Hello.
I have FreeBSD 6.0 running nTop 3.2 and am using the netflow plugin.
The netflow export is v5 from a 3660 at the hub of a Frame-Relay WAN.
All Protocols - Throughput. Select a host from the left column.
Scroll to bottom where it starts Active TCP/UDP Sessions. Towards the
far right is
Looks like you have a lot of plugins loading - perhaps disable
everything except the bare minimum and see what happens. Also make sure
you're not out of disk/volume space. Depending on how you have RRD
configured, it can chew up a LOT of space in a hurry.
snip
Check out the config of the RRD plugin. You have to tell RRD what to
store and at what level of detail, frequency, etc. Be careful, this can
eat a LOT of disk space if you have a large number of hosts...
Gary
[EMAIL PROTECTED] 3/7/2006 3:09:36 PM
Hi all,
I have recently installed ntop on
Within nTop is a checkbox concerning ftp traffic. Something about anything
1024 = ftp. Sounds like this might be checked.
Gary
[EMAIL PROTECTED] 3/10/2006 3:25:44 AM
Hi all,
im having some trouble with ntop-3.2-1.2.fc4.rf.
I monitor my server which have permanently 2 icecast source stream
I understand your problem, but not sure how to fix it. What is the Cisco
device and what version of IOS? Maybe it has a bug or something? Do you have
any mail filters, proxies, etc. that might be influencing this behavior?
Wait This is an internet connection - right? And you're doing
Hello,
Did you ever get this resolved? I'd be curious what the resolution
was. I don't have this problem now, but I can see where it would be
quite common.
Thanks!
Also, are you in Italy and speak Italian? If so I could use your help
communicating with Nicoletti. I have some Leather
No replies yet, so thought I'd try again.
I did find the -C option that I think is close to what I'm wanting.
However, doc leads me to believe it groups on the class-C network
boundaries. I'm using VLSM on a 10.x.x.x range from /24 to /28, so
grouping on Class C or /24 won't work.
Any thoughts
Hello.
I have FreeBSD 6.0 running nTop 3.2 and am using the netflow plugin.
The netflow export is v5 from a 3660 at the hub of a Frame-Relay WAN.
Navigate to: All Protocols - Throughput. Select a host from the left
column. Scroll to bottom where it starts Active TCP/UDP Sessions.
Towards the
I have nTop 3.2 on FreeBSD 6.0. The --pcap_setnonblock option was
enabled by default in the ntop.sh script. The man page says it will
cause high cpu load, but it does not actually interfere with other
work. However, it was causing problems for the netflow plugin. The
RECV queue for the
Interesting... Will this actually accomplish my goal though? Maybe I'm
misunderstanding your idea. Perhaps provide a brief example?
Thanks!
Gary
[EMAIL PROTECTED] 3/16/2006 10:32:47 AM
Gary Gatten wrote:
What I'm wanting is to group/display statistics on a per network
basis
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Gary
Gatten
Sent: Thursday, March 16, 2006 10:21 AM
To: ntop@Unipi.IT
Subject: [Ntop] --pcap_setnonblock on by default? Does cause problems.
I have nTop 3.2 on FreeBSD 6.0. The --pcap_setnonblock option
Check to see if the --pcap_setnonblock is enabled. If so, disable
it.
Also, there are many built in Windows tools to do what you want as
well. I'm thinking mostly Perfmon. It will also allow you to create
alerts based on defined thresholds and such.
Gary
[EMAIL PROTECTED] 3/16/2006 9:16:33
Check to see if the --pcap_setnonblock is enabled. If so, disable
it.
Also, there are many built in Windows tools to do what you want as
well. I'm thinking mostly Perfmon. It will also allow you to create
alerts based on defined thresholds and such.
Gary
[EMAIL PROTECTED] 3/16/2006 9:16:33
Whoops. I recall reading that now, sorry.
G
[EMAIL PROTECTED] 3/16/2006 2:06:55 PM
Nope ... Gary - pcap_setnonblock is only relevant for FreeBSD - it
worked
around a bug in 4.x.
