Wireless Networks Thread, NTOP Advice in Technical; Have just setup NTOP on a spare workstation in the office to monitor network traffic as the network has been ...
1st May 2009, 12:17 PM #1
Have just setup NTOP on a spare workstation in the office to monitor network traffic as the network has been under performing this week and I want to know why.
Software is installed on a machine running Ubuntu 8.04.1 the version of NTOP is 3.3.7.
Now on first glance it looks like its working it shows all the graphs and charts for network traffic and the network load. But it doesn't seem to be tracking or monitoring remote traffic.
When I go to All Protocols - Traffic to see remote traffic data I was expecting to see a list of all websites access by clients but see nothing, I also get the same result when I try to check the Last Contacted Peers of a particular host on our network.
Anyone got any pointers please? The box is plugged directly into the core switch which is a HP 4108GL.
1st May 2009, 12:24 PM #2
If you haven't done anything else, there's no reason for it to see remote traffic - the switch shouldn't be sending anything remote to the port that you've plugged into. ntop would have to sit between the core switch and your router, or you'd have to work some magic with the switch - but since ours are unmanaged ones, I wouldn't know about that!
1st May 2009, 12:36 PM #3
It has also been told what it's local subnet is which I thought would have been enough for it to distinguish between local and remote traffic.
Looking through all the options there isn't anything that jumps out at me to get the box to see remote traffic.
1st May 2009, 01:19 PM #4
The switch port with the ntop box plugged in will have to be defined as a monitor port (to use HPs terminology). You then decide which of the other switch ports should have their traffic mirrored to the monitor port so that the ntop box can analyse it. You can probably configure this on the switch's web interface.
Thanks to keithu from:
AngryITGuy (1st May 2009)
1st May 2009, 02:05 PM #5
be careful not to try and jam more data down the monitor port than it's capable of.
1st May 2009, 02:10 PM #6
I'd use SNMP interrogation and MRTG to see what's going on, rather than killing your backbone even more ntopping it.
1st May 2009, 02:14 PM #7
If your switches are decent there should be no performance overhead for doing port mirroring/monitoring.
If your still worried, use network taps instead.
Passive network tap - Hack a Day
1st May 2009, 02:31 PM #8
Thanks for that already had the port set to monitor traffic on another port.
Originally Posted by keithu
But after reading you post I decided to double check the ports and it turns out I was monitoring the bloody wrong port
Made the necessary changes and its all running fine now, thanks.
12th June 2009, 01:59 PM #9
Im running ntop in ubuntu locally on my laptop just to count bandwidth so I dont go over the stupid limit. I cant seem to get it to show any results. Ive got it running fine on my 2 gentoo servers back home, but on this install it just doesnt seem to be doing anything.
Is there anything different I need to be doing?
By Inbir316 in forum Hardware
Last Post: 4th February 2009, 02:14 PM
By Ayaz in forum Educational IT Jobs
Last Post: 3rd March 2008, 04:40 PM
By Kyle in forum Hardware
Last Post: 1st February 2007, 04:14 PM
By barryfl in forum General Chat
Last Post: 17th March 2006, 11:13 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)