Hello to all! First of all, nice work, it's a great software ;)
Then, I've a little problem with ntop and netflow plugin. This is my configuration: Ntop starts with: '/usr/local/bin/ntop -u ntop -d' NETFLOW PLUGIN CONFIGURATION Virtual NetFlow Interface Network Address: 172.16.0.0/255.248.0.0 In this way I can correcty divide between local network and remote network and it works. Local computers are correctly shown, remote too. Netflow V5 packets are coming from a Cisco Device on 172.18.18.1. This Cisco router is a gateway too and so it has a public IP too. I switch to right NIC and I can see all my packets coming and collecting. My problem is I cannot see the right amount of data coming from remote address to local address. I explain it better with an example: TOTAL RESET of counter, so it's clear ;) I send from my pc an email (1MB attachment) to my own email address. The mailserver is into remote network, it has a public IP. On ntop I can see the right output on my pc details: Smtp -> 1/1.0MB It means my pc has sent an email trought the gateway to the mailserver. The gateway has sent netflow data to ntop server (other server located into local network) and this information is correctly saved. Until here all OK! Now it's time to download the mail! I make a pop3 session to the public server to download my 1MB email and I download it locally, all ok. Then I refresh my page on the ntop server and here the new output: Smtp -> 1/1.0MB Pop3 -> 1/25K The pop3 session is correctly registered, BUT the data transfer is NOT right. I've downloaded a 1MB email, but only some KB are logged. As "Last Client Peer" I can see our right public mail server. I click to see the details about the mailserver. Here under "Last Contacted Peers" I've found my PC, also the pop3 connection is traced, but where is my 1MB traffic? Under "TCP/UDP Service/Port Usage" I've found it, but associated to the wrong host: Pop3 -> 1/1.1MB but associated to the gateway!! It means all returning traffic is associated to the public IP of the gateway. I remember the gateway has a private IP for local network and a public IP for nat. In the details of the gateway (on public IP) there is ONLY incoming traffic 100%, no outgoing. Also, how can I configure to have the right incoming traffic (R->L)? Thank's a lot! Simon _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
