I'm monitoring a cisco 2950 with ntop latest from CVS ( .57) . Ntop never had any problems with seeing the traffic on the switch port. I'm posting my switch port config here.. might be of some help.
______________________ interface FastEthernet0/14 port monitor FastEthernet0/1 port monitor FastEthernet0/2 port monitor FastEthernet0/3 port monitor FastEthernet0/4 port monitor FastEthernet0/5 port monitor FastEthernet0/6 port monitor FastEthernet0/7 port monitor FastEthernet0/8 port monitor FastEthernet0/9 port monitor FastEthernet0/10 port monitor FastEthernet0/11 port monitor FastEthernet0/12 port monitor FastEthernet0/13 port monitor FastEthernet0/15 port monitor FastEthernet0/16 port monitor FastEthernet0/17 port monitor FastEthernet0/18 port monitor FastEthernet0/19 port monitor FastEthernet0/20 port monitor FastEthernet0/25 port monitor FastEthernet0/26 port monitor VLAN1 _______________ I've 2 Vlans on this switch. Monitoring just one. Regards -- Musfa -----Original Message----- From: Everett, Anthony (GNPC) [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 14:33 To: '[EMAIL PROTECTED]' Subject: RE: [Ntop] Ntop with multiple interfaces I have figured out what my problem was and wanted to share with everyone (although some of you may already know). I am using NTOP on a SPAN port on a Cisco 2950 switch.� Ethereal would see the packets but not NTOP.� While using the graphic version of Ethereal I noticed all the packets had an 802.1q encapsulation on them.� This appears to be the problem.� The switches are in a base configuration and not doing any VLAN or trunking.� I found that older versions of the 2950 IOS automatically monitored the port with the 802.1q encapsulation.� In the latest release the 802.1q encapsulation can be toggled on and off. The one switch I was capturing data on was a 2924 (older version of the 2950) and it did not have this issue. For future reference: If I was monitoring a switch using 802.1q encapsulation, are there switches in NTOP that I can set to get this to work?� If not, might it be support on future versions? Thanks for the help, Tony Everett -----Original Message----- From: Burton M. Strauss III [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 05, 2003 3:53 PM To: [EMAIL PROTECTED] Subject: RE: [Ntop] Ntop with multiple interfaces The report in info.html/textinfo.html reporting only eth0 is a trival bug and doesn't affect processing. I notice you don't have anything set for -m | --local-subnets.� With multiple (unnumbered) interfaces, that's pretty much required. Otherwise, both sender and destination are treated as remote, and remote-remote traffic is only shown in the IP Protos | Distribution report. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Everett, Anthony (GNPC) Sent: Wednesday, February 05, 2003 2:10 PM To: '[EMAIL PROTECTED]' Cc: Elsaid, Fadi Subject: RE: [Ntop] Ntop with multiple interfaces Sorry about that. Since receiving your email (and looking the mailing list issues) I have removed the old version and install the latest (2.1.57pre).� I also have attached the text configuration output. I still have the same problem, that only one interface is capturing IP data. All NIC cards are the same manufacturer.� As I mentioned, if I run Ethereal, I can capture IP data. Any help is greatly appreciated. -Tony -----Original Message----- From: Burton M. Strauss III [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 3:39 PM To: [EMAIL PROTECTED] Subject: RE: [Ntop] Ntop with multiple interfaces How about giving some info ... like ntop version, os, etc.? See "Howto ask for help" in the docs/FAQ and/or at http://snapshot.ntop.org -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Everett, Anthony (GNPC) Sent: Friday, January 31, 2003 2:48 PM To: '[EMAIL PROTECTED]' Subject: [Ntop] Ntop with multiple interfaces I have Ntop running with multiple interface (configuration: /usr/sbin/ntop -d -P /usr/share/ntop/ -u operator -E -n -i eth0,eth1,eth2,eth3,eth4 -L -c -M -p /usr/share/ntop/protocol.list) and most interfaces captures little to no data.� I use eth5 for management / access to Ntop.� I have tried all interfaces with and with out IP addresses.� If I run a sniffer trace I see plenty of data on all the interfaces.� Some interfaces report data but only layer 2 data. The only interface the captures IP data is eth3, which is on the same subnet as my management / access to Ntop interface. I have tried the -j option (I am spanning or monitoring other ports) with no luck. Any ideas why Ntop would not report the capture of data on different interfaces (I have performed the switch interface function from the admin screen)? -Tony _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
