Try -o | --no-mac with the patch. If you are doing NAT or certain switching you need it.
-----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kinnane, Scott Sent: Monday, May 16, 2005 9:04 PM To: [email protected] Subject: RE: [Ntop] Missing host with IP 10.20.3.0 Hi Burton, I gave it a shot, but no go - in fact it made it so the connections that were associated with 10.20.3.0 appeared to come from 10.20.3.6 (10.20.3.6 is the only other host on this LAN) - so who knows what would happen if other hosts were on the LAN! Any suggestions? I'm trying to recompile it again with DEBUG and ADDRESS_DEBUG enabled to see if that sheds some light.... Regards, scott > -----Original Message----- > From: Burton Strauss [mailto:[EMAIL PROTECTED] > Sent: Monday, 16 May 2005 8:39 PM > To: [email protected] > Subject: RE: [Ntop] Missing host with IP 10.20.3.0 > > Actually you are right. This cr*p code is burried in util.c: > > unsigned short in_isBroadcastAddress(struct in_addr *addr) { > int i; > > if(addr == NULL) > return 1; > else if(addr->s_addr == 0x0) > return 0; /* IP-less myGlobals.device (is it trying to boot via > DHCP/BOOTP ?) */ > else { > for(i=0; i<myGlobals.numDevices; i++) { > if(!myGlobals.device[i].virtualDevice) { > if(myGlobals.device[i].netmask.s_addr == 0xFFFFFFFF) /* PPP */ > return 0; > else if(((addr->s_addr | > myGlobals.device[i].netmask.s_addr) == > addr->s_addr) > || ((addr->s_addr & 0x000000FF) == 0x000000FF) > || ((addr->s_addr & 0x000000FF) == > 0x00000000) /* Network address */ > ) { > #ifdef DEBUG > traceEvent(CONST_TRACE_INFO, "DEBUG: %s is a broadcast > address", intoa(*addr)); #endif > return 1; > } > } > } > > return(in_isPseudoBroadcastAddress(addr)); > } > } > > > Make it this: > > unsigned short in_isBroadcastAddress(struct in_addr *addr) { > int i; > > if(addr == NULL) > return 1; > else if(addr->s_addr == 0x0) > return 0; /* IP-less myGlobals.device (is it trying to boot via > DHCP/BOOTP ?) */ > else { > for(i=0; i<myGlobals.numDevices; i++) { > if(!myGlobals.device[i].virtualDevice) { > if(myGlobals.device[i].netmask.s_addr == 0xFFFFFFFF) > /* PPP */ { > return 0; > } else if((addr->s_addr | > myGlobals.device[i].netmask.s_addr) == > addr->s_addr) { > #ifdef DEBUG > traceEvent(CONST_TRACE_INFO, "DEBUG: %s is a broadcast > address", intoa(*addr)); #endif > return 1; > } else if((addr->s_addr & > ~myGlobals.device[i].netmask.s_addr) == > ~myGlobals.device[i].netmask.s_addr) { #ifdef DEBUG > traceEvent(CONST_TRACE_INFO, "DEBUG: %s is a network > address", intoa(*addr)); #endif > return 1; > } > } > } > > return(in_isPseudoBroadcastAddress(addr)); > } > } > > > And let me know... > > -----Burton > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Kinnane, Scott > Sent: Monday, May 16, 2005 1:02 AM > To: [email protected] > Subject: [Ntop] Missing host with IP 10.20.3.0 > > Hi all, > > Just wondering if anyone has seen the following problem: > > We have a local subnet 10.20.0.0/255.255.0.0, however a user with an > IP address of 10.20.3.0 does not show up under any of the web tables > with Ntop. > I tell ntop that 10.0.0.0/8 is a local network to make sorting the > hosts easier, but it doesn't show up under the "IP -> Summary -> > Traffic" table, either with the [All] option or [Local Option] > selected. > > How do I know 10.20.3.0 is doing anything at all? Tcpdump shows that a > lot > (most) of the traffic on the monitored interface is related to this > host. > The odd thing is, when I select (from the "IP -> Summary -> Traffic" > table) a remote host that 10.20.3.0 is making a connections to, it > shows the ports that connections are being made on - it doesn't list > the 10.20.3.0 host. > > Is it possible that a.b.c.0 is assumed to be a network IP address and > is therefore ignored? Has anyone seen this before? Note that the LAN > subnet makes it so the host portion is the last 2 bytes of the address > (3.0), so it should be a valid host IP. > > System setup: > Linux Redhat 9 (running 2.6.7 kernel) > Ntop ver 3.1 > Libpcap ver 0.7.2 > > Regards, > > scott > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
