Actually you are right. This cr*p code is burried in util.c:
unsigned short in_isBroadcastAddress(struct in_addr *addr) {
int i;
if(addr == NULL)
return 1;
else if(addr->s_addr == 0x0)
return 0; /* IP-less myGlobals.device (is it trying to boot via
DHCP/BOOTP ?) */
else {
for(i=0; i<myGlobals.numDevices; i++) {
if(!myGlobals.device[i].virtualDevice) {
if(myGlobals.device[i].netmask.s_addr == 0xFFFFFFFF) /* PPP */
return 0;
else if(((addr->s_addr | myGlobals.device[i].netmask.s_addr) ==
addr->s_addr)
|| ((addr->s_addr & 0x000000FF) == 0x000000FF)
|| ((addr->s_addr & 0x000000FF) == 0x00000000) /* Network
address */
) {
#ifdef DEBUG
traceEvent(CONST_TRACE_INFO, "DEBUG: %s is a broadcast address",
intoa(*addr));
#endif
return 1;
}
}
}
return(in_isPseudoBroadcastAddress(addr));
}
}
Make it this:
unsigned short in_isBroadcastAddress(struct in_addr *addr) {
int i;
if(addr == NULL)
return 1;
else if(addr->s_addr == 0x0)
return 0; /* IP-less myGlobals.device (is it trying to boot via
DHCP/BOOTP ?) */
else {
for(i=0; i<myGlobals.numDevices; i++) {
if(!myGlobals.device[i].virtualDevice) {
if(myGlobals.device[i].netmask.s_addr == 0xFFFFFFFF) /* PPP */ {
return 0;
} else if((addr->s_addr | myGlobals.device[i].netmask.s_addr) ==
addr->s_addr) {
#ifdef DEBUG
traceEvent(CONST_TRACE_INFO, "DEBUG: %s is a broadcast address",
intoa(*addr));
#endif
return 1;
} else if((addr->s_addr & ~myGlobals.device[i].netmask.s_addr) ==
~myGlobals.device[i].netmask.s_addr) {
#ifdef DEBUG
traceEvent(CONST_TRACE_INFO, "DEBUG: %s is a network address",
intoa(*addr));
#endif
return 1;
}
}
}
return(in_isPseudoBroadcastAddress(addr));
}
}
And let me know...
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Kinnane, Scott
Sent: Monday, May 16, 2005 1:02 AM
To: [email protected]
Subject: [Ntop] Missing host with IP 10.20.3.0
Hi all,
Just wondering if anyone has seen the following problem:
We have a local subnet 10.20.0.0/255.255.0.0, however a user with an IP
address of 10.20.3.0 does not show up under any of the web tables with Ntop.
I tell ntop that 10.0.0.0/8 is a local network to make sorting the hosts
easier, but it doesn't show up under the "IP -> Summary -> Traffic" table,
either with the [All] option or [Local Option] selected.
How do I know 10.20.3.0 is doing anything at all? Tcpdump shows that a lot
(most) of the traffic on the monitored interface is related to this host.
The odd thing is, when I select (from the "IP -> Summary -> Traffic" table)
a remote host that 10.20.3.0 is making a connections to, it shows the ports
that connections are being made on - it doesn't list the 10.20.3.0 host.
Is it possible that a.b.c.0 is assumed to be a network IP address and is
therefore ignored? Has anyone seen this before? Note that the LAN subnet
makes it so the host portion is the last 2 bytes of the address (3.0), so it
should be a valid host IP.
System setup:
Linux Redhat 9 (running 2.6.7 kernel)
Ntop ver 3.1
Libpcap ver 0.7.2
Regards,
scott
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
