Basically, I have three ethernet interfaces (on spanned switch ports) on
this linux box, all going to seperate segments...I start them as follows:
ntop -i eth1 -d -w 3000
ntop -i eth2 -d -w 8080
ntop -i eth3 -d -w 8008
with my browser, I am able to access the ntop statistics for each segment
without a problem and am very impressed with what I am seeing. ntop is
successfullygiving me data for all data views except for 'IPtraffic L->R',
'L<->L', 'IP Subnet Traffic Matrix' and the IPprotocols 'IP protocol subnet
usage'.
IPtraffic R>L has always worked fine, IPtraffic Local Usage started working
after installing 'lsof'. IPprotocol Distribution has always worked as well.
all other data views work great. My mistake loading an early version, I
will experiment with later version on another box as this one is currently
giving us the data we need on our three production segments...the engineers
working on an issue don't want me to disturb it as it is providing them
exactly what they need!
educate me on the filter expressions...I understood them to select only
traffic specified in the expression, when we want to see all traffic
generated.
so, if I am to build another linux box (RH 7.1), what is the recommended
ntop/libcap/etc that has been proven to work best? any other ideas on the
problem above with the current installation would be appreciated as well.
Thanks so much for your guidance!
"Spring, Michael" wrote:
>
> I have recently installed the ntop-1_1-1_rh6_i386.rpm package and required
> librarys on linux 2.4.2 platrform with success, I am currently monitoring
> traffic (ethernet interface in promiscuous mode on a spanned switch port)
> and like what I see, except that I get no data returned under IPtraffic
and
> IPprotocols...all other collections working great. what am I missing?
First, ntop-1_1 is a quite old release. Maybe you should consider
getting the last snaphost (beta-2) from
http://snapshot.ntop.org Secondly, could you give the complete command line you use to start ntop
?
did you use any filter expression ?