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Gary
If you have Cisco routers, you could use NBAR to classify the IM traffic
and then use various policy based routing, NAT, etc. to manipulate the
IM traffic to something consistent such that nTop can recongnize it.
I've used NBAR to rate limit and block IM traffic, but haven't tried
tying it to PBR
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
Gary Gatten
Sent: Monday, March 20, 2006 9:48 AM
To: [EMAIL PROTECTED]; ntop@Unipi.IT
Subject: RE: [Ntop] msn messenger traffic measurement
If you have Cisco routers, you could use NBAR to classify the IM
traffic
and then use various
necessary
for the latency measurements.
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Gary
Gatten
Sent: Thursday, March 16, 2006 10:13 AM
To: ntop@Unipi.IT
Subject: [Ntop] latency stats not visible.
Hello.
I have FreeBSD 6.0 running nTop
I'm not an nTop expert by any stretch, but from what I know nTop was not
designed for such functions and would likely take a fair amount of
external scripting add the functionality desired.
If I'm not mistaken Ethereal supports various pattern matching,
triggers, actions, etc. I'm not certain of
There are only a couple timers you can adjust concerning netflow - at
least in 12.2 code. 12.3 or 12.4 may be different - check the IOS
context sensative help on your system.
ip flow-cache timeout inactive 10
ip flow-cache timeout active 1
There are several other settings I haven't had much use
Yep. Look at the -x and - X parms, and maybe -c?
Gary
[EMAIL PROTECTED] 3/27/2006 11:33:58 AM
I am getting an error stating that the max number of sessions has been
reached. When this occurs, all monitoring stops and only reports the
stats at the time of the error. Any ideas?
NTOP
FreeBSD 6.0, nTop 3.2.1, compiled from CVS - I think
Using netflow plugin. Was working OK for a number of days, but there
was no GUI/web usage as I've been working on other stuff. Left by
browser connected before lunch, came back and the page was not found.
Checked the box and all ntop
to find later on.
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Gary
Gatten
Sent: Wednesday, March 29, 2006 3:32 PM
To: ntop@unipi.it
Subject: [Ntop] ntop dying with GUI usage?
FreeBSD 6.0, nTop 3.2.1, compiled from CVS - I think
FreeBSD 6.0, nTop 3.2.1, compiled from CVS - I think
I'm collecting data through a cisco SPAN port. This port is a mirror
of the our primary Frame-Relay WAN router interface. The idea is to see
global WAN stats.
Without -o I have latency stats, however, all the traffic gets
associated with
-
From: Gary Gatten [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 30, 2006 10:35 AM
To: [EMAIL PROTECTED]; ntop@unipi.it
Subject: RE: [Ntop] ntop dying / crash - with GUI usage?
I had a problem getting nTop to bind to to v4 stack, so I removed v6.
This was before I knew about the -4 switch. I
-t 6 is a lot of trace for normal ops. Docs say 0 - 5, so I'm not sure
what 6 even does?
look for ntop.conf in one of the /etc dirs. I made my own conf and
start ntop with: ntop @./ntop.conf Not sure if this is right, but it
works.
Gary
[EMAIL PROTECTED] 3/31/2006 10:21:51 AM
Also, why
for 'nonFullyRemoteSession' (i.e. at least one side is
local).
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Gary
Gatten
Sent: Friday, March 31, 2006 1:39 PM
To: [EMAIL PROTECTED]; ntop@unipi.it
Subject: RE: [Ntop] -o disables latency stats?
Sorry, I should've
track
sessions for 'nonFullyRemoteSession' (i.e. at least one side is
local).
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
Gary
Gatten
Sent: Friday, March 31, 2006 1:39 PM
To: [EMAIL PROTECTED]; ntop@unipi.it
Subject: RE: [Ntop] -o
for this
purpose.
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
Gary
Gatten
Sent: Friday, March 31, 2006 3:25 PM
To: [EMAIL PROTECTED]; ntop@unipi.it
Subject: RE: [Ntop] -o disables latency stats?
-m seems to be working OK. I have several large nets
of the application -
and
a
general purpose tools such as ntop isn't the right thing for this
purpose.
