Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NTop: Users

Global Protocol Distribution Charts

 

 

NTop users RSS feed   Index | Next | Previous | View Threaded


mcabezadebaca at clinitech

Aug 13, 2012, 10:16 AM

Post #1 of 2 (696 views)
Permalink
Global Protocol Distribution Charts

Hello All

I have a new installation of NTOP and am configuring it. I have 2 issues that may have simple solutions.

First, "Global TCP/UDP Protocol Distribution" isn't producing any graphics. This started after I added a -p option to point to a protocol.list file per the instructions to better categorize my internal traffic.

My second issue is that I would like to exclude traffic to and from a backup network and a couple of scanning servers that are skewing my results. I attempted to use a -B and now am attempting the -filter-expression switch with no luck:

--filter-expression="!(net 10.18.1.0 255.255.255.0,10.255.255.0 255.255.255.0, 10.21.0.0 255.255.0.0) and !(host 10.10.220.146, 10.255.255.20)"

Any and all help will be greatly appreciated.

Below is my basic information.
Basic Information

ntop Version

i686-pc-linux-gnu (32 bit)

Running as user

ntop

Configured on

Nov 24 2011 12:20:45

Built on

Nov 24 2011 12:20:46

OS

i686-pc-linux-gnu

libpcap<http://www.tcpdump.org> Version

??

RRD<http://www.rrdtool.org/> Version

1.4004

GeoIP<http://www.maxmind.com/> Version

GEO-533LITE 20090201 Build 1 Copyright (c) 2007 MaxMind LLC All Rights Reserved

GeoIP<http://www.maxmind.com/> AS Version

GEO-117 20090114 Build 1 Copyright (c) 2007 MaxMind LLC All Rights Reserved

Running from

/usr/sbin

Libraries in

/usr/lib

Process Id

4247

Run State

Run

Command Line

Started as....

/usr/sbin/ntop @/etc/ntop.conf

Resolved to....

/usr/sbin/ntop --user ntop --use-syslog=daemon --db-file-path /var/lib/ntop --trace-level 5 --http-server 3000 --skip-version-check=yes --interface p2p2 --filter-expression=!(net 172.18.1.0 255.255.255.0,172.255.255.0 255.255.255.0, 172.17.0.0 255.255.0.0) and !(host 172.20.220.146, 172.255.255.20) -p /etc/protocol.list -O /captures



Matthew

"Is everything sad going to come untrue?" Sam - The Lord of the Rings.


________________________________

This e-mail message, including any attachments, is for the
sole use of the intended recipient(s) and may contain
confidential or privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If
you are not the intended recipient, please contact the
sender by reply e-mail and destroy the message.

________________________________

Think Green! Please do not print this e-mail unless you need to. Thank you.


mcabezadebaca at clinitech

Aug 13, 2012, 1:53 PM

Post #2 of 2 (649 views)
Permalink
Re: Global Protocol Distribution Charts [In reply to]

I just tried to make the filter as simple as possible and it is still not working:

not net 10.18.1 and not net 10.255.255 and not net 10.21 and not host 10.10.220.146 and not host 10.255.255.20

I click on hosts and I am finding hosts within these IP address ranges. At any rate, thanks for all help in advance.

Matthew

From: ntop-bounces [at] listgateway [mailto:ntop-bounces [at] listgateway] On Behalf Of Cabeza de Baca, Matthew
Sent: Monday, August 13, 2012 10:16 AM
To: 'ntop [at] unipi'
Subject: [Ntop] Global Protocol Distribution Charts

Hello All

I have a new installation of NTOP and am configuring it. I have 2 issues that may have simple solutions.

First, "Global TCP/UDP Protocol Distribution" isn't producing any graphics. This started after I added a -p option to point to a protocol.list file per the instructions to better categorize my internal traffic.

My second issue is that I would like to exclude traffic to and from a backup network and a couple of scanning servers that are skewing my results. I attempted to use a -B and now am attempting the -filter-expression switch with no luck:

--filter-expression="!(net 10.18.1.0 255.255.255.0,10.255.255.0 255.255.255.0, 10.21.0.0 255.255.0.0) and !(host 10.10.220.146, 10.255.255.20)"

Any and all help will be greatly appreciated.

Below is my basic information.
Basic Information

ntop Version

i686-pc-linux-gnu (32 bit)

Running as user

ntop

Configured on

Nov 24 2011 12:20:45

Built on

Nov 24 2011 12:20:46

OS

i686-pc-linux-gnu

libpcap<http://www.tcpdump.org> Version

??

RRD<http://www.rrdtool.org/> Version

1.4004

GeoIP<http://www.maxmind.com/> Version

GEO-533LITE 20090201 Build 1 Copyright (c) 2007 MaxMind LLC All Rights Reserved

GeoIP<http://www.maxmind.com/> AS Version

GEO-117 20090114 Build 1 Copyright (c) 2007 MaxMind LLC All Rights Reserved

Running from

/usr/sbin

Libraries in

/usr/lib

Process Id

4247

Run State

Run

Command Line

Started as....

/usr/sbin/ntop @/etc/ntop.conf

Resolved to....

/usr/sbin/ntop --user ntop --use-syslog=daemon --db-file-path /var/lib/ntop --trace-level 5 --http-server 3000 --skip-version-check=yes --interface p2p2 --filter-expression=!(net 172.18.1.0 255.255.255.0,172.255.255.0 255.255.255.0, 172.17.0.0 255.255.0.0) and !(host 172.20.220.146, 172.255.255.20) -p /etc/protocol.list -O /captures



Matthew

"Is everything sad going to come untrue?" Sam - The Lord of the Rings.


________________________________

This e-mail message, including any attachments, is for the
sole use of the intended recipient(s) and may contain
confidential or privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If
you are not the intended recipient, please contact the
sender by reply e-mail and destroy the message.
________________________________

Think Green! Please do not print this e-mail unless you need to. Thank you.

________________________________

This e-mail message, including any attachments, is for the
sole use of the intended recipient(s) and may contain
confidential or privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If
you are not the intended recipient, please contact the
sender by reply e-mail and destroy the message.

NTop users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.