First, sorry for my bad english. It's not my native language.
I have encounter strange problem with ntop. I don't know if it is a
bug or my error in ntop configruation.
My network topology:
Linux box with two interfaces:
eth0 - x.x.x.10/30 - default gw -> x.x.x.9/30
eth1 - y.y.y.193/27 - dmz
eth1:1 - 192.168.200.1/30 - link to my switch (managed)
I wanted to monitor traffic on eth1 subnet (local only, no remote hosts)
My first step was that ntop config:
ntop -i eth1 -g -m y.y.y.193/27 -n -o -z -c
But ntop added for eth1:1 interface default subnet 0.0.0.0 and because
of this ntop monitor local and remote traffic.
My second try was this:
ntop -i eth0 -g -m y.y.y.193/27 -n -o -z -c --known-subnets y.y.y.193/27
And this almost worked for me. Problem was that some hosts from
y.y.y.193/27 network were missing
for example:
y.y.y.193 - ok
y.y.y.194 - ok
y.y.y.195 - missing
y.y.y.196-198 - ok
y.y.y.199 - missing
etc
Every hosts modulo 4 was missing (4 host == prefix for eth0
interface). I seems that ntop use eth0 network mask to filter hosts
from -m subnet paramter.
My solution for this problem was to "hack" source of ntop to change
subnet for eth0 to make this config work for me. ( i simply set
netmask of eth0 == eth1 in source file initialize.c)
My question is:
is this ntop config ok?
ntop -i eth0 -g -m y.y.y.193/27 -n -o -z -c --known-subnets y.y.y.193/27
I tested this on ntop 3.3.8 and 3.3.9 and olders (i was unable to
compile 3.3.10 on my centos 5.3 box with default toolchain)
I hope you understand me :)
Greetings
_______________________________________________
Ntop-dev mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
