+ Post New Thread
Results 1 to 9 of 9
Wireless Networks Thread, NTOP Advice in Technical; Have just setup NTOP on a spare workstation in the office to monitor network traffic as the network has been ...
  1. #1
    AngryITGuy's Avatar
    Join Date
    Oct 2007
    Location
    County Durham
    Posts
    314
    Thank Post
    55
    Thanked 73 Times in 44 Posts
    Rep Power
    31

    NTOP Advice

    Have just setup NTOP on a spare workstation in the office to monitor network traffic as the network has been under performing this week and I want to know why.

    Software is installed on a machine running Ubuntu 8.04.1 the version of NTOP is 3.3.7.

    Now on first glance it looks like its working it shows all the graphs and charts for network traffic and the network load. But it doesn't seem to be tracking or monitoring remote traffic.

    When I go to All Protocols - Traffic to see remote traffic data I was expecting to see a list of all websites access by clients but see nothing, I also get the same result when I try to check the Last Contacted Peers of a particular host on our network.

    Anyone got any pointers please? The box is plugged directly into the core switch which is a HP 4108GL.

    Many thanks

  2. #2

    Join Date
    Feb 2006
    Location
    Derbyshire
    Posts
    1,381
    Thank Post
    181
    Thanked 211 Times in 171 Posts
    Rep Power
    65
    If you haven't done anything else, there's no reason for it to see remote traffic - the switch shouldn't be sending anything remote to the port that you've plugged into. ntop would have to sit between the core switch and your router, or you'd have to work some magic with the switch - but since ours are unmanaged ones, I wouldn't know about that!

  3. #3
    AngryITGuy's Avatar
    Join Date
    Oct 2007
    Location
    County Durham
    Posts
    314
    Thank Post
    55
    Thanked 73 Times in 44 Posts
    Rep Power
    31
    It has also been told what it's local subnet is which I thought would have been enough for it to distinguish between local and remote traffic.

    Looking through all the options there isn't anything that jumps out at me to get the box to see remote traffic.

  4. #4

    Join Date
    Oct 2007
    Location
    Lincolnshire
    Posts
    133
    Thank Post
    0
    Thanked 22 Times in 22 Posts
    Rep Power
    18
    The switch port with the ntop box plugged in will have to be defined as a monitor port (to use HPs terminology). You then decide which of the other switch ports should have their traffic mirrored to the monitor port so that the ntop box can analyse it. You can probably configure this on the switch's web interface.

  5. Thanks to keithu from:

    AngryITGuy (1st May 2009)

  6. #5

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    be careful not to try and jam more data down the monitor port than it's capable of.

  7. #6

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,867
    Thank Post
    412
    Thanked 778 Times in 651 Posts
    Rep Power
    182
    I'd use SNMP interrogation and MRTG to see what's going on, rather than killing your backbone even more ntopping it.

  8. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    If your switches are decent there should be no performance overhead for doing port mirroring/monitoring.

    If your still worried, use network taps instead.

    Passive network tap - Hack a Day

  9. #8
    AngryITGuy's Avatar
    Join Date
    Oct 2007
    Location
    County Durham
    Posts
    314
    Thank Post
    55
    Thanked 73 Times in 44 Posts
    Rep Power
    31
    Quote Originally Posted by keithu View Post
    The switch port with the ntop box plugged in will have to be defined as a monitor port (to use HPs terminology). You then decide which of the other switch ports should have their traffic mirrored to the monitor port so that the ntop box can analyse it. You can probably configure this on the switch's web interface.
    Thanks for that already had the port set to monitor traffic on another port.

    But after reading you post I decided to double check the ports and it turns out I was monitoring the bloody wrong port

    Made the necessary changes and its all running fine now, thanks.

  10. #9

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,532
    Thank Post
    1,341
    Thanked 470 Times in 307 Posts
    Blog Entries
    6
    Rep Power
    200
    Im running ntop in ubuntu locally on my laptop just to count bandwidth so I dont go over the stupid limit. I cant seem to get it to show any results. Ive got it running fine on my 2 gentoo servers back home, but on this install it just doesnt seem to be doing anything.

    Is there anything different I need to be doing?



SHARE:
+ Post New Thread

Similar Threads

  1. need some help/advice
    By Inbir316 in forum Hardware
    Replies: 3
    Last Post: 4th February 2009, 03:14 PM
  2. Some advice please
    By Ayaz in forum Educational IT Jobs
    Replies: 9
    Last Post: 3rd March 2008, 05:40 PM
  3. Advice on which PC is best to keep.
    By Kyle in forum Hardware
    Replies: 12
    Last Post: 1st February 2007, 05:14 PM
  4. NTOP Software
    By barryfl in forum General Chat
    Replies: 1
    Last Post: 17th March 2006, 12:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •