Hi Andrew, > I'm under the impression that ntop's application level protocol summation > doesn't distinguish between outgoing and incoming traffic. It only uses the > port number on the remote host to determine the 'protocol'. > > Is this assumption correct?
I don't know exactly what you mean but I think the answer is: ntop distinguishes between outgoing and incoming traffic. > What I'd like to do is use ntop to create some nice charts of traffic > distribution on a webserver that also does other things than serving http. > > I expect to see a separate chart for 'outgoing' and for 'incoming' traffic, > where protocols are distinguised by remote and local port numbers > respectively. You can look at the incoming traffic of every host: Data Rcvd - TCP/UDP You can sort this by any protocol. Perhaps you have to define your own protocols using your own file protocols.txt and start ntop with "-p protocols.txt". > E.g. everything that goes out from our local port 80 is outgoing http. > Everything that comes in from a remote port 80 is incoming http. And so on. Is this a switched environment? If not, set up a filter with "ntop <Params> host <your host IP address>". Start ntop with mySQL support. I didn't try it, but it should log the information you want to the database, or am I not right? You can then use this database to build you own graphics. > Did you consider implementing such a feature? You can also make your own plugin... > It would also be nice if ntop could produce statistics of IP protocol > distribution (i.e. TCP/UDP/ICMP/IGMP/RSVP/etc). And here again: I don't know if I understand you right, but as far as I know ntop can do that. If this is not what you wanted and I terribly misunderstood you, please write again and describe your problem in more detail. CU, Michael -- Michael Weidel, University of Ulm EMAIL: [EMAIL PROTECTED] WWW: http://www.weidel.org (PGP-KEY) http://www.columbo-homepage.de http://www.paesseradeln.de _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop
