You will setup a "virtual NIC" on ntop that's the interface for the netflow "port". Check some of the config options for netflow concerning timeouts - they control how often the router exports data on active and inactive sessions. If you configure netflow correctly your ntop box will see everything your router sees. NOT the actual packets - but the packet details: source, destination, ports, size, etc. Most everything that's useful.
Promiscuous mode should not stop anything from working. If starting nTop causes loss of general connections you have a different problem. Could be related to nTop - but not promiscous mode. Gary >>> [EMAIL PROTECTED] 10/13/2006 11:08 AM >>> So, if I get this straight, I can configure a cisco router to export its flows to an IP on my ntop box, then configure ntop to use that NIC and the port I used on the router as a source and I should be good to go, right? That will let me view the traffic on that router. I had a problem early on that when I started NTOP it will kill everything else using the NIC - I assume that was because I probably had a config file putting it in promiscuous mode...? _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
