Hi That is exactly what the -o switch is all about...
It tells NTOP to group stats by IP only and forget about mac adddresses as they cannot be trusted. This is very common in modern networks. Try it and you should then have all the traffic for each *ip* host seperated. Mark Gibbons -----Original Message----- From: Kurt Buff [mailto:[EMAIL PROTECTED] Sent: 22 January 2004 3:15 To: '[EMAIL PROTECTED]' Subject: RE: [Ntop] mac address associated with incorrect host Err.... Let me clarify a little. By 'separate out the traffic', I mean 'make sure that each host is reported correctly according to its IP address' - I don't mean anything like a separate web page, or anything like that. Although, if that's what it takes.... :) Kurt |-----Original Message----- |From: Kurt Buff |Sent: Wednesday, January 21, 2004 19:09 |To: '[EMAIL PROTECTED]' |Subject: [Ntop] mac address associated with incorrect host | | |All, | |Perhaps I'm dim, but I think I'm missing something. I've read |the man page |for ntop, and can't seem to figure this out - I don't think that the -o |option is correct, but I'm willing to listen to an alternative opinion. | |I am very interested in tracking the remote sites' traffic, |and the local |traffic, but I've found that ntop doesn't do well on our |network with the |volume of Internet traffic, so I'm using --track-local-hosts |to keep the |excess traffic from being logged, and using --local-subnet to |tell ntop to |keep track of the foreign offices who are attached to us via our IPSec |tunnels. | |I've got a host at 192.168.61.8 (in AU) that seems to have had |attached to |it the MAC address for our firewall locally (in the US, and |the firewall's |address is 192.168.6.9), and ntop is reporting all traffic |against the MAC |address of the firewall as coming from the remote host. The |ntop host is on |a hub with the firewall, so it's listening to all of the |traffic transiting |the firewall. | |Is there any way I can separate out the traffic? Does this |require the use |of the -o option? | |ntop.conf, minus the comments, is below my .sig | | |Kurt Buff |Sr. Network Administrator |Zetron, Inc. |425.820.6363 x463 |[EMAIL PROTECTED] |PO Box 97004 |Redmond, WA 98073 | |----------ntop.conf---------- |--user ntop |--db-file-path /home/ntop/db/ntop |--interface xl0 |--use-syslog |--track-local-hosts |--http-server 3000 |--local-subnet |192.168.0.0/20,192.168.16.0/24,192.168.17.0/24,192.168.24.0/24, |192.168.38.0/ |24,192.168.61.0/24,192.168.111.0/24 |--reuse-rrd-graphics |--daemon |----------ntop.conf---------- | | | | |_______________________________________________ |Ntop mailing list |[EMAIL PROTECTED] |http://listgateway.unipi.it/mailman/listinfo/ntop | _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
