Hi, my name is Ramón Reséndiz, from Monterrey, México, and i have some doubts with the ntop monitoring.
When i see the Network Traffic [All Protocols]: All Hosts - Data Sent+Received, i can see the hosts from the networks (2 networks with netmask 24 bits), but also I can see records from some pages that I dont understand, like: <http://200.34.113.241:3000/72.52.191.10.html> content.screencast.com Flag for gTLD code com (Guessing from gTLD) 11.0 MB 0.5 % 11.0 MB 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 blufiles.storage.live.com <http://200.34.113.241:3000/65.55.194.179.html> OS: Windows Flag for ISO 3166 code us (from p2c file) 3.4 MB 0.1 % 3.4 MB 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 <http://200.34.113.241:3000/228.0.0.5.html> reserved-multicast-range-not-delegated.example.com Flag for gTLD code com (Guessing from gTLD) 2.3 MB 0.1 % 0 2.3 MB 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 www.dba-oracle.com <http://200.34.113.241:3000/65.109.93.192.html> OS: Linux Flag for ISO 3166 code us (from p2c file) 1.6 MB 0.1 % 1.6 MB 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 And according to me this host are pages visited from my users but for unknown reason this appear like hosts in my network, ¿some one know why this happens? I have cisco switch 2960 divided into virtual lans (vlans), and all the traffic are sent to the port where the pc with ntop have 2 network interfaces where, ntop listen from linux interface eth0, and also I have other network interface eth1 where I check for network status. Ill appreciate so much your help, thank you. Ramón B. Reséndiz Cortez IT Ingeniero en Seguridad Digital Sendero Sur 285 Col. Contry C.P. 64860 Monterrey, N.L. Tel. +52 (81) 1001-0460 Fax. +52 (81) 1001-0461 Cel. +52 (044811) 221-7277 <http://www.citi.com.mx> http://www.citi.com.mx <mailto:[EMAIL PROTECTED]> E-Mail:[EMAIL PROTECTED]
<<image001.jpg>>
<<image002.gif>>
<<image003.gif>>
<<image004.gif>>
<<image005.gif>>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
