Send my your email(s) and I'll send you some pics of what Host Communities should look like - you can then decide if they will work or not.
G -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Don Gould Sent: Monday, January 31, 2011 2:51 PM To: [email protected] Subject: Re: [Ntop] split result by network Zorg I'm trying to do the same thing. Currently I've got nfcapd running and am using nfdump to get the best results. RRDTool:/var/cache/nfdump# nfdump -R /var/cache/nfdump/ -s record 'net 192.168.88.0 255.255.255.0' Aggregated flows 2941 Top 10 flows ordered by flows: Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 2011-01-31 12:37:11.520 25864.750 UDP 192.168.2.9:56869 -> 192.168.88.254:6446 1038 33937 980 2011-01-31 12:38:00.820 25804.300 UDP 192.168.88.1:5678 -> 255.255.255.255:5678 864 90720 864 2011-01-31 12:37:18.420 4679.690 UDP 111.251.25.128:11961 -> 192.168.88.254:6446 235 11750 235 2011-01-31 12:37:18.220 4679.690 UDP 192.168.88.254:6446 -> 111.251.25.128:11961 235 11750 235 2011-01-31 12:37:18.220 4659.600 UDP 192.168.88.254:6446 -> 111.249.26.127:31681 234 11466 234 2011-01-31 12:37:18.410 4659.610 UDP 111.249.26.127:31681 -> 192.168.88.254:6446 234 11466 234 2011-01-31 12:38:22.950 15246.630 TCP 111.90.24.88:1877 -> 192.168.88.254:61253 496 29636 185 2011-01-31 12:38:22.750 15249.840 TCP 192.168.88.254:61253 -> 111.90.24.88:1877 471 38112 184 2011-01-31 12:37:15.450 15438.790 TCP 192.168.88.254:61245 -> 213.146.189.201:12350 391 18262 162 2011-01-31 12:37:15.760 15435.470 TCP 213.146.189.201:12350 -> 192.168.88.254:61245 229 9989 162 Summary: total flows: 11373, total bytes: 82.3 M, total packets: 129130, avg bps: 24398, avg pps: 4, avg bpp: 637 Time window: 2011-01-31 12:18:30 - 2011-01-31 19:48:25 Total flows processed: 13915, Blocks skipped: 0, Bytes read: 733948 Sys: 0.088s flows/second: 158116.0 Wall: 0.075s flows/second: 184801.5 I haven't managed to make it give me a consolidated answer for each ip in 88.0/24 yet. I'm also just trying to set up my test network with vlans to see if I can just report the traffic by vlan (the v9 data does have an option for this I think - also not 100% sure on that). Keep reporting back here on how you're going and I'll give updates on my work, perhaps between us we can crack this nut! D On 1/02/2011 12:26 a.m., Zorg wrote: > On 28/01/2011 17:19, Gary Gatten wrote: >> I think there may be several ways to achieve what you wish. The >> question is, what exactly do you want to split? If it's "all" >> traffic data (detailed), you'll need netflow with different logical >> netflow interfaces for each of the three interfaces you are >> monitoring. If you just want summary data (bytes and packets Tx and >> Rx, etc.) grouped by each network range you are monitoring - you can >> use clusters / communities; one for each network range. > I have tried to add communities, but i don't see how to use it, i'm > seing community column on host info, but i would like more info, like > traffic by community, summary by community. In fact features likes > VLAN. How can i do? > >> You network diagram didn't format clearly for me. If you need >> additional assistance, please attach network diagram in a txt file >> and include what type of network equipment you have. Or, spell out >> specifically what problem(s) your trying to address. >> >> HTH >> >> G >> >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Zorg >> Sent: Friday, January 28, 2011 9:57 AM >> To: [email protected] >> Subject: [Ntop] split result by network >> >> Hello, >> >> I have a network which looks like this : >> >> >> ____ >> | 1 | >> |___|____________ >> | >> | >> ____ | >> | 2 | | ________ >> |___|____________|ROUTER|__| NTOP | >> | |_place_| >> | >> ____ | >> | 3 | | >> |___|____________| >> >> >> 1 = 192.168.1.0 >> 2 = 192.168.2.0 >> 3 = 192.168.3.0 >> NTOP = 192.168.4.0 >> >> >> I would like to monitor traffic from place 1, place 2, place 3 to NTOP >> place. Is it possible to split info (as if i had 3 differents >> interfaces), it will be a "logical split". >> >> An other solution is to put nprobe/netflow on each 1, 2, 3, and to >> create 1 interface by nprobe, but i'm afraid that send netflow traffic >> and network traffic on the same link full the link, what do you think >> about it? >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> >> >> >> >> <font size="1"> >> <div style='border:none;border-bottom:double windowtext >> 2.25pt;padding:0in 0in 1.0pt 0in'> >> </div> >> "This email is intended to be reviewed by only the intended recipient >> and may contain information that is privileged and/or confidential. >> If you are not the intended recipient, you are hereby notified that >> any review, use, dissemination, disclosure or copying of this email >> and its attachments, if any, is strictly prohibited. If you have >> received this email in error, please immediately notify the sender by >> return email and delete this email from your system." >> </font> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
