Yeah, that works, thanks. I'm still perplexed though, why is the traffic lumped together when I have --local-subnets set but not when I don't have them, regardless of having given the -o flag or not. That behavior should be consistent, shouldn't it?
On Fri, Apr 3, 2009 at 8:34 PM, Gary Gatten <[email protected]> wrote: > Sweet – I like easy fixes! > > > ------------------------------ > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of > *PERRY Alan > *Sent:* Friday, April 03, 2009 11:47 AM > > *To:* [email protected] > *Subject:* Re: [Ntop] Weird problems with --local-subnets > > > > Thank you, > > > > That was the key. > > > ------------------------------ > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of > *Gary Gatten > *Sent:* Friday, April 03, 2009 8:35 AM > *To:* [email protected] > *Subject:* Re: [Ntop] Weird problems with --local-subnets > > Check the man/ FAQ on “-o |--no-mac” > > > ------------------------------ > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of > *Raja Baz > *Sent:* Friday, April 03, 2009 10:25 AM > *To:* [email protected] > *Subject:* [Ntop] Weird problems with --local-subnets > > > > I currently have a gentoo box that I'm using as a router for a network. It > has two interfaces: wlan0, which is a wireless interface, obviously, that > faces the 192.168.2.0/24 subnet, which has no connection to the internet > except through the router; and eth0, which is an internet facing wired link. > I have set up ntop(3.3.9) on this machine and am collecting packets on the > eth0 interface(I am intersted in the utilization of the internet link, I > don't really care about what goes on locally over the wireless network). > In the setup as it is, everything works fine but hosts on the > 192.168.2.0/24 subnet show up as remote hosts when they are, in fact, > local. I took a look at the man page and it indicates that I should use > --local-subnets(or -m) however, running ntop with -m192.168.2.0/24 causes it > to show all the traffic from the 192.168.2.0/24 as originating from the > router itself. I ran tcpdump and took a look at the packets and the data > itself is fine(the src hosts are as they should be, 192.168.2.*) but under > local hosts ntop only shows 1 host, the router itself(identified by its MAC > address) with the amount of bandwidth used equal to the total amount of > utilization of the internet link. > Is this behavior normal? (It seems very weird to me, but I'm very new to > ntop) Should I file a bug report? Do you guys need me to provide more info? > If so, what? > > Thank you > > "This email is intended to be reviewed by only the intended recipient and > may contain information that is privileged and/or confidential. If you are > not the intended recipient, you are hereby notified that any review, use, > dissemination, disclosure or copying of this email and its attachments, if > any, is strictly prohibited. If you have received this email in error, > please immediately notify the sender by return email and delete this email > from your system." > "This email is intended to be reviewed by only the intended recipient > and may contain information that is privileged and/or confidential. If you > are not the intended recipient, you are hereby notified that any review, > use, dissemination, disclosure or copying of this email and its attachments, > if any, is strictly prohibited. If you have received this email in error, > please immediately notify the sender by return email and delete this email > from your system." > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