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
Gary
Gatten
Sent: Friday, March 31, 2006 3:25 PM
To: [EMAIL PROTECTED]; ntop@unipi.it
Subject: RE
for this
purpose.
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Gary
Gatten
Sent: Friday, March 31, 2006 3:25 PM
To: [EMAIL PROTECTED]; ntop@unipi.it
Subject: RE: [Ntop] -o disables latency stats?
-m seems to be working OK. I have several large nets
I could probably whip something out in perl real quick, to fetch and
extract the interesting tokens/symbols/whatever.
I think I know the output you want, but maybe paste a sample and what
you want extracted. Also, what means would I have to get the data? CLI
via telnet/ssh? snmp MIB?
Gary
www.purenetworking.net
-Original Message-
From: Gary Gatten [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 25, 2006 4:36 PM
To: [EMAIL PROTECTED]; ntop@unipi.it
Subject: Re: [Ntop] Were to placing Ntop on the network
Trying to do what you want in a fully switched environment is not as
easy as you
I have nTop 3.2.1 from CVS running fine on FreeBSD 6.0. I had some odd
crashing problems at the beginning that I've been unable to replicate in
a number of months. I honestly haven't tried much to break it, but for
awhile there is was crashing every day. I turned on some debugging
stuff and it
If I may recommend, nTop runs on many free unix / linux OS's. Many of
them now have relatively simple installs so if you're not familiar with
*nix OS's - you should still be able to get nTop up and running on one
of them in an afternoon - or at least a day. Just a thought. I know
Micro$oft
If you're looking at a lot of hosts (a LOT is ... many hundreds or
thousands) might want to bump a couple of the switch max's: -x and -X.
I doubled mine:
( -x 16384 -X 65536) and it helped resolve some of my issues.
Gary
[EMAIL PROTECTED] 5/23/2006 1:15:41 PM
Um...
What OS? In the *nix
See if nTop is bound to an IPv6 stack on your box. I had an issue on FreeBSD
with that. I think it's supposed to bind to all stacks, but it was only
binding to the v6 stack on my machine.
Gary
[EMAIL PROTECTED] 5/31/2006 12:21:11 PM
Hi,
I've installed ntop version 3.2 many times with
With Cisco you'd have to use RSPAN to get the actual traffic streams
from different switches and VLANs. Nortel could/should have something
similar.
If Nortel supports netflow, sflow, etc. - use it, unless you need the
real traffic streams. Less overhead everywhere and usually meets your
goals.
This is one reason why netflow was developed.
Also, we have dual 6509's with multigig links. They usually run about
2% because most of our client side apps are so thin. Now during backups
and nightly batch routines they'll get busy, but point is don't assume
because you have 2Gb of potentional
I will be out of the office until Monday 7/10. If this is an emergency, please
contact Tim Grant.
Thanks!
Gary
ntop 06/29/06 18:28
Make sure you have the libpcap.so installed as well, otherwise, yes you may
have 64bit problem. Can you compile in 32 bit mode?
If the loss is due to high utilization and therefore full queues, nTop
will show the top talkers. The routers in your WAN should have ways to
show throughput, queue usage, etc. Find the top talkers by bytes and
packets and start there. If the use is legitimate, perhaps implement
some sort of
The only interesting record in messages is:
kernel: pid 46197 (ntop), uid 65534: exited on signal 11
This was a CVS install. When I run with the -t and -K options, it
doesn't seem to die. Without the -t 5 and -K switches it's maybe 2 - 3
weeks. With these switches it's ran for 4 months.
I will be out of the office until Monday 7/24. If this is an emergency,
please contact Retze Santos.
Thanks!
Gary
ntop 07/15/06 09:16
It's based on the port #s of traffic being sent to/from the host.
-Burton
(Please note that I am speaking only as an individual and not as a
it. And, of course, some weirder memory issues go away under gdb!
-Burton
(Please note that I am speaking only as an individual and not as a
representative of my employer)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Gary
Gatten
Sent: Tuesday, July 11
I'm assuming you're using https:// in your url? Is there another
service listening on 443? Also, check to see if it's binding to IPv6
AND IPv4 stacks - assuming you have both. I was running both on FreeBSD
and it was only bind to v6.
