Hi Warren, we are working on an historical data explorer for flows: here's a preview https://www.dropbox.com/s/5ksguzw4798klyz/data-explorer.mov
simone On Mon, Jan 25, 2016 at 11:48 AM, Warren Daly (OPUS) <[email protected]> wrote: > Hi, > I have been given the task of investigating what a host was doing between > a time range today. > On another system this host was flagged as sending traffic. > I am struggling to use ntopng to assist me with this task. Please help. > > So I visit this URL > > /lua/host_details.lua?ifname=37&host=192.168.1.1&page=historical > > This page displays a nice graph of send/received. A good start. > I can also break it down to TCP, UDP and ICMP. Also a good start. > > If I hover over the graph I can see which hosts in that 1 min were talking > to this host 192.168.1.1 > * it would be nice to see all hosts for a range of time not just 1 minute. > > So it shows me a host that it was talking to, I click on it, and I am > brought the remote host > /lua/host_details.lua?host=192.168.10.1 > the over view page.... > > At no stage can I see a breakdown of protocols by host AND host. > Right now I can see 192.168.1.1 talked to 192.168.10.1 > But what kind of protocols? I can see it's TCP... but not if it was SMB > traffic, or RDP etc... > > What am I doing wrong? > > Regards, > Warren > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
