FYI: Ethereal / Wireshark and many others will do this in some manner. They have other limitations though.
________________________________ From: ntop-boun...@unipi.it [mailto:ntop-boun...@unipi.it] On Behalf Of phil.new...@wendysarbys.com Sent: Wednesday, May 27, 2009 4:14 PM To: ntop Subject: Re: [Ntop] per host pair data? Space I have. I've enabled 'hosts' and 'flows' in rrd configure, deactivated and reactivated rrd. Still not getting pertinent data (or can't find it) ________________________________ From: "Gary Gatten" [ggat...@waddell.com] Sent: 05/27/2009 04:08 PM EST To: <ntop@unipi.it> Subject: Re: [Ntop] per host pair data? OK, I have another example that I believe is similar to yours: I have a end user system that at 2AM this morning sent 1.5GB of data somewhere. Who received this data and what was it? nTop can not easily answer this for me - that I know of. I don't have rrd configured to store enough detail due to lack of disk space, but if I did I *THINK* it could be used with arbitrary graphs/reports to get what you and I (and everyone) would need to answer this question. I would LOVE this functionality. Traffic Matrix is close, but far from ideal. Seems nTop stores at least some of the necessary data, so perhaps it wouldn't be TOO difficult to tweak? ________________________________ From: ntop-boun...@unipi.it [mailto:ntop-boun...@unipi.it] On Behalf Of Gary Gatten Sent: Wednesday, May 27, 2009 3:34 PM To: ntop@unipi.it Subject: Re: [Ntop] per host pair data? Active/current is before the session info times out and is purged and no longer available on reports. Ntop is good "what's happening right now" tool, but getting "detailed" history not as easy. Have u tried traffic map and matrix? Ill be back at my desk in a few and can check further ----- Original Message ----- From: ntop-boun...@unipi.it <ntop-boun...@unipi.it> To: ntop@unipi.it <ntop@unipi.it> Sent: Wed May 27 15:27:52 2009 Subject: Re: [Ntop] per host pair data? What defines "active / current"? If by that you mean all traffic seen since ntop was started, then yes I would like to see "active / current". I have a host that communicates with about 40-50 other hosts, I need to know who is it talking to the most (or say the top 5 talkers), what was the volume, and what protocol(s). Thanks! Phil > If the traffic is active / current its easy. If its in the past, much more difficult - at least from my knowledge. Which are you interested in? If past, ill need to research - I can't think of an "easy" way to get that info in a pretty little picture. Probably with rrd if you're exporting the right info. > > Basically, I need to answer the questions "Who communicated the most with host a, how much data flowed, and what kind of data was it" _______________________________________________ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
_______________________________________________ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop