Mailing List Archive

You need two NICs





From: ntop-bounces@listgateway.unipi.it [mailto:ntop-bounces@listgateway.unipi.it] On Behalf Of It Manager
Sent: Wednesday, October 12, 2016 11:23 PM
To: ntop@listgateway.unipi.it
Subject: [Ntop] Help with setting up



Hi All,



I am the network manager for a large high school in Melbourne, Australia. I'm currently evaluating ntopng to try to see how well it will help me manage my network. I have installed Ubuntu 16.04LTS on a new desktop computer and have installed the latest ntopng according to the instructions. It seems to be installed and working well. However, since the laptop is not "inline" with my network, I don't see too much traffic.



I have plugged the computer into my main switch. However, every time I put the switch into "port-mirror" mode, I lose connection with the ntopng computer completely. I don't really know much about port-mirroring, and am wondering if this is normal?



I tried adding another network card (albeit an old USB network card) with a second connection and IP address, but that also loses connection when I put the switch port into mirror mode.



Any help would be appreciated.


Regards,

Chris Stebbing,

Network Manager,

Lilydale High School.

_____

Hi Dave,

thanks for the response. I have added a second NIC but have the same
problem. Every time I enable port-mirroring on the port connected to
enp2s0f0, both network cards stop responding. This is my configuration at
present.

enp1s0 Link encap:Ethernet HWaddr 98:de:d0:00:d4:b5
inet addr:10.174.64.71 Bcast:10.174.79.255 Mask:255.255.240.0
inet6 addr: fe80::9ade:d0ff:fe00:d4b5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:473954 errors:0 dropped:1856 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:69961253 (69.9 MB) TX bytes:648 (648.0 B)

enp2s0f0 Link encap:Ethernet HWaddr f4:4d:30:46:7b:cf
inet addr:10.174.64.72 Bcast:10.174.79.255 Mask:255.255.240.0
inet6 addr: fe80::f64d:30ff:fe46:7bcf/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:475281 errors:0 dropped:1856 overruns:0 frame:0
TX packets:1389 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:70100540 (70.1 MB) TX bytes:383981 (383.9 KB)

Cheers,
Chris.

On 14 October 2016 at 02:23, Dave Davis <dave@davispc.com> wrote:

> You need two NICs
>
>
>
>
>
> *From:* ntop-bounces@listgateway.unipi.it [mailto:ntop-bounces@
> listgateway.unipi.it] *On Behalf Of *It Manager
> *Sent:* Wednesday, October 12, 2016 11:23 PM
> *To:* ntop@listgateway.unipi.it
> *Subject:* [Ntop] Help with setting up
>
>
>
> Hi All,
>
>
>
> I am the network manager for a large high school in Melbourne, Australia.
> I'm currently evaluating ntopng to try to see how well it will help me
> manage my network. I have installed Ubuntu 16.04LTS on a new desktop
> computer and have installed the latest ntopng according to the
> instructions. It seems to be installed and working well. However, since
> the laptop is not "inline" with my network, I don't see too much traffic.
>
>
>
> I have plugged the computer into my main switch. However, every time I
> put the switch into "port-mirror" mode, I lose connection with the ntopng
> computer completely. I don't really know much about port-mirroring, and am
> wondering if this is normal?
>
>
>
> I tried adding another network card (albeit an old USB network card) with
> a second connection and IP address, but that also loses connection when I
> put the switch port into mirror mode.
>
>
>
> Any help would be appreciated.
>
>
> Regards,
>
> Chris Stebbing,
>
> Network Manager,
>
> Lilydale High School.
> ------------------------------
>
>
>
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Remove any gateway info you have for the card connected to the mirror port
and certainly set it to a private IP address space, so there is no chance
the PC is still using that card for general IP traffic. ntopng sets the
monitoring card to promiscuous mode, so it doesn’t really matter how the
card is configured locally - just ensure it is not used for I/O, only
slurping up the output of the monitor port.

On Thu, Oct 13, 2016 at 6:18 PM, It Manager <itmanager@lilydalehs.vic.edu.au
> wrote:

