Thanks Chris. Our NetBSD box does indeed route internal networks so I really need to be able to filter this out.
Would anyone happen to have some good filter examples? Ideally I just want to show traffic that is outbound/inbound to/from the Internet. On Wed, Dec 17, 2014 at 3:18 AM, Chris Bennett <[email protected]> wrote: > Hi Rob, > > > Currently I am mirroring all traffic from the internet port to ntopng, > this > > is great as I'm getting 100% view of our Internet traffic, but really I > > want to be mirroring the internal network port on the server so I can see > > who is doing what, but I fear ntopng will show private IP traffic also? > > You will see any private IP traffic destined to your netbsd firewall, > and any broadcast traffic. You wouldn't normally see traffic between > two internal hosts unless the netbsd device was routing between two > private networks. > > There is also the '-B <filter>' expression which can allow you to > filter in or out any traffic you want to monitor (e.g. you may want to > filter out any traffic sourced from, and destined to, your internal > networks). > > Regards, > > Chris > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
