I'm using ntop to see traffic going in and out of my box. It's not a
router. Yet I'm seeing a lot of traffic not addressed to my host. AFAIK my
provider has me connected by a switch. Does ntop do anything "interesting"
to make a switch port promiscuous so that I'd see that traffic, or am I
seeing a problem with the switch?
Here's what tcpdump shows (my address is 66.28.14.59 on a /28):
[EMAIL PROTECTED] root]# tcpdump 'ip and not net 66.28.14.48 and not
host 66.28.14.59' -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
15:35:32.089565 IP 64.12.117.9.49634 > 38.113.32.72.http: F
3814351394:3814351394(0) ack 3981589166 win 6432
15:35:32.243815 IP 66.42.50.123.prsvp > 38.113.32.72.http: . ack 3969251638
win 5840
15:35:32.308265 IP 83.93.104.200.2404 > 38.113.32.72.http: . ack 3993733870
win 64240
15:35:32.336584 IP 83.93.104.200.2404 > 38.113.32.72.http: P 0:736(736) ack
1 win 64240
15:35:32.339730 IP 83.93.104.200.2403 > 38.113.32.72.http: . ack 3979686177
win 63956
15:35:32.342969 IP 83.93.104.200.2403 > 38.113.32.72.http: F 0:0(0) ack 1
win 63956
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
