Why does it do this? The following ps line shows that ntop should ignore
everything except those two hosts and then also only those packages
arriving on this ethernet interface:
# ps faxuwwww
...
ntop 29333 0.5 3.1 23460 7968 ttyp0 SN 17:24 0:00 \_
bin/ntop -u ntop -n -M -t 4 -u ntop -L -i eth1 -w 212.117.75.92 3001 ether
dst 00:02:B3:96:57:DD and ( host 141.1.1.1 or host www.cw.com )
(www.cw.com is 204.71.140.70)
But syslog says:
ntop[29333]: 30) 212.117.YYY.XXX:80 <-> 192.35.VVV.WWW:1238 0/0 (proto=6)
ntop[29333]: Exported 30 NetFlow's...
ntop[29333]: 1) 192.35.VVV.WWW:1238 <-> 212.117.YYY.XXX:80 1/40 (proto=6)
ntop[29333]: 2) 212.117.YYY.XXX:80 <-> 192.35.VVV.WWW:1238 0/0 (proto=6)
ntop[29333]: 3) 192.35.VVV.WWW:1238 <-> 212.117.YYY.XXX:80 1/40 (proto=6)
ntop[29333]: 4) 212.117.YYY.XXX:80 <-> 192.35.VVV.WWW:1238 0/0 (proto=6)
ntop[29333]: 5) 192.35.VVV.WWW:1238 <-> 212.117.YYY.XXX:80 1/40 (proto=6)
ntop[29333]: 6) 212.117.YYY.XXX:80 <-> 192.35.VVV.WWW:1238 0/0 (proto=6)
...
It seems every connection on all protocols gets exported!
bye,
-christain-
--
Christian Hammers WESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet & Security for Professionals Fax 0241/911879
WESTEND ist CISCO Systems Partner - Authorized Reseller
_______________________________________________
Ntop-dev mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop-dev
