Hi Warren, On 01/25/2016 11:48 AM, Warren Daly (OPUS) wrote: > Hi, > I have been given the task of investigating what a host was doing > between a time range today. > On another system this host was flagged as sending traffic. > I am struggling to use ntopng to assist me with this task. Please help. > > So I visit this URL > > /lua/host_details.lua?ifname=37&host=192.168.1.1&page=historical > > This page displays a nice graph of send/received. A good start. > I can also break it down to TCP, UDP and ICMP. Also a good start. > > If I hover over the graph I can see which hosts in that 1 min were > talking to this host 192.168.1.1 > * it would be nice to see all hosts for a range of time not just 1 > minute. You need to enable -F and dump data to MySQL > > So it shows me a host that it was talking to, I click on it, and I am > brought the remote host > /lua/host_details.lua?host=192.168.10.1 > the over view page.... > > At no stage can I see a breakdown of protocols by host AND host. > Right now I can see 192.168.1.1 talked to 192.168.10.1 > But what kind of protocols? I can see it's TCP... but not if it was > SMB traffic, or RDP etc... Simone is working at that (and much more): he can update you on this matter
Regards Luca > > What am I doing wrong? > > Regards, > Warren > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
