Hi All,
I'm struggling with local subnets and NetFlow, I wonder if anybody can
point me in the right direction?
I have Netflow being sent from several Cisco routers around our network,
being collected by NTOP v.3.3rc_final on a i686-pc-linux-gnu box.
The NetFlow settings:
local Collector UDP is set
Virtual NetFlow Interface is set 111.111.111.0/255.255.255.0 (for
example)
All other settings are default.
I am starting NTOP with:
/usr/local/bin/ntop -u ntop -a /var/log/ntop_access.log -s -m
"111.111.111.0/255.255.224.0,222.222.222.0/255.255.192.0" -P /var/run/ntop
However when viewing 'All Protocols' > 'Traffic' and selecting 'Remote
Only' I only see very small blocks (almost all private space blocks):
10.61.10.207
172.21.80.12
172.21.10.10
10.152.6.80
172.21.233.6
192.10.10.237
172.21.103.14
172.21.237.9
192.168.129.28
172.21.21.16
But yet in 'Local Only' I can see almost any IP address appearing. Using
my example IP blocks above, within Local I'd then see
199.199.199.199 or 212.212.212.212 all appearing as local, however I
cannot see why they are being classified as local at all.
Can anyone advise where I'm going wrong here??
Many thanks!
--
Andy
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
