Gary, et al,

Yeah - I was wondering about the NAT thing.

Our Cisco routers can only export to a total of 2 flow destinations.  Also, 
each router we have has several networks, each run by different entities.  One 
entity isn't supposed to see ntop data from the other entity. So, the idea was 
to set up a ntop process for each entity/network and then limit access to that 
ntop process on a username/password basis.  However, since we can only have two 
export destinations per router and a router might have 5-20 networks on it, I 
thought I'd just export one flow to the ntop box, it'd parse things out and 
each process could "share" the data and do its own thing.  Maybe not :-(

Thank you though - I'll look into the NAT idea....

--Greg Redder

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Gatten
Sent: Tuesday, February 12, 2008 1:21 PM
To: [email protected]
Subject: Re: [Ntop] 2 ntop processes each running netflow listening on 
sameport....

If you can't change the udp port ntop listens on I'm not sure what to do.  I 
have a couple instances both listening to maybe... 8 - 10 different ports for 
different netflows.  If there's nothing "requiring"
you to run multiple instances, don't do it.

If you can't change the netflow port the router sends to, MAYBE you could do 
some NAT on the ntop box to make the ports unique before ntop see the traffic?  
So router a.b.c.d:2055 doesn't get nat'd, but router
w.x.y.z:2055 get's nat'd to w.x.y.z:2056?  This should work - might take a 
loopback interface or something...

Gary




-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Redder,Greg
Sent: Tuesday, February 12, 2008 2:15 PM
To: [EMAIL PROTECTED]
Subject: [Ntop] 2 ntop processes each running netflow listening on sameport....


Dear NTOP community,

I am running ntop3.2 on Fedora Core 6.  I have two ntop processes running using 
different config files and listening on different http ports.  One process is 
configured to listen on one ethernet card and the other on another ethernet 
card.  Each card has a separate network spanned (mirrored) to it.  This works 
great.

What I ran into is that I'm trying to do the same thing in another spot on our 
network where I can't do a span port.  So, instead, I feed the ntop box flows 
from one of our Cisco routers to port 2055.  This works fine for one process, 
but when I start up the other - the first process stops processing data.  It 
looks like it's working, but none of the data actually changes anymore - it's 
static from the time the other process was started.

What appears to be happening is that the last netflow plugin to get started 
trumps the previous one.  Sending data from the router to two
different ports isn't an option in my environment :-(   I have each
netflow plugin configured with a  different device name and different data 
directories.  So, I don't think the conflict is in that part.

Thus, I'm wondering if there's anyway to get two ntop processes to coexist... 
each using their netflow plugin and reading in netflow data from the same port?

Thank you --Greg Redder
                Network Analyst
                Colorado State University

========================================================================
=======
Greg Redder                         Academic Computing & Networking
Services
Colorado State University, ACNS     Phone:(970)491-7222  FAX:
(970)491-1958
601 S. Howes, Room 625              E-mail: [EMAIL PROTECTED]
Fort Collins, CO 80523       PGP
Fprint:CD62EAE6227D96FC7C232B16DFE3B5D9B2F64352
========================================================================
=======
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop





<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 
1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended 
recipient  and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that  any 
review, use, dissemination, disclosure or copying of this email  and its 
attachments, if any, is strictly prohibited.  If you have  received this email 
in error, please immediately notify the sender by  return email and delete this 
email from your system."
</font>

_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

Reply via email to