Nope ... With debug the flags are shown for the non-terminal resolution
states. But [NetBIOS] flag is shown regardless of debug (code below)
It's almost as if the address resolution thread has stopped, so all you are
seeing is the cached and sniffed values.
You would have to run from a command prompt (ntop /c -xxxxx) not the service
to see the log, and look for THREADMGMT: entries for 'DNS address
resolution'.
But that's an area of code I'm re-writing for 3.2 and so I won't be doing
much in there re 3.1
-----Burton
if(el->hostResolvedNameType == FLAG_HOST_SYM_ADDR_TYPE_NETBIOS) {
strncat(noteBuf, " [NetBIOS]", (sizeof(noteBuf) - strlen(noteBuf) -
1));
}
...
switch (el->hostResolvedNameType) {
case FLAG_HOST_SYM_ADDR_TYPE_FCID:
case FLAG_HOST_SYM_ADDR_TYPE_FC_WWN:
case FLAG_HOST_SYM_ADDR_TYPE_FC_ALIAS:
strncat(noteBuf, " [FibreChannel]", (sizeof(noteBuf) -
strlen(noteBuf) - 1));
break;
case FLAG_HOST_SYM_ADDR_TYPE_MAC:
strncat(noteBuf, " [MAC]", (sizeof(noteBuf) - strlen(noteBuf) -
1));
break;
case FLAG_HOST_SYM_ADDR_TYPE_IPX:
strncat(noteBuf, " [IPX]", (sizeof(noteBuf) - strlen(noteBuf) -
1));
break;
case FLAG_HOST_SYM_ADDR_TYPE_IP:
strncat(noteBuf, " [IP]", (sizeof(noteBuf) - strlen(noteBuf) -
1));
break;
case FLAG_HOST_SYM_ADDR_TYPE_ATALK:
strncat(noteBuf, " [Appletalk]", (sizeof(noteBuf) -
strlen(noteBuf) - 1));
break;
case FLAG_HOST_SYM_ADDR_TYPE_NETBIOS:
/* Do nothing - handled in open code above */
break;
case FLAG_HOST_SYM_ADDR_TYPE_NAME:
break;
}
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ROBERSON, Brian Sent: Friday, June 24, 2005 11:39 AM To: [email protected] Subject: RE: [Ntop] NTOP latest Win32 Snapshot - DNS question Burton, The IP's that should resolve and don't do show an [IP] flag. The ones that do resolve have no flag and are correctly named (netbios name shown?) Brian _____ From: [EMAIL PROTECTED] on behalf of Burton Strauss Sent: Fri 6/24/2005 12:27 PM To: [email protected] Subject: RE: [Ntop] NTOP latest Win32 Snapshot - DNS question Check - on the ntop host - that these names are really resolvable via nslookup. But first read the docs/FAQ stuff and the back traffic on DNS sniffing. You can turn on the debug flag and - in the host name windows - will be able to see the flags for the resolution state. That will tell you how far ntop has been able to take name res, e.g.: 216.148.226.29 <http://tigger.burtonstrauss.local:13000/216.148.226.29.html> [IP] ^^^ says that this is a numeric IP address Unless it's reached a terminal state, there should be a flag in []s. -----Burton _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ROBERSON, Brian Sent: Friday, June 24, 2005 11:07 AM To: [email protected] Subject: [Ntop] NTOP latest Win32 Snapshot - DNS question I'm noticing that NTOP is not resolving a lot of our internal addresses. This isn't a big problem but mildly irritating having to resolve the address manually. Is there a way to check the configuration to enhance discovery of DNS names? Our environment is Windows 2003 Active Directory. Brian
<<attachment: winmail.dat>>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
