understand my own english here. > > Lets say the IP address for the primary gateway router (a cisco 3745, if > that matters) is 10.0.0.1. ntop starts, and in any of the traffic > reports, 10.0.0.1 is assigned some other DNS name .. lets say jgarlockxp > .. in all the reports. It appears as if ANY traffic from ANY remote > office is "assigned"/attributed to this IP. Sure makes them seem damned > busy on the net! > > Any idea why this is? Are there config changes I can do to resolve > this? I'm just looking for the top network (well, internet) users in > our enterprise. > > Thanks, > > Jon Garlock > > > J.H. Cohn LLP > 75 Eisenhower Parkway > Roseland, NJ 07068 > tel (973) 403-7961 > > www.JHCohn.com <http://www.jhcohn.com/> "Your Source for Business > Solutions" > -------------------------------------------------------- > The information in this transmission is privileged and > confidential and intended only for the recipient listed above. If > you are not the intended recipient, please advise the sender > immediately by reply e-mail and delete this message and any > attachments without retaining a copy. If you are not the intended > recipient, you are hereby notified that any disclosure, copying > or distribution of this message, or the taking of any action > based upon it, is strictly prohibited. > Thank you. > > > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
