-n | --numeric-ip-addresses dnsResolutionForLocalHostsOnly <------------------could this be the issue
Yes. Also prolly want -o [--no-mac]. G -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of casey rhoads Sent: Thursday, June 30, 2011 2:31 PM To: [email protected] Subject: Re: [Ntop] Last Contacted Peers Command Line Started as.... ntop Resolved to.... ntop Preferences Used NOTE: (effective) means that this is the value after ntop has processed the parameter.(default) means this is the default value, usually (but not always) set by a #define in globals-defines.h. -a | --access-log-file (default) (nil) -b | --disable-decoders (default) No -c | --sticky-hosts (default) No -d | --daemon No -e | --max-table-rows (default) 128 -g | --track-local-hosts (default) Track all hosts -i | --interface (effective) eth0 -j | --create-other-packets (default) Disabled -l | --pcap-log (default) (nil) -m | --local-subnets (effective) 10.11.96.0/22, 172.18.10.0/27 -n | --numeric-ip-addresses dnsResolutionForLocalHostsOnly <------------------could this be the issue -o | --no-mac (default) Trust MAC Addresses -p | --protocols (default) internal list -q | --create-suspicious-packets (default) Disabled -r | --refresh-time (default) 120 -s | --no-promiscuous (default) No -t | --trace-level (default) 3 -u | --user nobody (uid=99, gid=99) -w | --http-server (default) Active, all interfaces, port 3000 -z | --disable-sessions (default) No -B | --filter-expression (default) none -D | --domain none -F | --flow-spec (default) none -K | --enable-debug (default) No -L | --use-syslog daemon -M | --no-interface-merge (effective) (default) (Merging Interfaces) Yes -O | --pcap-file-path (default) /var/lib/ntop -P | --db-file-path (default) /var/lib/ntop -Q | --spool-file-path (default) /var/lib/ntop -U | --mapper (default) http://geotool.servehttp.com/ -W | --https-server Uninitialized -X 32768 --disable-instantsessionpurge (default) No --disable-mutexextrainfo Yes --disable-stopcap Yes --fc-only (default) No --instance (default) (nil) --no-fc (default) No --no-invalid-lun (default) No --p3p-cp (default) none --p3p-uri (default) none --skip-version-check Yes --w3c Yes On Thu, Jun 30, 2011 at 11:55 PM, Gary Gatten <[email protected]> wrote: > Gotta be startup args. Go to About -> Show Configuration. Scroll down a bit > to "Command Line". Also note "Preferences Used" and perhaps look for > anything else "odd". > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of casey rhoads > Sent: Thursday, June 30, 2011 2:20 PM > To: [email protected] > Subject: Re: [Ntop] Last Contacted Peers > > no startup args. I installed with pacman from the Arch directories. > > On Thu, Jun 30, 2011 at 11:47 PM, Gary Gatten <[email protected]> wrote: >> IPv6? >> >> Packet Statistics? Generally speaking "all" reporting functions are enabled >> by default - in fact, many/all can't be enabled/disabled. >> >> Did you build 4.0.3 or install a package? Obviously something is not right. >> What are your startup args? >> >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of casey rhoads >> Sent: Thursday, June 30, 2011 2:10 PM >> To: [email protected] >> Subject: Re: [Ntop] Last Contacted Peers >> >> Gary thank you for the quick response below is a response from the web >> gui for last contacted peers. >> >> Last Contacted Peers >> >> Sent To IP Address >> ff02::1:ff3d:37d4 ff02::1:ff3d:37d4 >> ff02::1:ff79:9cdc ff02::1:ff79:9cdc >> ff02::1:ff9f:e429 ff02::1:ff9f:e429 >> ff02::1:3 ff02::1:3 >> 224.0.0.252 224.0.0.252 >> ff02::1:ffb2:6cd1 ff02::1:ffb2:6cd1 >> ff02::1:2 ff02::1:2 >> Total Contacts 23 >> >> >> I am also missing the packet statistics section. how would i enable that? >> >> Thank you >> >> On Thu, Jun 30, 2011 at 11:29 PM, Gary Gatten <[email protected]> wrote: >>> I'm not certain I understand your question. However, I personally have >>> never seen host names in the "Last Contacted Peers" (LCP) table. Even if >>> 1.1.1.1 resolves to www.gary.net and is displayed in other reports as >>> www.gary.net, it always shows up as 1.1.1.1 in the LCP table. For me this >>> has always been the case - as far as I recall. Someone recently posted a >>> similar question / statement, claiming his LCP WAS showing hostnames until >>> an ntop upgrade, and he tweaks the name res options (-n 2 I think) and it >>> started displaying names again. Perhaps google for ntop and Last Contacted >>> Peers and see what you find, this thread was in the last 4 - 8 weeks IIRC. >>> >>> As for the resolution process in general; ntop "sniffs" packets as well as >>> performs name/IP lookups. It's typically pretty good at resolving things. >>> >>> Also, from my experience multicast IP's are nearly impossible to resolve to >>> a host / unicast IP address. Some are well known / reserved, but >>> 224.0.0.52 appears to not be. >>> >>> I'm thinking I didn't answer your question, but hopefully at least pointed >>> you in the right direction. >>> >>> G >>> >>> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of casey rhoads >>> Sent: Thursday, June 30, 2011 1:30 PM >>> To: [email protected] >>> Subject: [Ntop] Last Contacted Peers >>> >>> I have installed NTOP 4.0.3 on arch linux it shows all last contacted >>> peers that are outside of the network as multicast dns such as >>> 224.0.0.52 i need to change this to the actual name of the website. >>> >>> How would i go about getting these to resolve to websites. >>> >>> Thank you in advance >>> >>> Casey >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >>> >>> >>> >>> >>> <font size="1"> >>> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in >>> 0in 1.0pt 0in'> >>> </div> >>> "This email is intended to be reviewed by only the intended recipient >>> and may contain information that is privileged and/or confidential. >>> If you are not the intended recipient, you are hereby notified that >>> any review, use, dissemination, disclosure or copying of this email >>> and its attachments, if any, is strictly prohibited. If you have >>> received this email in error, please immediately notify the sender by >>> return email and delete this email from your system." >>> </font> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> >> >> >> >> <font size="1"> >> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in >> 0in 1.0pt 0in'> >> </div> >> "This email is intended to be reviewed by only the intended recipient >> and may contain information that is privileged and/or confidential. >> If you are not the intended recipient, you are hereby notified that >> any review, use, dissemination, disclosure or copying of this email >> and its attachments, if any, is strictly prohibited. If you have >> received this email in error, please immediately notify the sender by >> return email and delete this email from your system." >> </font> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > <font size="1"> > <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in > 0in 1.0pt 0in'> > </div> > "This email is intended to be reviewed by only the intended recipient > and may contain information that is privileged and/or confidential. > If you are not the intended recipient, you are hereby notified that > any review, use, dissemination, disclosure or copying of this email > and its attachments, if any, is strictly prohibited. If you have > received this email in error, please immediately notify the sender by > return email and delete this email from your system." > </font> > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
