"-o" in ntop args ________________________________ From: [email protected] <[email protected]> To: [email protected] <[email protected]> Sent: Wed Sep 08 13:50:54 2010 Subject: [Ntop] Ntop Displaying MAC not IP
Good Day, I am running Ntop on ubuntu under VMware. I had everything working then we made some changes to the network and things have not been right since. If I perform a tcpdump and reviewed at the traffic from wireshark. I see all the expected packets on the interface feeding Ntop. Not quite sure what we did but I now see in the “host activity” is a bunch of data for the MAC address and not the IP address. Under the traffic and load links, the data looks correct. It seems to be tied to host id’s alone. vmware, inc.:a8:6f:1a [MAC]</00_50_56_A8_6F_1A.html> 131.4 bit/s 12.2 bit/s 131.4 bit/s 0.4 Pkt/s 0.0 Pkt/s 0.4 Pkt/s vmware, inc.:a8:29:e4 [MAC]</00_50_56_A8_29_E4.html> 105.1 bit/s 11.7 bit/s 105.1 bit/s 0.3 Pkt/s 0.0 Pkt/s 0.3 Pkt/s vmware, inc.:a8:18:a2 [MAC]</00_50_56_A8_18_A2.html> 105.1 bit/s 11.7 bit/s 105.1 bit/s 0.3 Pkt/s 0.0 Pkt/s 0.3 Pkt/s vmware, inc.:a8:5d:9e [MAC]</00_50_56_A8_5D_9E.html> 78.9 bit/s 11.7 bit/s 78.9 bit/s 0.2 Pkt/s 0.0 Pkt/s 0.2 Pkt/s vmware, inc.:a8:64:62 [MAC]</00_50_56_A8_64_62.html> 78.9 bit/s 11.7 bit/s 78.9 bit/s 0.2 Pkt/s 0.0 Pkt/s 0.2 Pkt/s vmware, inc.:a8:75:c9 [MAC]</00_50_56_A8_75_C9.html> 78.9 bit/s 11.7 bit/s 78.9 bit/s 0.2 Pkt/s 0.0 Pkt/s 0.2 Pkt/ Any ideas? Thanks, John ****************Background Switch info We are using Cisco port mirroring using the following command: monitor session 10 source interface Gi0/32 monitor session 10 destination interface Gi0/28 encapsulation replicate ingress untagged vlan 101 where port 28 is connected to a VMware server and configured as: ! interface GigabitEthernet0/28 description Business Net sdcESXi switchport access vlan 101 switchport mode access switchport nonegotiate spanning-tree portfast ! Port 31 is configured as: ! interface GigabitEthernet0/32 description To CiscoDMZ P2 switchport access vlan 101 switchport mode access ! Basic Information ntop Version x86_64-2.6.31-22-server-linux-gnu (64 bit) Running as user ntop Configured on Sep 3 2010 13:54:27 Built on Sep 3 2010 13:55:27 OS x86_64-2.6.31-22-server-linux-gnu This version of ntop is the CURRENT stable version Next version recheck is Wed Sep 22 15:36:37 2010 libpcap<http://www.tcpdump.org/> Version ?? RRD<http://www.rrdtool.org/> Version 1.3001 GeoIP<http://www.maxmind.com/> Version GEO-533LITE 20090701 Build 1 Copyright (c) 2007 MaxMind LLC All Rights Reserved GeoIP<http://www.maxmind.com/> AS Version GEO-117 20090321 Build 1 Copyright (c) 2007 MaxMind LLC All Rights Reserved Running from /usr/local/bin Libraries in /usr/local/lib ntop Process Id 1345 http Process Id 1 Run State Run Command Line Started as.... /usr/local/bin/ntop -d -L -u ntop -P /usr/local/var/ntop --access-log-file -i eth0,eth1 -p /etc/ntop/protocol.list -O /var/log/ntop -M Resolved to.... /usr/local/bin/ntop -d -L -u ntop -P /usr/local/var/ntop --access-log-file=/var/log/ntop/access.log -i eth0,eth1 -p /etc/ntop/protocol.list -O /var/log/ntop -M <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
