Hi Gary, I've found the problem and I've described it in my last mail sent to mailinglist some days ago. I need to set appropiate policy routing on the Cisco router and obtain a complete netflow traffic, NOT incoming packets splitted between public and private lan. It's not a ntop problem. I'm testing it in these days, I could tell you more when I'm finished. Yep, I'm italian, If you have questions not concern this issue, you can write me private a mail.
Have a nice day! Simon > -----Messaggio originale----- > Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Per > conto di Gary Gatten > Inviato: mercoledì 15 marzo 2006 18.05 > A: [email protected] > Oggetto: Re: [Ntop] Ntop and netflow plugin question > > > Hello, > > Did you ever get this resolved? I'd be curious what the > resolution was. I don't have this problem now, but I can see > where it would be quite common. > > Thanks! > > Also, are you in Italy and speak Italian? If so I could use > your help communicating with Nicoletti. I have some Leather > furniture and need a matching piece and can't find anyone in > the states to help me. > > Gary > > > > >>> [EMAIL PROTECTED] 3/7/2006 4:38:22 AM >>> > Hello to all! > > First of all, nice work, it's a great software ;) > > Then, I've a little problem with ntop and netflow plugin. > This is my configuration: > > Ntop starts with: '/usr/local/bin/ntop -u ntop -d' > > NETFLOW PLUGIN CONFIGURATION > > Virtual NetFlow Interface Network Address: > 172.16.0.0/255.248.0.0 In this way I can correcty divide > between local network and remote network and it works. Local > computers are correctly shown, remote too. Netflow V5 packets > are coming from a Cisco Device on 172.18.18.1. This Cisco > router is a gateway too and so it has a public IP too. > > I switch to right NIC and I can see all my packets coming and > collecting. > > My problem is I cannot see the right amount of data coming > from remote address to local address. I explain it better > with an example: > > TOTAL RESET of counter, so it's clear ;) > I send from my pc an email (1MB attachment) to my own email > address. The mailserver is into remote network, it has a > public IP. On ntop I can see the right output on my pc details: > > Smtp -> 1/1.0MB > > It means my pc has sent an email trought the gateway to the > mailserver. The gateway has sent netflow data to ntop server > (other server located into local network) and this > information is correctly saved. Until here all OK! Now it's > time to download the mail! I make a pop3 session to the > public server to download my 1MB email and I download it > locally, all ok. Then I refresh my page on the ntop server > and here the new output: > > Smtp -> 1/1.0MB > Pop3 -> 1/25K > > The pop3 session is correctly registered, BUT the data > transfer is NOT right. I've downloaded a 1MB email, but only > some KB are logged. As "Last Client Peer" I can see our right > public mail server. I click to see the details about the > mailserver. Here under "Last Contacted Peers" I've found my > PC, also the pop3 connection is traced, but where is my 1MB > traffic? Under "TCP/UDP Service/Port Usage" I've found it, > but associated to the wrong host: > > Pop3 -> 1/1.1MB but associated to the gateway!! It means all > returning traffic is associated to the public IP of the > gateway. I remember the gateway has a private IP for local > network and a public IP for nat. In the details of the > gateway (on public IP) there is ONLY incoming traffic 100%, > no outgoing. > > Also, how can I configure to have the right incoming traffic (R->L)? > > Thank's a lot! > > Simon > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
