The "Virtual Netflow Interface - Local Network IP Address/Mask" setting is confusing me also. I have a setup with one probe box (nProbe) and a collector box (ntop). I put al kinds of IPs (probe's private/public IP, collector's local IP, non-existant IP in the local subnet) and subnet masks (local subnet, subnet of network that is probed) in there, but I can't seem to notice any different behaviour from ntop.
What exactly is this used for in the code? And how does it show if you put something wrong in there? -- Robbert > -----Oorspronkelijk bericht----- > Van: Burton Strauss [mailto:[EMAIL PROTECTED] > Verzonden: zondag 14 september 2003 16:53 > Aan: [EMAIL PROTECTED] > Onderwerp: RE: [Ntop] ntop netflow help > > > Collector / probe, call it what you will, it's the device > that sees the raw packets and produces the netflow packets > who's address you need to mimic so that ntop correctly > displays (in the netFlow-device) the data it receives. > > -----Burton > > > ---------- Original Message ---------------------------------- > From: John Hally <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Sat, 13 Sep 2003 22:39:45 -0400 > > >isn't the collector Ntop? if so, it has one interface, eth0, with an > >address. > > > >?? > > > >thanks for the help! > > > >-----Original Message----- > >From: Burton M. Strauss III [mailto:[EMAIL PROTECTED] > >Sent: Friday, September 12, 2003 11:46 AM > >To: [EMAIL PROTECTED] > >Subject: RE: [Ntop] ntop netflow help > > > > > >Most likely, you hadn't restarted netFlow after changing > parameters - most > >don't take effect until the next restart. > > > >It could also be this, which strikes me as wrong: > > > > > >xxx.xxx.xxx.xxx/mask (ip and mask of eth0) > > > >It shouldn't be eth0, it should be the address of the flow > collector - > >remember, using netflow, it's as if ntop was located on that > remote network, > >but it needs to know what address to use. > > > >-----Burton > > > > > >-----Original Message----- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of John > >Hally > >Sent: Friday, September 12, 2003 10:28 AM > >To: '[EMAIL PROTECTED]' > >Subject: RE: [Ntop] ntop netflow help > > > > > >Thanks Burton/Blake, > > > >I did had the nic switched to the netflow vir. For the fun > of it I switched > >to a different port from the default, changed my access lists, and > >miraculously its working! I must have had a typo or > something in the access > >lists or something. > > > >Thanks for the help! > > > >-----Original Message----- > >From: Burton M. Strauss III [mailto:[EMAIL PROTECTED] > >Sent: Friday, September 12, 2003 10:04 AM > >To: [EMAIL PROTECTED] > >Subject: RE: [Ntop] ntop netflow help > > > > > >Admin | Switch NIC > > > >-----Original Message----- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of John > >Hally > >Sent: Friday, September 12, 2003 8:05 AM > >To: '[EMAIL PROTECTED]' > >Subject: [Ntop] ntop netflow help > > > > > > > >Hello Everyone, > > > >I hope someone can point out what I'm doing wrong. The > problem is I don't > >see ntop collecting any netflow data. I have set up the > router ok, as I'm > >seeing stats on protocols and exports fine, but it never > seems to make it to > >the ntop box for processing. Here's how I'm configured: > > > >Cisco edge router: > > > > serial0: > > ip route-cache flow > > > > Netflow export config: > > ip flow export xxx.xxx.xxx.xxx(NAT IP thru FW > to ntop box) > >port 2055 version 5 > > > > Netflow aggregation config: > > ip flow-aggregation protocol-port > > cache entries 2046 > > cache timeout inactive 200 > > cache timeout active 45 > > export destination xxx.xxx.xxx.xxx (NAT) 2055 > > enabled > > > >FW has access list allowing 2055 (default netflow plugin > port on Ntop) from > >router address > > > >Ntop started like this: > > > > /usr/local/bin/ntop -i eth0 & > > > >Netflow plugin config: > > Incoming Flows Local Collector UDP Port: 2055 > > Virtual Netflow Interface Local Network IP Address/Mask: > >xxx.xxx.xxx.xxx/mask (ip and mask of eth0) > > White List IP Address/Mask(s) we store data from: > >xxx.xxx.xxx.xxx/mask (ip and mask of router) > > Black List Blank > > Outgoing Flows Blank > > Debug On > > > > > >What am I missing? > > > >Thanks in advance. > > > >John H. > >_______________________________________________ > >Ntop mailing list > >[EMAIL PROTECTED] > >http://listgateway.unipi.it/mailman/listinfo/ntop > > > >_______________________________________________ > >Ntop mailing list > >[EMAIL PROTECTED] > >http://listgateway.unipi.it/mailman/listinfo/ntop > >_______________________________________________ > >Ntop mailing list > >[EMAIL PROTECTED] > >http://listgateway.unipi.it/mailman/listinfo/ntop > > > >_______________________________________________ > >Ntop mailing list > >[EMAIL PROTECTED] > >http://listgateway.unipi.it/mailman/listinfo/ntop > >_______________________________________________ > >Ntop mailing list > >[EMAIL PROTECTED] > >http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > ____________________________________________________________ > Free 20MB Web Site Hosting and Personalized E-mail Service! > Get It Now At Doteasy.com http://www.doteasy.com/et/ > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
