Hi all, Just wondering if anyone has seen the following problem:
We have a local subnet 10.20.0.0/255.255.0.0, however a user with an IP address of 10.20.3.0 does not show up under any of the web tables with Ntop. I tell ntop that 10.0.0.0/8 is a local network to make sorting the hosts easier, but it doesn't show up under the "IP -> Summary -> Traffic" table, either with the [All] option or [Local Option] selected. How do I know 10.20.3.0 is doing anything at all? Tcpdump shows that a lot (most) of the traffic on the monitored interface is related to this host. The odd thing is, when I select (from the "IP -> Summary -> Traffic" table) a remote host that 10.20.3.0 is making a connections to, it shows the ports that connections are being made on - it doesn't list the 10.20.3.0 host. Is it possible that a.b.c.0 is assumed to be a network IP address and is therefore ignored? Has anyone seen this before? Note that the LAN subnet makes it so the host portion is the last 2 bytes of the address (3.0), so it should be a valid host IP. System setup: Linux Redhat 9 (running 2.6.7 kernel) Ntop ver 3.1 Libpcap ver 0.7.2 Regards, scott _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
