Network monitoring with Ntop
Ntop settings for a system that acts as a monitor on a SPAN (mirror-port) for a very fast network:
$> cat /etc/default/ntop # This file will normally include the debconf template but you can disable # that and use this file only.
. /var/lib/ntop/init.cfg #GETOPT="-i 'eth0,eth2,eth3" # -z|--disable-sessions disable tcp session tracking # -x 4096 max number of hash entries (default 8192) # -X $((32768 * 2)) (default 32768) # -b disable protocol analysis (busy network here) # -o do not trust MAC addresses (we are on a span port) GETOPT=' -M -b -o -z -X 65536 '