netFlow is pure IP - there ARE no MAC addresses. So
all of the MAC dependent stuff simply doesn't have the data.
netBIOS name resolution is part of the sniffing.
Again, ntop doesn't see the raw packets, so there's no data it CAN
sniff.
-----Burton
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Beck
Sent: Monday, March 21, 2005 2:10 PM
To: [email protected]
Subject: [Ntop] NTOP and NetFlow
I know the NetFlow
is a sore subject lately. I just have a couple questions/observations now that
I've switched from using libpcap to NetFlows.
1. Is all layer 2
information ignored with respect to the IP flows? I no longer get the MAC
addresses of the machines that I have the traffic stats for. I'm figuring this
is the case since the NetFlow is layer 3 info, but just thought I'd bounce it
off of the list.
2. Is NetBIOS
name resolution not used when using NetFlow? I've noticed that I only have names
resolved for those nodes that have DNS entries. Why would this get lost? Am I
missing something?
I have done a bit of
poking around, so forgive me if it's been covered. If it has, just kick me in
the right direction please.
-Chris
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
