I found my problem. Two issues: 1. I didn't have CEF enabled on the router (not mentioned in the CICSO docs!)
2. netstat showed high RECV-Q stats for 2055 on my Linux box. Restarting NTOP resolved this. My NetFlows still does not show any packets or traffic? I don't know if this is important since I am getting data from netflow. I have to give credit to a doc I found on google. Read it at: http://www.mirrors.wiretapped.net/security/network-monitoring/ntop/ntop-netf low-cisco.pdf shawn -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Claudio Martella Sent: Sunday, October 24, 2004 1:48 PM To: [EMAIL PROTECTED] Subject: Re: [Ntop] NetFlow Actually IIRC the module doesn't give the kind of stats you were looking for. I mean even if it recieves che netflow datagrams and calculates the stats, that counters are incremented. They actually don't work. Just switch to the netflow-device and look at the ntop host or traffic stats, and see if everything is fine. I don't know if the NTOP team reccomends a particular distro, but i wouldn't say there's one. On Sun, Oct 24, 2004 at 12:54:31PM -0600, Shawn Wall wrote: > I'm using the NTOP 3.0 rpm for Mandrake 10.x. I tried compiling NTOP on > Mandrake but I found that it was not working i.e. I gave up and took the > easy road. Is there a preferred/recommend Linux distro for NTOP? > > shawn > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Claudio Martella > Sent: Sunday, October 24, 2004 12:50 PM > To: [EMAIL PROTECTED] > Subject: Re: [Ntop] NetFlow > > What version are you using? I experience the same problem with the debian > package. Try compiling the last version by yourself. > > On Sun, Oct 24, 2004 at 11:10:56AM -0600, Shawn Wall wrote: > > I've recently tried sending Netflow exports from my 2501 to my NTOP box. I > > sniffed the wire and I can see udp flow export packets from 80 to 128 > bytes > > in length sent to NTOP from the router. I checked NTOP under NETFLOWS and > it > > shows 0 packets and 0 traffic. Any ideas? Thanks. > > > > > > > > shawn > > > > > > > > > > > > > > > > > _______________________________________________ > > Ntop mailing list > > [EMAIL PROTECTED] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > -- > Claudio "thefly" Martella > [EMAIL PROTECTED] > GNU/PG keyid: 0x8EA95625 > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > -- Claudio "thefly" Martella [EMAIL PROTECTED] GNU/PG keyid: 0x8EA95625 _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
