Read the entries in docs/FAQ and the back traffic on this. Check the values in the info.html report (I probably should add a few counts count for various cases - it might be that the ntop generated queries are failing).
Read through resolveAddress() in address.c - ntop does everything possible to avoid making a dns query. Note that the address resolution thread uses resolveAddress(&addr, 0, 0 /* use default device */);, i.e. the 1st device in the list from Admin | switch NIC Whereas the call in getHostInfo() and the one when allocating a new host are resolveAddress(&hostIpAddress, 0, actualDeviceId); (i.e. the current reporting device). So, if you don't have DNS resolution on all your interfaces, the only way it's resolving is via the sniff - which can take time. (Suppose you have a 10. and a public IP and your DNS resolver is set to an internal, 10. host, then queries out the public port will not succeed!) -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chris Bshaw Sent: Friday, February 21, 2003 6:36 AM To: [EMAIL PROTECTED] Subject: [Ntop] DNS resolution and netflow Hi.... I am using ntop 2.1.57 (from sourceforge) on RedHat 7.3 as a netflow collector. It all seems to work OK, but on the webinterface, all I get it IP addresses....eg: if I go to Total -> TCP/UDP, I get a long table of hosts with traffic stats, but the 'Host' column only has IP addresses..... I have noticed that if I use the Admin -> Switch NIC to switch to eth0 (which disables netflow collection), the 'Host' column DOES have actual names rather than IP addresses..... I am running ntop with the @<configfile> option.....the contents of my config file are below..... -u ntop -P /usr/share/ntop/ntop-backbone -D <local domain> -m <list of local subnets> -M -E -C -p /etc/protocols.ntop -w 3000 ....also it appears that the DNS address resolution thread is starting: 21/Feb/2003 12:29:43 Started thread (3076) for DNS address resolution. 21/Feb/2003 12:29:43 Initializing plugins (if any)... 21/Feb/2003 12:29:43 Starting plugin 'rrdPlugin'... 21/Feb/2003 12:29:43 Welcome to the RRD plugin... 21/Feb/2003 12:29:43 THREADMGMT: Address resolution thread started... ....and the files addressCache.db and dnsCache.db exist where they are supposed to be and they are getting updated, and do contain valid names (I looked using the 'strings' command). Am I doing something wrong? Or is IP -> name resolution disabled when using the NetFlow-Device? Thanx in advance. Chris. _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
