Hi!
I'm having the following network configuration:
-- Ntop
|
Offices ?- serial -- |------------| -- Ethernet ?- Main Office
Offices ?- serial -- | Cisco 7500 | |
Offices ?- serial -- |------------| -- Firewall -- Internet
Ntop is running fine, but it has troubles with host discovery. In my
network the following scenario is quite common:
1. A computer in the main office wants to access a computer on the
Internet.
2. The traffic is send to the Cisco router (it's the default gateway)
3. The Cisco routes the packet to the Firewall
Problem is that all are in the same subnet: Computer, Cisco 7500, Firewall.
This leads to Ntop discovering packets from computers in the local subnet
send with the MAC address of the Cisco (because they are routed to the
firewall in step 2). After Ntop it starting it picks the first computers
name and IP address which is routed through the Cisco and then adds the
following IP addresses (which are routed too) under that name (which
totally screws up host discovery and the session statistic).
The result looks like this:
Info about sp205
IP Address 1.1.60.105, 1.110.45.100, 1.1.59.2, 1.1.64.23, 1.1.64.19,
1.1.65.200, 1.1.60.101, 1.1.59.230
[unicast - multihomed]
First/Last Seen 07/04/01 21:30:10 - 07/04/01 21:45:38 [15:28]
Domain wgkk.sozvers.at
MAC Address 00:E0:B0:7B:5E:20
Nw Board Vendor CISCO SYSTEMS, INC
1.1.60.105 is the IP address of the computer named sp205 and the other IPs
are from random computers in the local subnet. The MAC address is from the
Cisco router (whose IP address should be 1.1.59.2).
Any ideas how I'm getting around this problem? Easiest thing would be a
possibility to tell Ntop to ignore MAC-Address 00:E0:B0:7B:5E:20 in host
discovery.
cu andreas
---
If you wrap the Internet around every person on the planet and spin the
planet, software flows in the network.
- Eben Moglen's Metaphorical Corollary to Faraday's Law
I'm having the following network configuration:
-- Ntop
|
Offices ?- serial -- |------------| -- Ethernet ?- Main Office
Offices ?- serial -- | Cisco 7500 | |
Offices ?- serial -- |------------| -- Firewall -- Internet
Ntop is running fine, but it has troubles with host discovery. In my
network the following scenario is quite common:
1. A computer in the main office wants to access a computer on the
Internet.
2. The traffic is send to the Cisco router (it's the default gateway)
3. The Cisco routes the packet to the Firewall
Problem is that all are in the same subnet: Computer, Cisco 7500, Firewall.
This leads to Ntop discovering packets from computers in the local subnet
send with the MAC address of the Cisco (because they are routed to the
firewall in step 2). After Ntop it starting it picks the first computers
name and IP address which is routed through the Cisco and then adds the
following IP addresses (which are routed too) under that name (which
totally screws up host discovery and the session statistic).
The result looks like this:
Info about sp205
IP Address 1.1.60.105, 1.110.45.100, 1.1.59.2, 1.1.64.23, 1.1.64.19,
1.1.65.200, 1.1.60.101, 1.1.59.230
[unicast - multihomed]
First/Last Seen 07/04/01 21:30:10 - 07/04/01 21:45:38 [15:28]
Domain wgkk.sozvers.at
MAC Address 00:E0:B0:7B:5E:20
Nw Board Vendor CISCO SYSTEMS, INC
1.1.60.105 is the IP address of the computer named sp205 and the other IPs
are from random computers in the local subnet. The MAC address is from the
Cisco router (whose IP address should be 1.1.59.2).
Any ideas how I'm getting around this problem? Easiest thing would be a
possibility to tell Ntop to ignore MAC-Address 00:E0:B0:7B:5E:20 in host
discovery.
cu andreas
---
If you wrap the Internet around every person on the planet and spin the
planet, software flows in the network.
- Eben Moglen's Metaphorical Corollary to Faraday's Law