Gary
[EMAIL PROTECTED] 7/17/2006 9:03 AM
Hello All,
My
Not to be nit-picky, but stateful inspection does nothing to identify this type
of traffic. You need some other sort of deep packet inspection, such as NBAR
that can look above layer 4.
If your router can correctly identify the traffic, you can use policy based
routing and NAT to change all
I will be out of the office until Monday 8/9. If this is an emergency, please
contact Retze Santos or Tim Grant.
Thanks!
Gary
ntop 08/05/06 07:50
Read the FAQ - the algo is disclosed.
Essentially it's the lowest # recognized - so that should ntop see the
conversation starting from the
H, how about don't reset the stats? :-) Just kidding.
Can't offer much help - sorry. Maybe you could edit the rrd files and
remove those sample so they don't sqew the real data. Or, disable the
rrd files before resetting the stats? Not sure if this would help or
just lead to more probs.
Not sure exactly what you mean by monitor. If util / pps only - then
embedded RMON and/or SNMP is the way to go. If you want more detail,
check out netflow. I'm not sure if the 2500 series supports netflow -
depends on the IOS type I think. Pretty sure the 4000 series supports
it, but again -
At one point this was running for many months without a problem. Now it
seems it won't run for more than a day or two. netflow is the only
interface and I just have one of them.
ntop 3.2.1 compiled from CVS.
more ntop.conf
-u ntop -r 120 -K -t 5 -o -d -L --skip-version-check -x 16384 -X 65536
yup
[EMAIL PROTECTED] 9/28/2006 10:42 AM
PING?
I should be signed up for this list...I believe??
___
Ntop mailing list
Ntop@unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Mine is about 60MB - is this whole file loaded into RAM?
My nTop instance is taking up about 150MB and I'm trying to figure out
what it's doing. If it needs that much RAM that's fine - if it
doesn't then I want it back.
Gary
research the Sup...or something?
I'm a noob to all of this, obviously, and basically looking for a
starting point - and to pick the brains of those doing it for getting
the best bang for the sweat.
On 9/28/06, Gary Gatten [EMAIL PROTECTED] wrote:
yup
[EMAIL PROTECTED] 9/28/2006 10:42 AM
PING
- and netflow does that well.
Gary
[EMAIL PROTECTED] 9/28/2006 11:50 AM
On 9/28/06, Gary Gatten [EMAIL PROTECTED] wrote:
Netflow works pretty good for me. If you have core routers you can
enable it there - don't have to enable it on every remote. If you
choose to however, it will work
handy if your IOS supports it.
Gary
[EMAIL PROTECTED] 9/28/2006 2:56 PM
On 9/28/06, Gary Gatten [EMAIL PROTECTED] wrote:
The most detail will always come from seeing the real packets, so a
SPAN
port will always yield the most detail. Yes, SPAN the router(s)
interface and you'll see everything
out why we're
seeing so many Discards In and no other counter really increasing
(with the exception of the occasional Discards Out blip)
Will check out NBAR.
On 9/28/06, Gary Gatten [EMAIL PROTECTED] wrote:
If there's no netflow, you can SPAN interfaces / MAC's going to
services: routers
BSD 6.1? nTop 3.2.1, blah, blah. Will give infinite detail if
required.
Sep 28 15:43:30 wanmon1 ntop[720]: [MSGID8781395] **ERROR** Bad magic
number (expected=1968/real=0) [deviceId=1]
lookupHost()[netflowPlugin.c/524]
Sep 28 15:43:30 wanmon1 kernel: pid 720 (ntop), uid 1002: exited on
signal
Just wondering if anyone else has noticed this. I have FreeBSD 6.1 and
have read about the pcap non blocking thing. Not sure if it still
applies in 6.x but I am NOT running in non blocking mode.
So, when I try to connect to tcp 3000 it hangs - sometimes... I run
netstat -a and see dozens of
Sometimes when nTop is acting... funny I notice my Recv-Q is stuck.
