[lug] ipchains and ntop
John Hernandez
John.Hernandez at noaa.gov
Wed Mar 21 12:28:39 MST 2001
Ntop uses libpcap, which (apparently) peers into the networking stack somwhere below the kernel filtering functions. I'm not too familiar with the libpcap API.
"Atkinson, Chip" wrote:
>
> Greetings,
>
> I have a machine that is connected to the lan here at work. Occasionally I
> get a flood of multicast packets from 10.2.10.181 which bogs down my
> machine. I found out what was going on by using ntop. To stop it, I put in
> some ipchains rules that I thought would screen out the problem. All this
> was about 2 weeks ago or longer. Here's what ipchains -L shows:
>
> [root at northglenn /root]# ipchains -L
> Chain input (policy ACCEPT):
> target prot opt source destination ports
> DENY all ------ 206.246.40.167 anywhere n/a
> DENY all ------ 206.246.40.169 anywhere n/a
> DENY all ------ 10.2.10.181 anywhere n/a
> DENY all ------ 10.2.20.181 anywhere n/a
> DENY all ------ anywhere 10.2.10.181 n/a
> DENY all ------ anywhere 10.2.20.181 n/a
> DENY all ------ anywhere 206.246.40.167 n/a
> DENY all ------ anywhere 206.246.40.169 n/a
> DENY all ------ anywhere 206.246.40.168 n/a
> DENY all ------ 206.246.40.168 anywhere n/a
> Chain forward (policy ACCEPT):
> Chain output (policy ACCEPT):
> [root at northglenn /root]#
>
> Just now I had the same slowdown from the same machine. Now I'm wondering
> if anyone knows why ntop can even see the packets from 10.2.10.181, and yet
> it can as ntop shows.
>
> Chip
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list