I currently have a gentoo box that I'm using as a router for a network. It has two interfaces: wlan0, which is a wireless interface, obviously, that faces the 192.168.2.0/24 subnet, which has no connection to the internet except through the router; and eth0, which is an internet facing wired link. I have set up ntop(3.3.9) on this machine and am collecting packets on the eth0 interface(I am intersted in the utilization of the internet link, I don't really care about what goes on locally over the wireless network). In the setup as it is, everything works fine but hosts on the 192.168.2.0/24subnet show up as remote hosts when they are, in fact, local. I took a look at the man page and it indicates that I should use --local-subnets(or -m) however, running ntop with -m192.168.2.0/24 causes it to show all the traffic from the 192.168.2.0/24 as originating from the router itself. I ran tcpdump and took a look at the packets and the data itself is fine(the src hosts are as they should be, 192.168.2.*) but under local hosts ntop only shows 1 host, the router itself(identified by its MAC address) with the amount of bandwidth used equal to the total amount of utilization of the internet link. Is this behavior normal? (It seems very weird to me, but I'm very new to ntop) Should I file a bug report? Do you guys need me to provide more info? If so, what?
Thank you
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
