All, Perhaps I'm dim, but I think I'm missing something. I've read the man page for ntop, and can't seem to figure this out - I don't think that the -o option is correct, but I'm willing to listen to an alternative opinion.
I am very interested in tracking the remote sites' traffic, and the local traffic, but I've found that ntop doesn't do well on our network with the volume of Internet traffic, so I'm using --track-local-hosts to keep the excess traffic from being logged, and using --local-subnet to tell ntop to keep track of the foreign offices who are attached to us via our IPSec tunnels. I've got a host at 192.168.61.8 (in AU) that seems to have had attached to it the MAC address for our firewall locally (in the US, and the firewall's address is 192.168.6.9), and ntop is reporting all traffic against the MAC address of the firewall as coming from the remote host. The ntop host is on a hub with the firewall, so it's listening to all of the traffic transiting the firewall. Is there any way I can separate out the traffic? Does this require the use of the -o option? ntop.conf, minus the comments, is below my .sig Kurt Buff Sr. Network Administrator Zetron, Inc. 425.820.6363 x463 [EMAIL PROTECTED] PO Box 97004 Redmond, WA 98073 ----------ntop.conf---------- --user ntop --db-file-path /home/ntop/db/ntop --interface xl0 --use-syslog --track-local-hosts --http-server 3000 --local-subnet 192.168.0.0/20,192.168.16.0/24,192.168.17.0/24,192.168.24.0/24,192.168.38.0/ 24,192.168.61.0/24,192.168.111.0/24 --reuse-rrd-graphics --daemon ----------ntop.conf---------- _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
