Read the FAQ article on this. It has to do with the packets as ntop sees them, not as they leave the machines (it's core behavior of switches and routers).
-----Burton From: [email protected] [mailto:[email protected]] On Behalf Of Raja Baz Sent: Friday, April 03, 2009 5:52 PM To: [email protected] Subject: Re: [Ntop] Weird problems with --local-subnets Yeah, that works, thanks. I'm still perplexed though, why is the traffic lumped together when I have --local-subnets set but not when I don't have them, regardless of having given the -o flag or not. That behavior should be consistent, shouldn't it? On Fri, Apr 3, 2009 at 8:34 PM, Gary Gatten <[email protected]> wrote: Sweet - I like easy fixes! _____ From: [email protected] [mailto:[email protected]] On Behalf Of PERRY Alan Sent: Friday, April 03, 2009 11:47 AM To: [email protected] Subject: Re: [Ntop] Weird problems with --local-subnets Thank you, That was the key. _____ From: [email protected] [mailto:[email protected]] On Behalf Of Gary Gatten Sent: Friday, April 03, 2009 8:35 AM To: [email protected] Subject: Re: [Ntop] Weird problems with --local-subnets Check the man/ FAQ on "-o |--no-mac" _____ From: [email protected] [mailto:[email protected]] On Behalf Of Raja Baz Sent: Friday, April 03, 2009 10:25 AM To: [email protected] Subject: [Ntop] Weird problems with --local-subnets I currently have a gentoo box that I'm using as a router for a network. It has two interfaces: wlan0, which is a wireless interface, obviously, that faces the 192.168.2.0/24 subnet, which has no connection to the internet except through the router; and eth0, which is an internet facing wired link. I have set up ntop(3.3.9) on this machine and am collecting packets on the eth0 interface(I am intersted in the utilization of the internet link, I don't really care about what goes on locally over the wireless network). In the setup as it is, everything works fine but hosts on the 192.168.2.0/24 subnet show up as remote hosts when they are, in fact, local. I took a look at the man page and it indicates that I should use --local-subnets(or -m) however, running ntop with -m192.168.2.0/24 causes it to show all the traffic from the 192.168.2.0/24 as originating from the router itself. I ran tcpdump and took a look at the packets and the data itself is fine(the src hosts are as they should be, 192.168.2.*) but under local hosts ntop only shows 1 host, the router itself(identified by its MAC address) with the amount of bandwidth used equal to the total amount of utilization of the internet link. Is this behavior normal? (It seems very weird to me, but I'm very new to ntop) Should I file a bug report? Do you guys need me to provide more info? If so, what? Thank you "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
