Doh! Ran the new build of ntop with command-line args rather than customised /etc/ntop.conf arg file, so missed --no-mac.
Tried it again with your change to util.c, and there's my missing host! The missing host is even showing up under the "Last Contacted Peers" table when I look at the info of a remote machine that it is connected to, so the fix looks fine. Thanks for your help Burton. Keep up the excellent work ntop team. Regards, scott > -----Original Message----- > From: Burton Strauss [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 17 May 2005 12:20 PM > To: [email protected] > Subject: RE: [Ntop] Missing host with IP 10.20.3.0 > > Try -o | --no-mac with the patch. If you are doing NAT or > certain switching you need it. > > -----Burton > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Kinnane, Scott > Sent: Monday, May 16, 2005 9:04 PM > To: [email protected] > Subject: RE: [Ntop] Missing host with IP 10.20.3.0 > > Hi Burton, > > I gave it a shot, but no go - in fact it made it so the > connections that were associated with 10.20.3.0 appeared to > come from 10.20.3.6 > (10.20.3.6 is the only other host on this LAN) - so who knows > what would happen if other hosts were on the LAN! Any suggestions? > > I'm trying to recompile it again with DEBUG and ADDRESS_DEBUG > enabled to see if that sheds some light.... > > Regards, > > scott > > > -----Original Message----- > > From: Burton Strauss [mailto:[EMAIL PROTECTED] > > Sent: Monday, 16 May 2005 8:39 PM > > To: [email protected] > > Subject: RE: [Ntop] Missing host with IP 10.20.3.0 > > > > Actually you are right. This cr*p code is burried in util.c: > > > > unsigned short in_isBroadcastAddress(struct in_addr *addr) { > > int i; > > > > if(addr == NULL) > > return 1; > > else if(addr->s_addr == 0x0) > > return 0; /* IP-less myGlobals.device (is it trying to boot via > > DHCP/BOOTP ?) */ > > else { > > for(i=0; i<myGlobals.numDevices; i++) { > > if(!myGlobals.device[i].virtualDevice) { > > if(myGlobals.device[i].netmask.s_addr == > 0xFFFFFFFF) /* PPP */ > > return 0; > > else if(((addr->s_addr | > > myGlobals.device[i].netmask.s_addr) == > > addr->s_addr) > > || ((addr->s_addr & 0x000000FF) == 0x000000FF) > > || ((addr->s_addr & 0x000000FF) == > > 0x00000000) /* Network address */ > > ) { > > #ifdef DEBUG > > traceEvent(CONST_TRACE_INFO, "DEBUG: %s is a broadcast > > address", intoa(*addr)); #endif > > return 1; > > } > > } > > } > > > > return(in_isPseudoBroadcastAddress(addr)); > > } > > } > > > > > > Make it this: > > > > unsigned short in_isBroadcastAddress(struct in_addr *addr) { > > int i; > > > > if(addr == NULL) > > return 1; > > else if(addr->s_addr == 0x0) > > return 0; /* IP-less myGlobals.device (is it trying to boot via > > DHCP/BOOTP ?) */ > > else { > > for(i=0; i<myGlobals.numDevices; i++) { > > if(!myGlobals.device[i].virtualDevice) { > > if(myGlobals.device[i].netmask.s_addr == 0xFFFFFFFF) > > /* PPP */ { > > return 0; > > } else if((addr->s_addr | > > myGlobals.device[i].netmask.s_addr) == > > addr->s_addr) { > > #ifdef DEBUG > > traceEvent(CONST_TRACE_INFO, "DEBUG: %s is a broadcast > > address", intoa(*addr)); #endif > > return 1; > > } else if((addr->s_addr & > > ~myGlobals.device[i].netmask.s_addr) == > > ~myGlobals.device[i].netmask.s_addr) { #ifdef DEBUG > > traceEvent(CONST_TRACE_INFO, "DEBUG: %s is a network > > address", intoa(*addr)); #endif > > return 1; > > } > > } > > } > > > > return(in_isPseudoBroadcastAddress(addr)); > > } > > } > > > > > > And let me know... > > > > -----Burton > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf > > Of Kinnane, Scott > > Sent: Monday, May 16, 2005 1:02 AM > > To: [email protected] > > Subject: [Ntop] Missing host with IP 10.20.3.0 > > > > Hi all, > > > > Just wondering if anyone has seen the following problem: > > > > We have a local subnet 10.20.0.0/255.255.0.0, however a > user with an > > IP address of 10.20.3.0 does not show up under any of the > web tables > > with Ntop. > > I tell ntop that 10.0.0.0/8 is a local network to make sorting the > > hosts easier, but it doesn't show up under the "IP -> Summary -> > > Traffic" table, either with the [All] option or [Local Option] > > selected. > > > > How do I know 10.20.3.0 is doing anything at all? Tcpdump > shows that a > > lot > > (most) of the traffic on the monitored interface is related to this > > host. > > The odd thing is, when I select (from the "IP -> Summary -> > Traffic" > > table) a remote host that 10.20.3.0 is making a connections to, it > > shows the ports that connections are being made on - it > doesn't list > > the 10.20.3.0 host. > > > > Is it possible that a.b.c.0 is assumed to be a network IP > address and > > is therefore ignored? Has anyone seen this before? Note > that the LAN > > subnet makes it so the host portion is the last 2 bytes of > the address > > (3.0), so it should be a valid host IP. > > > > System setup: > > Linux Redhat 9 (running 2.6.7 kernel) > > Ntop ver 3.1 > > Libpcap ver 0.7.2 > > > > Regards, > > > > scott > > _______________________________________________ > > Ntop mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > _______________________________________________ > > Ntop mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
