I too
just got ntop to work...sort of. I'm very interested in getting Netflow to
work.
Ayn,
What
cisco device do you have?
On my
cisco 6509, I have done the following:
1.
port mirror/monitor a port with another on the 6509 and then I plugged a network
cable in connecting this port to the un-assigned interface of my linux box(eth1)
. (I run snort listening on this interface...eth1) (I use eth0
of rmanagement, ssh, web...etc)
Ntop
is able to gather statistics when set to listen on this
interface.
However it does not collect:
- AS
info
- vlan
info
-
various options under the Traffic tab
2. I
then wanted to give Netflow a try. So I have enable Netflow (NDE is also
the name) on my cisco 6509 switch portion and msfc. I pointed the sw and
msfc to management ip address of my linux box running ntop.
Ntop
is then configured to run and listen on no interfaces....per the
instructions/man page, it then acts as a collector only.
I then
enable the NetFlow plugins and then configure my netflow
interfaces.
Here is where I have a question:
When
configuring a netflow virtual device, say that my 6509 switch sending the
netflow has an ip address of 10.1.254.254 and my msfc is
10.1.254.1.
Now do
I enter in
a)
10.1.254.254/255.255.255.255
or
b)
10.1.254.0/255.255.255.0
(in my ntop.conf i have "-m
10.1.0.0/16,10.11.0.0/16"
Now
under NTOP via the www, you can switch between netflow devices....I do so
information but I'm wondering if I am setting things up incorrecty. (maybe
on ntop side or switch side).
I'm
not geting vlan or netflow information....just AS info and traffic
info.
If
anyone has successfully set up ntop and Netflow from cisco devices, would you
please let us know your methods in getting this technology to
work?
Thank
you,
Jason
T.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Tripp Garvin (Lenox)
Sent: Friday, December 17, 2004 1:10 PM
To: [EMAIL PROTECTED]
Subject: [Ntop] installationI have downloaded NTOP and I am installing it in my network. When installing network devices on a Cisco network I usually have to put the port into Monitor (SPAN) mode. Does NTOP require one port for gathering data and another for administration?Throughout the centuries there were men who took first steps, down new roads, armed with nothing but their own vision.
Ayn Randwho is John Galt?
_______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