> Hi Dave,
>
> thanks for the response. I have added a second NIC but have the same
> problem. Every time I enable port-mirroring on the port connected to
> enp2s0f0, both network cards stop responding. This is my configuration at
> present.
>
> enp1s0 Link encap:Ethernet HWaddr 98:de:d0:00:d4:b5
> inet addr:10.174.64.71 Bcast:10.174.79.255 Mask:255.255.240.0
> inet6 addr: fe80::9ade:d0ff:fe00:d4b5/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:473954 errors:0 dropped:1856 overruns:0 frame:0
> TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:69961253 (69.9 MB) TX bytes:648 (648.0 B)
>
> enp2s0f0 Link encap:Ethernet HWaddr f4:4d:30:46:7b:cf
> inet addr:10.174.64.72 Bcast:10.174.79.255 Mask:255.255.240.0
> inet6 addr: fe80::f64d:30ff:fe46:7bcf/64 Scope:Link
> UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
> RX packets:475281 errors:0 dropped:1856 overruns:0 frame:0
> TX packets:1389 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:70100540 (70.1 MB) TX bytes:383981 (383.9 KB)
>
> Cheers,
> Chris.
>
> On 14 October 2016 at 02:23, Dave Davis <dave@davispc.com> wrote:
>
>> You need two NICs
>>
>>
>>
>>
>>
>> *From:* ntop-bounces@listgateway.unipi.it [mailto:ntop-bounces@listgatew
>> ay.unipi.it] *On Behalf Of *It Manager
>> *Sent:* Wednesday, October 12, 2016 11:23 PM
>> *To:* ntop@listgateway.unipi.it
>> *Subject:* [Ntop] Help with setting up
>>
>>
>>
>> Hi All,
>>
>>
>>
>> I am the network manager for a large high school in Melbourne,
>> Australia. I'm currently evaluating ntopng to try to see how well it will
>> help me manage my network. I have installed Ubuntu 16.04LTS on a new
>> desktop computer and have installed the latest ntopng according to the
>> instructions. It seems to be installed and working well. However, since
>> the laptop is not "inline" with my network, I don't see too much traffic.
>>
>>
>>
>> I have plugged the computer into my main switch. However, every time I
>> put the switch into "port-mirror" mode, I lose connection with the ntopng
>> computer completely. I don't really know much about port-mirroring, and am
>> wondering if this is normal?
>>
>>
>>
>> I tried adding another network card (albeit an old USB network card) with
>> a second connection and IP address, but that also loses connection when I
>> put the switch port into mirror mode.
>>
>>
>>
>> Any help would be appreciated.
>>
>>
>> Regards,
>>
>> Chris Stebbing,
>>
>> Network Manager,
>>
>> Lilydale High School.
>> ------------------------------
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

I agree with Thomas Leathley. No config IP config of at least no gateway is needed. Here’s my config:

(as you can see I have no IP set in the config of eth3 and my /etc/intefaces is set to auto dhcp – it’ll never pick up an address on the mirror port )



eth2 Link encap:Ethernet HWaddr 90:e2:ba:24:45:12

inet addr:192.168.94.254 Bcast:192.168.95.255 Mask:255.255.252.0

inet6 addr: fe80::92e2:baff:fe24:4512/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:3344727 errors:0 dropped:0 overruns:0 frame:0

TX packets:1718961 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:342468300 (342.4 MB) TX bytes:666358623 (666.3 MB)

Memory:fcbe0000-fcbfffff



eth3 Link encap:Ethernet HWaddr 90:e2:ba:24:45:13

inet6 addr: fe80::92e2:baff:fe24:4513/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:3182839522 errors:158 dropped:0 overruns:0 frame:158

TX packets:9128 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:2521160242179 (2.5 TB) TX bytes:3118920 (3.1 MB)

Memory:fcba0000-fcbbffff





From: ntop-bounces@listgateway.unipi.it [mailto:ntop-bounces@listgateway.unipi.it] On Behalf Of It Manager
Sent: Thursday, October 13, 2016 6:19 PM
To: ntop@unipi.it
Subject: Re: [Ntop] Help with setting up



Hi Dave,



thanks for the response. I have added a second NIC but have the same problem. Every time I enable port-mirroring on the port connected to enp2s0f0, both network cards stop responding. This is my configuration at present.



enp1s0 Link encap:Ethernet HWaddr 98:de:d0:00:d4:b5

inet addr:10.174.64.71 Bcast:10.174.79.255 Mask:255.255.240.0

inet6 addr: fe80::9ade:d0ff:fe00:d4b5/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:473954 errors:0 dropped:1856 overruns:0 frame:0

TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:69961253 (69.9 MB) TX bytes:648 (648.0 B)



enp2s0f0 Link encap:Ethernet HWaddr f4:4d:30:46:7b:cf

inet addr:10.174.64.72 Bcast:10.174.79.255 Mask:255.255.240.0

inet6 addr: fe80::f64d:30ff:fe46:7bcf/64 Scope:Link

UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1

RX packets:475281 errors:0 dropped:1856 overruns:0 frame:0

TX packets:1389 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:70100540 (70.1 MB) TX bytes:383981 (383.9 KB)



Cheers,

Chris.



On 14 October 2016 at 02:23, Dave Davis <dave@davispc.com <mailto:dave@davispc.com> > wrote:

You need two NICs





From: ntop-bounces@listgateway.unipi.it <mailto:ntop-bounces@listgateway.unipi.it> [mailto:ntop-bounces@listgateway.unipi.it <mailto:ntop-bounces@listgateway.unipi.it> ] On Behalf Of It Manager
Sent: Wednesday, October 12, 2016 11:23 PM
To: ntop@listgateway.unipi.it <mailto:ntop@listgateway.unipi.it>
Subject: [Ntop] Help with setting up



Hi All,



I am the network manager for a large high school in Melbourne, Australia. I'm currently evaluating ntopng to try to see how well it will help me manage my network. I have installed Ubuntu 16.04LTS on a new desktop computer and have installed the latest ntopng according to the instructions. It seems to be installed and working well. However, since the laptop is not "inline" with my network, I don't see too much traffic.



I have plugged the computer into my main switch. However, every time I put the switch into "port-mirror" mode, I lose connection with the ntopng computer completely. I don't really know much about port-mirroring, and am wondering if this is normal?



I tried adding another network card (albeit an old USB network card) with a second connection and IP address, but that also loses connection when I put the switch port into mirror mode.



Any help would be appreciated.


Regards,

Chris Stebbing,

Network Manager,

Lilydale High School.


_____








_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop



_____

Thanks Dave and Thomas,

setting the ipconfig to a different network address and removing the
gateway has worked. The system seems to be working now.

Cheers,
Chris.