Hello Everybody, short version: is there a way to make ntop trust only IP addresses but display MAC addresses "as if started w/o -o" ?
long version: I use ntop to monitor large networks via switches (port mirroring). If I don't use -m, everything "works fine", but as expected most of the traffic is considered remote<->remote. However if I tell ntop what to consider local, it stops picking up all hosts (I am not sure about remote hosts, but it definitely fails to see several local hosts; I monitored the exact same traffic using two different ntop sensors connected to a hub, one with -m and one without). One of the local hosts ntop actually displays, seems to produce much more traffic then it actually does and the number of open ports is not correct either. Naturally, the displayed MAC is in fact the gateway's (and the traffic is probably the total traffic coming through that gateway, so that the open ports mentioned above are probably indeed open, but on several different hosts). If I add -o, everything "works fine" again, ntop (most probably) picks up all hosts and classifies them remote/local according to -m. But it does not only not "trust MAC addresses" [manpage] but also it does not diplay them... Eventually, that is still pretty good. But I don't understand why distinguishing between local and remote traffic inhibits the monitoring of MAC addresses (and IPX). In case this isn't due to my settings or a bug, I would also welcome a way of just displaying the MAC addresses ntop figured out in a separate table row. Thanks in advance! Regards Peter _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
