Hello all, I have a machine that acts as a monitoring device/sensor on my network, it has 6 NIC's and receives copies of data from my switches via monitor ports. ntop collects traffic for each interface from various network segments and I have it set up with -m to avoid aggregation, which is very nice.
In this particular scenario, should I be using the -C option as well. Though, the machine isn't a router. Is that what is meant by "traffic exchange" in the manual. That's where I'm becoming confused: "Using ntop in network mode is extremely useful when installed in a traffic exchange (e.g. in the middle of the Internet) whereas the host mode should be used when ntop is installed on the edge of a network" The sensor is located on our LAN. Also, I on the traffic reports page of a particular interface where it says: Dropped (libpcap): 0.0% 0 Dropped (ntop): 0.0% 0 If the kernel drops packets will that increment the libpcap "dropped" counter? Or is that something different? Is there a correlation between kernel and libpcap drops? Can a kernel drop packets without notifying libpcap and thus having ntop cease to report it. Tcpdump uses libpcap and reports "dropped by kernel" after a capture. As of now, I'm presuming that the "dropped by kernel" amount is the "dropped (libpcap)" amount and that libpcap is just getting the number(amount) from the kernel through a bpf function or something. Please correct me if I'm wrong. Thanks! -- - Jon -- ------------------------------------------------------------------ VMB: 812-682-0231 Dubois County Linux User Group - http://www.dclinux.org Southern Indiana Computer Klub - http://sickbits.networklabs.org Bloomington FOOLS - http://www.bloomingtonfools.org/ BloomingLabs - http://www.bloominglabs.org ISSA-Kentuckiana - http://issa-kentuckiana.org GPG Key ID: 810903CB Key fingerprint = 0069 ED69 EABB DF84 5983 AD3C 6C20 BEFD 8109 03CB
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
