I missed the fact you're still running 2.0 Grab 2.0.99 from http://snapshot.ntop.org/
IIRC, 2.0.1 may have the -j parameter in it, but the stuff still isn't quite right. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sancho Lerena Sent: Tuesday, May 14, 2002 11:53 AM To: Burton M. Strauss III; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [Ntop] Problems with IP / MAC in a VRRP enviroment. Wow, this "-j" is not listed in man parameters... Un saludo, Sancho Lerena Dpto. Comunicaciones AOL Avant Spain. Tel: 912-100-350, ext 428 > -----Mensaje original----- > De: Burton M. Strauss III [mailto:[EMAIL PROTECTED]] > Enviado el: martes, 14 de mayo de 2002 15:46 > Para: [EMAIL PROTECTED] > CC: [EMAIL PROTECTED] > Asunto: RE: [Ntop] Problems with IP / MAC in a VRRP enviroment. > > > If the MAC addresses are being munged by any sort of appliance, > switch, etc. > you need to use -j (--border-sniffer-mode), which turns off ntop's > dependence on MAC addresses. Note that you will lose some functionality > because of this, but it's stuff - as you point out - that ntop can't > reliably determine anyway... > > -----Burton > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Sancho Lerena > Sent: Tuesday, May 14, 2002 4:08 AM > To: [EMAIL PROTECTED] > Subject: [Ntop] Problems with IP / MAC in a VRRP enviroment. > > > Hello, > > I'm using NTOP in a production enviroment to check network traffic and > efficiency of our network. We have detected a problem with NTOP: it assign > MAC to IP with nosense. We have about 100 hosts in out NOC, and > NTOP tell us > that three "hosts" are taking all the load... > > If you look at the MAC you find a VRRP MAC assigned to an IP of > SMTP server. > I think that something was wrong. I suppose that Cabletron Load Balancing > and/or VRRP setup of our firewalls and Cabletron Switches can be confusing > NTOP. > > We have a FastEthernet portmirror on a Cabletron 8000 and 8600 > (we have two > NTOP's and we have similar problems). > > Examples: > > Info about host 10.y.x.41 (taking about 90% of our NOC traffic, impossible > in real life). > IP Address 10.y.x.41 [unicast] > First/Last Seen 05/06/02 19:52:10 - 05/14/02 10:48:03 [7 day(s) > 14:55:53] > Last MAC Address/Router 00:00:5E:00:01:04 > > In other 2.0 version it has a "Duplicated IP or Wrong netmask" > warning, but > I'm using ntop v.2.0.0 MT [i686-pc-linux-gnu] (03/11/02 03:38:09 PM build) > and this error dont appear. This host is a Debian Woody with kernel 2.4.6 > and 3Com PCI 3c905B Cyclone NIC's. > > I'm using other NTOP, version ntop v.2.0.0 MT [i686-pc-linux-gnu] > (04/12/02 > 11:48:31 AM build), with debian Woody using 2.2.19 kernel, and the same > nic's. > > Setup is a basic debian config with some changes in > /etc/init.d/ntop script > > USER="ntop" > GETOPT=" -E -n -c -m z.x.y.0/16,z.x.y.0/16" > PORT="xxxx" > INTERFACES="eth1" > SAVE="2" > TRACE="2" > > start-stop-daemon --start --quiet --name $NAME --exec $DAEMON -- \ > -d -L -u $USER -w $PORT -p /etc/ntop/protocol.list -P $HOMEDIR \ > -S $SAVE -a /var/lib/ntop -R /etc/ntop/rules -i $INTERFACES \ > -t $TRACE -O $LOGDIR $GETOPT > > Thanks for your help, > > Un saludo, > > Sancho Lerena > [EMAIL PROTECTED] > GNUSec, the GNU Security Resource. > http://www.gnusec.com > > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
