[prev in list] [next in list] [prev in thread] [next in thread]
List: ntop
Subject: RE: [Ntop] Missing host with IP 10.20.3.0
From: "Kinnane, Scott" <Scott.Kinnane () ISATechnologies ! com>
Date: 2005-05-17 7:13:13
Message-ID: 9DFF1A439D763A498A1B8379611E2B2C0661A3 () lee ! isatechnologies ! com
[Download RAW message or body]
Doh! Ran the new build of ntop with command-line args rather than
customised /etc/ntop.conf arg file, so missed --no-mac.
Tried it again with your change to util.c, and there's my missing host!
The missing host is even showing up under the "Last Contacted Peers"
table when I look at the info of a remote machine that it is connected
to, so the fix looks fine.
Thanks for your help Burton.
Keep up the excellent work ntop team.
Regards,
scott
> -----Original Message-----
> From: Burton Strauss [mailto:Burton@ntopSupport.com]
> Sent: Tuesday, 17 May 2005 12:20 PM
> To: ntop@Unipi.IT
> Subject: RE: [Ntop] Missing host with IP 10.20.3.0
>
> Try -o | --no-mac with the patch. If you are doing NAT or
> certain switching you need it.
>
> -----Burton
>
> -----Original Message-----
> From: ntop-bounces@unipi.it [mailto:ntop-bounces@unipi.it] On
> Behalf Of Kinnane, Scott
> Sent: Monday, May 16, 2005 9:04 PM
> To: ntop@Unipi.IT
> Subject: RE: [Ntop] Missing host with IP 10.20.3.0
>
> Hi Burton,
>
> I gave it a shot, but no go - in fact it made it so the
> connections that were associated with 10.20.3.0 appeared to
> come from 10.20.3.6
> (10.20.3.6 is the only other host on this LAN) - so who knows
> what would happen if other hosts were on the LAN! Any suggestions?
>
> I'm trying to recompile it again with DEBUG and ADDRESS_DEBUG
> enabled to see if that sheds some light....
>
> Regards,
>
> scott
>
> > -----Original Message-----
> > From: Burton Strauss [mailto:Burton@ntopSupport.com]
> > Sent: Monday, 16 May 2005 8:39 PM
> > To: ntop@Unipi.IT
> > Subject: RE: [Ntop] Missing host with IP 10.20.3.0
> >
> > Actually you are right. This cr*p code is burried in util.c:
> >
> > unsigned short in_isBroadcastAddress(struct in_addr *addr) {
> > int i;
> >
> > if(addr == NULL)
> > return 1;
> > else if(addr->s_addr == 0x0)
> > return 0; /* IP-less myGlobals.device (is it trying to boot via
> > DHCP/BOOTP ?) */
> > else {
> > for(i=0; i<myGlobals.numDevices; i++) {
> > if(!myGlobals.device[i].virtualDevice) {
> > if(myGlobals.device[i].netmask.s_addr ==
> 0xFFFFFFFF) /* PPP */
> > return 0;
> > else if(((addr->s_addr |
> > myGlobals.device[i].netmask.s_addr) ==
> > addr->s_addr)
> > || ((addr->s_addr & 0x000000FF) == 0x000000FF)
> > || ((addr->s_addr & 0x000000FF) ==
> > 0x00000000) /* Network address */
> > ) {
> > #ifdef DEBUG
> > traceEvent(CONST_TRACE_INFO, "DEBUG: %s is a broadcast
> > address", intoa(*addr)); #endif
> > return 1;
> > }
> > }
> > }
> >
> > return(in_isPseudoBroadcastAddress(addr));
> > }
> > }
> >
> >
> > Make it this:
> >
> > unsigned short in_isBroadcastAddress(struct in_addr *addr) {
> > int i;
> >
> > if(addr == NULL)
> > return 1;
> > else if(addr->s_addr == 0x0)
> > return 0; /* IP-less myGlobals.device (is it trying to boot via
> > DHCP/BOOTP ?) */
> > else {
> > for(i=0; i<myGlobals.numDevices; i++) {
> > if(!myGlobals.device[i].virtualDevice) {
> > if(myGlobals.device[i].netmask.s_addr == 0xFFFFFFFF)
> > /* PPP */ {
> > return 0;
> > } else if((addr->s_addr |
> > myGlobals.device[i].netmask.s_addr) ==
> > addr->s_addr) {
> > #ifdef DEBUG
> > traceEvent(CONST_TRACE_INFO, "DEBUG: %s is a broadcast
> > address", intoa(*addr)); #endif
> > return 1;
> > } else if((addr->s_addr &
> > ~myGlobals.device[i].netmask.s_addr) ==
> > ~myGlobals.device[i].netmask.s_addr) { #ifdef DEBUG
> > traceEvent(CONST_TRACE_INFO, "DEBUG: %s is a network
> > address", intoa(*addr)); #endif
> > return 1;
> > }
> > }
> > }
> >
> > return(in_isPseudoBroadcastAddress(addr));
> > }
> > }
> >
> >
> > And let me know...
> >
> > -----Burton
> >
> > -----Original Message-----
> > From: ntop-bounces@unipi.it [mailto:ntop-bounces@unipi.it]
> On Behalf
> > Of Kinnane, Scott
> > Sent: Monday, May 16, 2005 1:02 AM
> > To: ntop@Unipi.IT
> > Subject: [Ntop] Missing host with IP 10.20.3.0
> >
> > Hi all,
> >
> > Just wondering if anyone has seen the following problem:
> >
> > We have a local subnet 10.20.0.0/255.255.0.0, however a
> user with an
> > IP address of 10.20.3.0 does not show up under any of the
> web tables
> > with Ntop.
> > I tell ntop that 10.0.0.0/8 is a local network to make sorting the
> > hosts easier, but it doesn't show up under the "IP -> Summary ->
> > Traffic" table, either with the [All] option or [Local Option]
> > selected.
> >
> > How do I know 10.20.3.0 is doing anything at all? Tcpdump
> shows that a
> > lot
> > (most) of the traffic on the monitored interface is related to this
> > host.
> > The odd thing is, when I select (from the "IP -> Summary ->
> Traffic"
> > table) a remote host that 10.20.3.0 is making a connections to, it
> > shows the ports that connections are being made on - it
> doesn't list
> > the 10.20.3.0 host.
> >
> > Is it possible that a.b.c.0 is assumed to be a network IP
> address and
> > is therefore ignored? Has anyone seen this before? Note
> that the LAN
> > subnet makes it so the host portion is the last 2 bytes of
> the address
> > (3.0), so it should be a valid host IP.
> >
> > System setup:
> > Linux Redhat 9 (running 2.6.7 kernel)
> > Ntop ver 3.1
> > Libpcap ver 0.7.2
> >
> > Regards,
> >
> > scott
> > _______________________________________________
> > Ntop mailing list
> > Ntop@unipi.it
> > http://listgateway.unipi.it/mailman/listinfo/ntop
> >
> > _______________________________________________
> > Ntop mailing list
> > Ntop@unipi.it
> > http://listgateway.unipi.it/mailman/listinfo/ntop
> >
> _______________________________________________
> Ntop mailing list
> Ntop@unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
> _______________________________________________
> Ntop mailing list
> Ntop@unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
_______________________________________________
Ntop mailing list
Ntop@unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic