Check the stats in the configuration page - is ntop sniffing these resolutions? It might be that you've got a DNS server returning incorrect information (does Kazza use DNS as a way of getting around firewalls???)
Read the back traffic - there's been a couple of discussions on how name resolution works, and it should all be summarized in the docs/FAQ entries. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Brien Dieterle Sent: Wednesday, November 12, 2003 10:59 AM To: [EMAIL PROTECTED] Subject: [Ntop] host info not correct, other weird problems System info: ntop version 2.2.96 Built on 11/10/03 02:18:26 PM OS i686-pc-linux-gnu (debian Linux unknown) ntop -n -P /var/lib/ntop/ -O /var/log/ntop -m 140.xxx.xxx.0/20 -d -w 140.xxx.xxx.xxx:3000 -i eth0 -n I've tried various versions of ntop, precompiled, cvs, 2.0, 2.2, you name it. When the hosts are listed such as when you show IP Traffic Local to Remote-- some very strange hosts show up. I have dns resolving off (either way it still does this). 0001e65832e482dgcg_c106_classroom_hp4100n 140.198.128.93 357.9 MB 68.8 % 637.2 MB 42.9 % This is an example, instead of an ip address like most hosts, it gives this-- part of a mac address and a dns name of a printer. Clicking the host for details gives inconsistencies-- Main Host MAC Address AA:00:04:00:FF:83 Nw Board Vendor DIGITAL EQUIPMENT CORPORATION OS Name [Windows NT 5.0; FunWebProducts] NetBios Name JOEUSER [domain SOMEDOMAIN] (Server) IPX Name 0001e65832e482dgcg_c106_classroom_hp4100n [//////] Notice the IPXName is showing the same name the previous screen had. We don't even use IPX on our network. Furthermore, the Main Host MAC Address is reporting the routers MAC, not a client. And if it is a printer as the IPX Name says it is, then why is the NetBios name a random user machine on our network, and the OS is Windows NT? The other thing is these hosts are quite often heavy kazaa users downloading Led Zepplein... Is there a correlation? Does anyone else get strange hosts with conflicting dns/ipx/IP/MAC information? thanks! brien _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
