I'm going to be setting up 2 or 3 more of these ntop boxes to peek at other "critical" network segments. If it would be useful, I can document my newbie fumblings .. "Newbie ntop Guide", by A Stupid Newbie.
Or, if there are docs which you'd more like to see, point me in the right direction. A few simple "hey wouldn't THIS be neat for your org to see in ntop", and I'm off reading/tinkering/writing for days :). I have the whole newbie caveat thing, but that just means I won't exlude points assuming everyone knows the small stuff! Thanks, Jon. -------------------------- Sent from my BlackBerry Wireless Handheld -----Original Message----- From: Burton M. Strauss III <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Sent: Tue Jun 15 17:42:23 2004 Subject: RE: [Ntop] ntop newbie No worries - unfortunately, because nobody is willing to contribute the effort, most of the documentation is sadly out of date. About the only thing that's close to current is the man page and docs/FAQ. -----Burton > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Jon Garlock > Sent: Tuesday, June 15, 2004 4:36 PM > To: [EMAIL PROTECTED] > Subject: Re: [Ntop] ntop newbie > > > I was honest up front about my being a stupid newbie :). > > Also, being new to linux, I'm awash in documentation. "Next task" > has become synonymous with "read 5 pages of docs". Little things, > like figuring out that I had to EXPORT the cvshost environment > variable for example, takes 20 minutes! Reading all the boot > process documentation to get at rc.local was nearly an hour :). > > I had read "most" of the ntop docs .. It's just that, being a > stupid newbie, I have a limit on how much I can actually absorb > and then apply. > > That single "eureka!" moment makes it all worthwhile :) > > Anyways, this is just an extremely long winded thanks! > > Thanks, > Jon. > > -------------------------- > Sent from my BlackBerry Wireless Handheld > > > -----Original Message----- > From: Burton M. Strauss III <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> > Sent: Tue Jun 15 17:22:38 2004 > Subject: RE: [Ntop] ntop newbie > > Nope, that's the right answer, as I said in my other reply, READ the > docs/FAQ file. > -----Burton > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > > Jon Garlock > > Sent: Tuesday, June 15, 2004 4:06 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [Ntop] ntop newbie > > > > > > > > And maybe I solved all my stupid newbie questions :) > > > > I believe this was some type of problem related to MAC addresses. > > Anything to/from that router would have the MAC of that router, no? > > > > Well, I added "-o" to test my "stupid newbie" theory. And now I'm > > seeing all the "remote" hosts from our "spoke" offices the way I wanted > > to see them. > > > > My only fear now is that I'm just happening to get "lucky", and that > > there are other causes/effects I'm not taking into account. Any tips, > > hand holding, or pats on the back appreciated :) > > > > Thanks, > > Jon. > > > > -----Original Message----- > > From: Jon Garlock > > Sent: Tuesday, June 15, 2004 3:19 PM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [Ntop] ntop newbie > > > > > > Ok, I have an update to my own stupid question. > > > > The "dns" portion of this issue resolves itself in time. After ~10 > > minutes (? Guessing), ntop replaces that random machine name with the > > actual dns name of that router. > > > > However, I still do not see any of the traffic from the remote sites. > > It's all associated with the IP address of the router (either that, or > > that router is one busy web surfer! Lots of AIM pals, too! Heh). > > > > Thanks, > > Jon. > > > > -----Original Message----- > > From: Jon Garlock > > Sent: Tuesday, June 15, 2004 2:55 PM > > To: [EMAIL PROTECTED] > > Subject: [Ntop] ntop newbie > > > > I have what is very likely an extremely basic ntop question. Apologies > > in advance. I've recently dumped the win32 version in favor of the > > Linux version, and it's working _extremely_ well. Course, I have very > > little experience in this area, so it takes me 20 minutes to figure out > > things like "ps ax" and kill :) So it's not that I'm adverse to reading > > documentation .. > > > > Anyways, my question/issue. I might be giving more data than required, > > or not enough for that matter, who knows. Not me - else why would I > > mail? heh > > > > We're currently a "hub and spokes" topology. Large HQ site (me), about > > 10 remote sites. HQ is about 4x as large as anybody else. > > > > I'm running ntop 3.0.051 on redhat fedora core 2. This box is plugged > > into a hub. Also in the hub is a patch to our backbone, and a patch to > > our firewall. ntop is started with -d, -u and -m. I list all the > > subnets for our various offices after -m, separated by commas (ie; > > 10.0.0.0/16, 10.1.0.0/16, etc). > > > > With that out of the way, here's the issue: for some reason, the IP > > address for the router which is our default gateway in the HQ office is > > assigned some random users DNS name. All traffic coming from that > > primary router gets assigned to this person/IP. > > > > Did that make sense? I'll add a bit more detail, because even I'm not > > sure I understand my own english here. > > > > Lets say the IP address for the primary gateway router (a cisco 3745, if > > that matters) is 10.0.0.1. ntop starts, and in any of the traffic > > reports, 10.0.0.1 is assigned some other DNS name .. lets say jgarlockxp > > .. in all the reports. It appears as if ANY traffic from ANY remote > > office is "assigned"/attributed to this IP. Sure makes them seem damned > > busy on the net! > > > > Any idea why this is? Are there config changes I can do to resolve > > this? I'm just looking for the top network (well, internet) users in > > our enterprise. > > > > Thanks, > > > > Jon Garlock > > > > > > J.H. Cohn LLP > > 75 Eisenhower Parkway > > Roseland, NJ 07068 > > tel (973) 403-7961 > > > > www.JHCohn.com <http://www.jhcohn.com/> "Your Source for Business > > Solutions" > > -------------------------------------------------------- > > The information in this transmission is privileged and > > confidential and intended only for the recipient listed above. If > > you are not the intended recipient, please advise the sender > > immediately by reply e-mail and delete this message and any > > attachments without retaining a copy. If you are not the intended > > recipient, you are hereby notified that any disclosure, copying > > or distribution of this message, or the taking of any action > > based upon it, is strictly prohibited. > > Thank you. > > > > > > > > _______________________________________________ > > Ntop mailing list > > [EMAIL PROTECTED] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
