I'm with Gary on this (device monitoring should use snmp based tools), but there are some summarization capabilities in the netFlow plugin. It would not be hard to add another option there.
-----Burton _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Gatten Sent: Monday, July 30, 2007 9:54 AM To: [email protected] Subject: RE: [Ntop] MAC Address based summaries? I doubt you'll find this. If you don't want anything "snooping" your network gear, how will it know what port a certain MAC or IP is connected to? You'll have to build your own table to associate MAC's and IP's with their relevant interface ports - then do the math necessary to aggregate. Seems a long way around to get to the end. Gary _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noam Dev Sent: Saturday, July 28, 2007 2:36 AM To: [email protected] Subject: Re: [Ntop] MAC Address based summaries? I know about libpcap. I arranged a rather unique hardware setup that lets me see all the relevant traffic, but thats about it. I'm trying to find something that utilizes only that to generate interface based reports, rather than writing such an app on my own. On 7/27/07, Gary Gatten <[EMAIL PROTECTED]> wrote: You have me confused now. Libpcap is short for Library Packet Capture. It's the packet capture/sniffing library MANY applications use, including nTop. It runs on *nix, windoze, etc. It is passive I guess, but if you're in a switched Ethernet environment your switches need to "mirror" x,y,z ports to your monitoring port - or - you need to insert a hub between your switches and some gateway device that sees the traffic you're interested in. For example, if you wanna see internet traffic you'd stick a hub between your firewall private interface and your LAN switches, and ntop would connect to this hub and then have visibility to all traffic the firewall sees. I think you need to clearly identify what you're trying to analyze and why - what business problem are you trying to resolve? Then you can look at your gear and see if it supports the features you need or if you have to go another direction and cobble something together. Gary _____ From: [EMAIL PROTECTED] [mailto: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] On Behalf Of Noam Dev Sent: Friday, July 27, 2007 2:28 PM To: [email protected] Subject: Re: [Ntop] MAC Address based summaries? I see. Thanks. I know that the probe needs to see the traffic, i was looking for something that does it passively (sniffing), and have not yet found one that runs on linux... On 7/27/07, Gary Gatten <[EMAIL PROTECTED]> wrote: nTop is a traffic monitor - not a device monitor. It does a great job of looking at traffic flows between hosts, but no, you can't get interface utilization from a specific interface from a specific device. If your devices don't support SNMP and / or port mirroring there's not much you can do. Depending on your exact environment and what you're trying to accomplish, nTop or anything won't be much good either. A probe/monitor needs to see the traffic somehow - sniffing, netflow, RMON tables via SNMP, etc. MRTG will get interface stats and runs on *nix (Perl) and web GUI, but again, your devices must support SNMP. Gary _____ From: [EMAIL PROTECTED] [mailto: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] On Behalf Of Noam Dev Sent: Friday, July 27, 2007 1:22 AM To: [email protected] Subject: Re: [Ntop] MAC Address based summaries? Hrm... Ntop actually looks closer to what i need than the rest. I have some limitations (not all hardware supports anything other than "just working") that force me to be 100% passive, which is why i liked ntop. Also, i am running under linux (prtg is windows). Is it impossible to configure ntop to look at interfaces for statistics rather than hosts? On 7/26/07, Gary Gatten <[EMAIL PROTECTED]> wrote: PRTG also does netflow and "sniffing" - so it may also answer the who and what questions. G _____ From: [EMAIL PROTECTED] [mailto: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] On Behalf Of Pete Sepulveda Sent: Thursday, July 26, 2007 12:58 PM To: [email protected] Subject: RE: [Ntop] MAC Address based summaries? I would use PRTG and setup SNMP on the switches. You can monitor the bandwidth on each interface of the switch regardless of the MAC address. http://www.paessler.com/prtg From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noam Dev Sent: Thursday, July 26, 2007 1:56 PM To: [email protected] Subject: Re: [Ntop] MAC Address based summaries? The counters that I'm looking to see are mainly to monitor switches and the like. I'm dealing with some hardware that modifies MAC addresses (and set their own) but keep the original IP addresses. So, in order to see how much bandwidth each section sends/receives, i need to only look at MACs... (This is a question that i want to answer : how much bandwidth goes thorugh each link) On 7/26/07, Gary Gatten <[EMAIL PROTECTED]> wrote: Describe "monitor"? Unless you're in a really old or unique environment, TCP/IP is your layer 3 / 4 protocol so it's highly relevant. Give me an example of what data you want or what problem you're trying to resolve and I'll see if I can help. Gary _____ From: [EMAIL PROTECTED] [mailto: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] On Behalf Of Noam Dev Sent: Wednesday, July 25, 2007 11:18 PM To: [email protected] Subject: [Ntop] MAC Address based summaries? Hello I would like to deploy ntop in a certain environment in which i want to monitor mainly switches and hubs. This means that for my purposes, IP addresses are of no importance, while mac addresses are the one i want to monitor. I have not been able to configure ntop to ignore IP traffic when summarizing hosts, and to use just physical addresses. Is it possible to configure ntop to do this or am i looking at the wrong solution for my needs? If the latter, any ideas for a more appropriate solution? Thanks! =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system."
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
