Wow, this "-j" is not listed in man parameters...
Un saludo,
Sancho Lerena
Dpto. Comunicaciones
AOL Avant Spain.
Tel: 912-100-350, ext 428
> -----Mensaje original-----
> De: Burton M. Strauss III [mailto:[EMAIL PROTECTED]]
> Enviado el: martes, 14 de mayo de 2002 15:46
> Para: [EMAIL PROTECTED]
> CC: [EMAIL PROTECTED]
> Asunto: RE: [Ntop] Problems with IP / MAC in a VRRP enviroment.
>
>
> If the MAC addresses are being munged by any sort of appliance,
> switch, etc.
> you need to use -j (--border-sniffer-mode), which turns off ntop's
> dependence on MAC addresses. Note that you will lose some functionality
> because of this, but it's stuff - as you point out - that ntop can't
> reliably determine anyway...
>
> -----Burton
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Sancho Lerena
> Sent: Tuesday, May 14, 2002 4:08 AM
> To: [EMAIL PROTECTED]
> Subject: [Ntop] Problems with IP / MAC in a VRRP enviroment.
>
>
> Hello,
>
> I'm using NTOP in a production enviroment to check network traffic and
> efficiency of our network. We have detected a problem with NTOP: it assign
> MAC to IP with nosense. We have about 100 hosts in out NOC, and
> NTOP tell us
> that three "hosts" are taking all the load...
>
> If you look at the MAC you find a VRRP MAC assigned to an IP of
> SMTP server.
> I think that something was wrong. I suppose that Cabletron Load Balancing
> and/or VRRP setup of our firewalls and Cabletron Switches can be confusing
> NTOP.
>
> We have a FastEthernet portmirror on a Cabletron 8000 and 8600
> (we have two
> NTOP's and we have similar problems).
>
> Examples:
>
> Info about host 10.y.x.41 (taking about 90% of our NOC traffic, impossible
> in real life).
> IP Address 10.y.x.41 [unicast]
> First/Last Seen 05/06/02 19:52:10 - 05/14/02 10:48:03 [7 day(s)
> 14:55:53]
> Last MAC Address/Router 00:00:5E:00:01:04
>
> In other 2.0 version it has a "Duplicated IP or Wrong netmask"
> warning, but
> I'm using ntop v.2.0.0 MT [i686-pc-linux-gnu] (03/11/02 03:38:09 PM build)
> and this error dont appear. This host is a Debian Woody with kernel 2.4.6
> and 3Com PCI 3c905B Cyclone NIC's.
>
> I'm using other NTOP, version ntop v.2.0.0 MT [i686-pc-linux-gnu]
> (04/12/02
> 11:48:31 AM build), with debian Woody using 2.2.19 kernel, and the same
> nic's.
>
> Setup is a basic debian config with some changes in
> /etc/init.d/ntop script
>
> USER="ntop"
> GETOPT=" -E -n -c -m z.x.y.0/16,z.x.y.0/16"
> PORT="xxxx"
> INTERFACES="eth1"
> SAVE="2"
> TRACE="2"
>
> start-stop-daemon --start --quiet --name $NAME --exec $DAEMON -- \
> -d -L -u $USER -w $PORT -p /etc/ntop/protocol.list -P $HOMEDIR \
> -S $SAVE -a /var/lib/ntop -R /etc/ntop/rules -i $INTERFACES \
> -t $TRACE -O $LOGDIR $GETOPT
>
> Thanks for your help,
>
> Un saludo,
>
> Sancho Lerena
> [EMAIL PROTECTED]
> GNUSec, the GNU Security Resource.
> http://www.gnusec.com
>
>
> _______________________________________________
> Ntop mailing list
> [EMAIL PROTECTED]
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
