On Tue, Feb 11, 2014 at 7:15 AM, Warwick Chapman <[email protected]> wrote: > Howdy > > Thank you Luca and team for a great product. > > We have the following topology: > > LAN --> Cisco ASA --> Cisco ISP > > I presently have the box with ntopng running on it plugged into the ASA's > switch but it is capturing very little network activity at all. How do I > ensure that it intercepts all the traffic? > > Must I add another network adapter and bridge them and place the box inline > between LAN and Cisco ASA or between Cisco ASA and Cisco ISP? > > Tiny volumes on 15mbps line. > > -- Warwick Bruce Chapman | 083 7797 094 | http://wa.rwick.com
I have placed managed switches at two critical points in my network: between the firewall and the ISP-facing router, and between the firewall and my network's core switch, and have turned on port mirroring on each one. In addition, I have turned on port mirroring on my core switch. This gives me visibility at all of my choke points, not just for ntop, but also for other purposes as well. The switch between my firewall and ISP-facing router is unnumbered, as I don't need another point of exploit for black hats. Kurt _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
