It's really simple actually. Here is the most basic configuration: ASA(config)# int ethernet 0/0 ASA(config-if)# description Outside Interface ASA(config-if)# exit ASA(config)# int ethernet 0/1 ASA(config-if)# description Span port ASA(config-if)# switchport monitor ethernet 0/0 both ASA(config-if)# exit
Then plug in a cable from 0/1 on the ASA to your promiscuous NIC in your ntopng box. You'll need 2 NICS to do this on your ntopng box. One for management and one for promiscuous listening. Greg Williams IT Security Manager/Security Principal Department of Information Technology University of Colorado Colorado Springs From: [email protected] [mailto:[email protected]] On Behalf Of Warwick Chapman Sent: Tuesday, February 11, 2014 8:42 AM To: [email protected] Subject: Re: [Ntop] Where to locate an ntopng box Hi Greg Thanks for this. Is that a type of port on a VLAN that behaves like promiscuous mode or must it be configured on the gateway device? I'm really battling to find anything in the ntop documentation about how to place an ntop box in the right place... -- Warwick Bruce Chapman | 083 7797 094 | http://wa.rwick.com Please support the DA's Election 2014 Campaign by donating here<http://donations.da.org.za/?r=2489>. On Tue, Feb 11, 2014 at 5:26 PM, Greg Williams <[email protected]<mailto:[email protected]>> wrote: You need to create a span/monitor port on a vlan somewhere where you are seeing the most traffic and have that feed into your box. From the sound of it you are only seeing switch traffic, which wouldn't really tell you anything useful. Greg Williams IT Security Manager/Security Principal Department of Information Technology University of Colorado Colorado Springs From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Warwick Chapman Sent: Tuesday, February 11, 2014 8:16 AM To: [email protected]<mailto:[email protected]> Subject: [Ntop] Where to locate an ntopng box Howdy Thank you Luca and team for a great product. We have the following topology: LAN --> Cisco ASA --> Cisco ISP I presently have the box with ntopng running on it plugged into the ASA's switch but it is capturing very little network activity at all. How do I ensure that it intercepts all the traffic? Must I add another network adapter and bridge them and place the box inline between LAN and Cisco ASA or between Cisco ASA and Cisco ISP? Tiny volumes on 15mbps line. -- Warwick Bruce Chapman | 083 7797 094 | http://wa.rwick.com Please support the DA's Election 2014 Campaign by donating here<http://donations.da.org.za/?r=2489>. _______________________________________________ Ntop mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
