I know about libpcap. I arranged a rather unique hardware setup that lets me see all the relevant traffic, but thats about it. I'm trying to find something that utilizes only that to generate interface based reports, rather than writing such an app on my own.
On 7/27/07, Gary Gatten <[EMAIL PROTECTED]> wrote: > > You have me confused now. Libpcap is short for Library Packet Capture. > It's the packet capture/sniffing library MANY applications use, including > nTop. It runs on *nix, windoze, etc. It is passive I guess, but if you're > in a switched Ethernet environment your switches need to "mirror" x,y,z > ports to your monitoring port – or – you need to insert a hub between your > switches and some gateway device that sees the traffic you're interested > in. For example, if you wanna see internet traffic you'd stick a hub > between your firewall private interface and your LAN switches, and ntop > would connect to this hub and then have visibility to all traffic the > firewall sees. > > > > I think you need to clearly identify what you're trying to analyze and why > – what business problem are you trying to resolve? Then you can look at > your gear and see if it supports the features you need or if you have to go > another direction and cobble something together. > > > > Gary > > > > > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of > *Noam Dev > *Sent:* Friday, July 27, 2007 2:28 PM > *To:* [email protected] > *Subject:* Re: [Ntop] MAC Address based summaries? > > > > I see. Thanks. > I know that the probe needs to see the traffic, i was looking for > something that does it passively (sniffing), and have not yet found one that > runs on linux... > > On 7/27/07, *Gary Gatten* <[EMAIL PROTECTED]> wrote: > > nTop is a traffic monitor – not a device monitor. It does a great job of > looking at traffic flows between hosts, but no, you can't get interface > utilization from a specific interface from a specific device. > > > > If your devices don't support SNMP and / or port mirroring there's not > much you can do. Depending on your exact environment and what you're trying > to accomplish, nTop or anything won't be much good either. A probe/monitor > needs to see the traffic somehow – sniffing, netflow, RMON tables via SNMP, > etc. > > > > MRTG will get interface stats and runs on *nix (Perl) and web GUI, but > again, your devices must support SNMP. > > > > Gary > > > > > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf > Of *Noam Dev > *Sent:* Friday, July 27, 2007 1:22 AM > > > *To:* [email protected] > *Subject:* Re: [Ntop] MAC Address based summaries? > > > > Hrm... Ntop actually looks closer to what i need than the rest. I have > some limitations (not all hardware supports anything other than "just > working") that force me to be 100% passive, which is why i liked ntop. Also, > i am running under linux (prtg is windows). Is it impossible to configure > ntop to look at interfaces for statistics rather than hosts? > > On 7/26/07, *Gary Gatten* <[EMAIL PROTECTED]> wrote: > > PRTG also does netflow and "sniffing" – so it may also answer the who and > what questions. > > > > G > > > > > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf > Of *Pete Sepulveda > *Sent:* Thursday, July 26, 2007 12:58 PM > *To:* [email protected] > *Subject:* RE: [Ntop] MAC Address based summaries? > > > > I would use PRTG and setup SNMP on the switches. You can monitor the > bandwidth on each interface of the switch regardless of the MAC address. > > > > http://www.paessler.com/prtg > > > > > > > > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of > *Noam Dev > *Sent:* Thursday, July 26, 2007 1:56 PM > *To:* [email protected] > *Subject:* Re: [Ntop] MAC Address based summaries? > > > > The counters that I'm looking to see are mainly to monitor switches and > the like. I'm dealing with some hardware that modifies MAC addresses (and > set their own) but keep the original IP addresses. So, in order to see how > much bandwidth each section sends/receives, i need to only look at MACs... > (This is a question that i want to answer : how much bandwidth goes thorugh > each link) > > On 7/26/07, *Gary Gatten* <[EMAIL PROTECTED]> wrote: > > Describe "monitor"? Unless you're in a really old or unique environment, > TCP/IP is your layer 3 / 4 protocol so it's highly relevant. Give me an > example of what data you want or what problem you're trying to resolve and > I'll see if I can help. > > > > Gary > > > > > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf > Of *Noam Dev > *Sent:* Wednesday, July 25, 2007 11:18 PM > *To:* [email protected] > *Subject:* [Ntop] MAC Address based summaries? > > > > Hello > > I would like to deploy ntop in a certain environment in which i want to > monitor mainly switches and hubs. This means that for my purposes, IP > addresses are of no importance, while mac addresses are the one i want to > monitor. I have not been able to configure ntop to ignore IP traffic when > summarizing hosts, and to use just physical addresses. > > Is it possible to configure ntop to do this or am i looking at the wrong > solution for my needs? If the latter, any ideas for a more appropriate > solution? > > Thanks! > > =========================================================================== > "This email is intended to be reviewed by only the intended recipient and > may contain information that is privileged and/or confidential. If you are > not the intended recipient, you are hereby notified that any review, use, > dissemination, disclosure or copying of this email and its attachments, if > any, is strictly prohibited. If you have received this email in error, > please immediately notify the sender by return email and delete this email > from your system." > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > =========================================================================== > "This email is intended to be reviewed by only the intended recipient and > may contain information that is privileged and/or confidential. If you are > not the intended recipient, you are hereby notified that any review, use, > dissemination, disclosure or copying of this email and its attachments, if > any, is strictly prohibited. If you have received this email in error, > please immediately notify the sender by return email and delete this email > from your system." > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > =========================================================================== > "This email is intended to be reviewed by only the intended recipient and > may contain information that is privileged and/or confidential. If you are > not the intended recipient, you are hereby notified that any review, use, > dissemination, disclosure or copying of this email and its attachments, if > any, is strictly prohibited. If you have received this email in error, > please immediately notify the sender by return email and delete this email > from your system." > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > =========================================================================== > "This email is intended to be reviewed by only the intended recipient and > may contain information that is privileged and/or confidential. If you are > not the intended recipient, you are hereby notified that any review, use, > dissemination, disclosure or copying of this email and its attachments, if > any, is strictly prohibited. If you have received this email in error, > please immediately notify the sender by return email and delete this email > from your system." > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