Most of my traffic is from netflow so it's not uncommon this queue at
40,000 plus. But also, tcp 3000 (ntop http) and ssh get backed up and
stuck too.
This is on FreeBSD 6.1 - any chance this has to do with the
] 9/29/2006 10:59 PM
On 09/28/06 12:50, Brian Loe published:
On 9/28/06, Gary Gatten [EMAIL PROTECTED] wrote:
Netflow works pretty good for me. If you have core routers you can
enable it there - don't have to enable it on every remote. If you
choose to however, it will work. the netflow
Yes, but you'll need to know what the schools internal IP's are and make
them local with the -m switch. The you can view the local-remote and
remote-local traffic - where remote is outside the school and local is
the school. If you can't find all their IP's you can simply use all the
RFC 1918
of eth0 that
is not defined as internal school)
Which of the various pages should I look at to see these three data
usage stats?
Thanks for your help.
On 10/2/06, Gary Gatten [EMAIL PROTECTED] wrote:
Yes, but you'll need to know what the schools internal IP's are and
make
them local with the -m
What switch or option allows this? If I understand you correctly I'm
wanting to do the same thing but I couldn't find a way to do it.
Gary
[EMAIL PROTECTED] 10/4/2006 11:30 AM
Hello All!
I'm wandering what could be wrong when using Host Clusters to define
aggregate views for different IP
I have a couple questions on this.
1.) Can I somehow sort or group by this flag? Ie, all my Red flags at
the top of the display?
2.) Can I adjust the tresholds real-time instead of global defines and
recompile?
3.) Does nTop have any type of add-on for executing external scripts
when a threshold
The default netflow port is udp 2055. If ntop is listening on 2, is
the probe sending on 2?
I can't think of a reason this config would not work.
Gary
[EMAIL PROTECTED] 10/10/2006 4:23 AM
Hello,
I have following problem:
At one machine, I'm running netflow probe, which generates
You will setup a virtual NIC on ntop that's the interface for the
netflow port.Check some of the config options for netflow
concerning timeouts - they control how often the router exports data on
active and inactive sessions. If you configure netflow correctly your
ntop box will see
I will look at my config to refresh myself. It worked pretty easily
though from what I remember.
Make sure the plugin is Active. Even if you configure it and it
looks active, it may not be. Try a couple things:
1.) From the nTop menu, PluginsAll. URL should be
reason.
Gary
[EMAIL PROTECTED] 10/16/2006 4:03 PM
You might be onto something there. It shows active (Yes on the page
referenced, and Deactivate is the option on the plugins menut) but
netstat -a doesn't show the port I'm using as in use (9001)... How
might that be?
On 10/16/06, Gary Gatten [EMAIL
There's a basic doc on the ntop home page and of course cisco has many.
It's really only a couple lines in the router and some point and clicks
on ntop. I adjusted the timeouts on the router so I get stream/session
details more frequently. In lower bandwidth situations you may want
less
installed on the box, is it just looking for anything coming in on the
configured port to all NICs?
On 10/17/06, Gary Gatten [EMAIL PROTECTED] wrote:
There's a basic doc on the ntop home page and of course cisco has
many.
It's really only a couple lines in the router and some point and
clicks
on ntop
those configs too, but make sure your
route-cache is flow on the interfaces you want netflow info from.
Gary
[EMAIL PROTECTED] 10/17/2006 11:22 AM
tcpdump, watching that NIC, is bringing back mostly igrp requests -
what am I looking for as far as the netflows go?
On 10/17/06, Gary Gatten
what data you see - if it does?
On 10/17/06, Gary Gatten [EMAIL PROTECTED] wrote:
tcpdump host (your router ip / netflow source)
or
tcpdump udp 9001 (or whatever netflow is using)
I'd start with the first and see what is coming from your router.
Maybe it's not sending to 9001?
You should
From the config page:
If the NetFlow probe is monitoring only a single network, then this is
all you need to set. If the NetFlow probe is monitoring multiple
networks, then pick one of them for this setting and use the -m |
--local-subnets parameter to specify the others.
This interface is
connections, each with a router, and I planned to get netflow exports
from both...?
