|
No need to configure a second NIC as the NetFlow comes in
in UDP packets to the interface its addressed to. You can start Ntop to
only point at the NetFlow virtual interface if you don't want to sniff on a
physical NIC (see back traffic). The physical NIC analysis won't do anything
with the contents of the NetFlow packets - just count how many come to the interface, time periods, etc - like any other hosts that NIC sees. So you're not
seeing the Video Conference stuff on the physical NIC since the Video Conference is not pointed at the Ntop box (making an assumption here....).
That being said, you have the first step in troubleshooting
right in front of you. Look at your physical NIC's traffic. Do you see the NetFlow coming in? Look for UDP packets from the router to your collector on the
port you have configured. Do you see them? Yes? then you need to troubleshoot
Ntop. No? Your problem is elsewhere. Check your router config and routing back
to the collector.
The Virtual interface address should be an address on a
network you wish to be seen as "local" by Ntop.
Chris From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wixted, Joe Sent: Tuesday, February 22, 2005 11:20 AM To: [email protected] Subject: [Ntop] [newbie alert!]Basic setup questions... Please be
gentle…. I’ve googled and hovered here for a while, but haven’t seen an
answer to my questions. I’ll be happy to read more, just point me in the
proper direction… I’ve got 3.1.1
running on a Windows 2003 server (no *nix here). I’ve got my Cisco 2600
router configured to send netflow traffic to this box. Ntop appears to be
listening to the correct port (netstat –an shows listening on that port), and
I’ve configured the netflow plugin to listen on that port. When I switch
nics, and have netflow use the new netflow nic, I don’t get any traffic.
If I switch back to the real nic, I get lots of traffic, but I don’t see the
traffic I’m looking for. I’d like to see the
traffic generated by our video conference equipment. Using
SNMPTrafficGrapher, I can see the spikes in traffic when the VC equipment is in
use, but ntop doesn’t seem to pick up on it (ports 1718, 1719 and 1720, I
believe)… Also, when
configuring the netflow device, the “virtual netflow interface network address”
– should this be the IP address of the nic? Or should I use a second
physical nic in the box to collect netflow data? Joe Wixted
MCSE,
MCP+I Manager, Publishing
Business Systems Our Sunday Visitor,
Inc. ********************************************************************** Confidential/Proprietary Note The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. Thank you. Guardian Mortgage Documents, Inc. 225 Union Boulevard, Suite 200 Lakewood, CO 80228. ********************************************************************** |
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