I'm currently getting netflow packets from the one router, on the
correct NIC, but ntop isn't doing anything with them...
On 10/17/06, Gary Gatten [EMAIL PROTECTED] wrote:
From the config page:
If the NetFlow probe
configured a second interface on NTop for giggles, and defined
port 9002 for it.
I would like to blow the current config away but the only thing I can
find are the db files - and I'm not sure which of those is safe to
blow away.
On 10/17/06, Gary Gatten [EMAIL PROTECTED] wrote:
MAYBE each netflow
I think aggregation is off by default, but even with it on ntop should
display something. Aggregation is useful in certain environments, but
not ours, so I haven't messed with it. Host Clusters is more useful
type of aggregation for me. Not exactly what I want, but I'm hoping
it's easily
That's what I just did...still, nothing. I can't figure it out.
I'm positive I'm getting the flows form the router. I've used
virtually every command line option I can think of - and then changed
them all twice - and still can't get it to see the flows.
On 10/17/06, Gary Gatten [EMAIL PROTECTED] wrote
interfaces. But, even stil, I've gone in and selected the netflow
interface.
On 10/18/06, Gary Gatten [EMAIL PROTECTED] wrote:
Just to make sure You did go to Switch NIC and select the
netflow
interface right? nTop can only display info about one interface at
a
time, so you have to select
interested I MAY have some time next week to take a peek at
your live systems if you want. Guess I'd need ssh/telnet and
http/https.
Gary
[EMAIL PROTECTED] 10/18/2006 4:34 PM
Spanning is an option - but I'd prefer to avoid it.
-i anything hasn't worked yet...
On 10/18/06, Gary Gatten [EMAIL
Haven't tried it, but maybe: AdminConfigureProtect URL's. If not,
maybe tunnel through apache and use apache security.
Gary
[EMAIL PROTECTED] 10/23/2006 2:13 PM
Probably in the manual, but wanted to ask anyway..
Believe I got the netflow working properly :-) !!.. Is there any way
to
force a
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
Gary Gatten
Sent: Tuesday, October 17, 2006 1:01 PM
To: [EMAIL PROTECTED]; ntop@unipi.it
Subject: Re: [Ntop] cisco flow export
Don't know about loopback interfaces with netflow doesn't make
sense. IMO loopback interfaces
:[EMAIL PROTECTED] On Behalf
Of
Gary Gatten
Sent: Monday, October 23, 2006 3:33 PM
To: ntop@unipi.it
Subject: Re: [Ntop] Protect NTOP main page
Haven't tried it, but maybe: AdminConfigureProtect URL's. If not,
maybe tunnel through apache and use apache security.
Gary
[EMAIL PROTECTED] 10/23/2006 2
SPANning will get you slightly more info, which may or may not be
useful. Host Fingerprinting, tcp handshake latency, some other minor
stuff. The main thing is it will require more power on your switch and
nTop box as you'll be processing every frame. If you have the
horsepower and are dealing
-m arg. it's used to filter local traffic from remote - for display
purposes only. I have nets I own net as local and others (internet)
default as remote.
Gary
[EMAIL PROTECTED] 10/24/2006 4:14:46 PM
So... now that I'm atleast collecting data, can someone extrapolate on
how you configure
)?
On 10/24/06, Gary Gatten [EMAIL PROTECTED] wrote:
-m arg. it's used to filter local traffic from remote - for display
purposes only. I have nets I own net as local and others (internet)
default as remote.
Gary
___
Ntop mailing list
Ntop@unipi.it
http
- I don't want to lose that
information, only to be able to differentiate between our network and
the Internet?
On 10/24/06, Gary Gatten [EMAIL PROTECTED] wrote:
you have to use 1.2.3.0/255.255.255.0 format for each network you
want
local. check the man page or FAQ
Need to read this again to be sure, but here are some options:
Multiple NICS - each one monitors a different ISP connection - two
different SPAN sessions
Host Clusters. Not much doc here, but easy once you figure it out.
Not sure if it would work for you though as the source and dest IP can
be
will you
distinguish between local nodes? You may have to stick ntop on the
private side of your firewall to get the true client side info, but you
won't be able to tell which link they're using then!
Gary
[EMAIL PROTECTED] 10/25/2006 3:32 PM
On 10/25/06, Gary Gatten [EMAIL PROTECTED] wrote:
Need
individual users and want all users - then you'll be OK.
Gary
[EMAIL PROTECTED] 10/25/2006 3:50 PM
On 10/25/06, Gary Gatten [EMAIL PROTECTED] wrote:
Good luck trying to force inbound traffic to a specific link. I
worked
with BGP quite a bit and it's tough to do. Easy for failover - not
easy
I think it's not gonna work how you think. First, are these your
addresses directly from IANA / ARIN / whomever, or did you get from an
ISP?
Most ISP's aggregate/summarize anything less than /23. Some do /22 and
some do /24. I've never heard of anyone advertising /27's with BGP.
They MAY let
not be clear on what you're trying to accomplish.
Gary
[EMAIL PROTECTED] 10/26/2006 11:49 AM
On 10/26/06, Gary Gatten [EMAIL PROTECTED] wrote:
IP accounting might still be the way to go. There's probably a MIB
you
can poll and get the info, but the CLI works pretty well for spot
checks
-M will diable interface merge. Each interface monitoring a different
link (different SPAN / RSPAN session) will get you what you want.
Gary
[EMAIL PROTECTED] 10/26/2006 2:04 PM
On 10/26/06, Gary Gatten [EMAIL PROTECTED] wrote:
If you disable interface merging (-m?) it will be like two
Get the library that's missing, install it, and recompile:
www.boutell.com/gd
Not sure why it has the header file and not the library? Maybe wrong
version or corrupted or something?
Gary
[EMAIL PROTECTED] 10/30/2006 11:08 AM
All,
I've seen some possible solutions for this compile issue
Anyone else notice that name resolution doesn't appear to be working
right? In other words, bogus / incorrect host names for IP's? I've
noticed a number of IP's that don't resolve using nslookup, dig, whois,
etc. - yet nTop somehow reports them as; for example: www.bob.com.I
have no idea how
Maybe post to the developers list? One thing great about open source is you
have the source. If nothing else you could contract with a developer to fix
this. I have a number of features I want that I'm willing to pay for, so I'm
looking down that path now. I code a little but It would take
Same problem here. Anything after 12 or so I noticed an issue. Not all
clusters show the same and it wasn't the last ones I added, but 4 of the 18
defined are showing the exact same data. The data appears to be the total for
the interface - or close to it. Definitely looks like a bug, but
Cheers
Markus
Gary Gatten wrote:
Same problem here. Anything after 12 or so I noticed an issue. Not all
clusters show the same and it wasn't the last ones I added, but 4 of the 18
defined are showing the exact same data. The data appears to be the total
for the interface
Are you talking about Network Flows; -F arg; or Cisco netflow? No problems I
know of with cisco netflow stuff.
Gary
[EMAIL PROTECTED] 11/1/2006 3:21 PM
I have used NTOP for a couple of years with no problems. I had always used the
tar distribuation. I just compiled it with the CVS
Hey Burton - good to see you're still around. Hope all is well.
Gary
[EMAIL PROTECTED] 11/2/2006 11:27 PM
You don't buy the windows version. You pay a small fee for the
convenience of being able to download pre-built binaries.
-Burton
Nick Weaver wrote:
Doesn't Ntop for windows have
I had a similar problem I think I was getting signal 11 or signal 9, I
need to check. Turns out one or more of the db files were corrupt -
probably the dnscache.db. I deleted all the db files except the
password and it's been running great ever since.
HTH
Gary
[EMAIL PROTECTED] 11/9/2006
Make sure that NIC is really going into promiscuous mode? Maybe the
driver needs updating or a different driver? I've seen plenty of
windoze installs that have all the current SP's, yet drivers are 4 and 5
years old.
Gary
[EMAIL PROTECTED] 11/23/2006 11:16:03 AM
I notice a strange behaviour
1 - 100 of 632 matches
Mail list logo