Hi Paul, > Is there a away to tell ntop (by editing the source I expect) to > ignore all hosts except top 50 bandwidth producer/receivers and > that is it?
Do you have any idea how to do that? I haven't... The problem with that is that you don't know in advance who will be the hosts using most of the bandwidth. You have to count all packets in order to get these hosts. > What I guess I am looking to do is get a higher level > analysis of a segment. I need to know # of total connections, protocol > breakdown, utilization, top 50 bandwidth hogs, maybe a ultilization > over a period in time, a new Ferrari...joke. If you could suggest a > direction I could go to achieve the end goal (not the Ferrari), that > would be great. Again thank you. I couldn't help you with the Ferrari..., but: # of total connections: is displayed in "About-Configuration" protocol breakdown: "Stats-Traffic" top 50 bandwidth hogs: I found no direct way with the "normal" ntop; you can display the top "data sent" and top "data received" hosts or even sort it by a protocol (FTP,HTTP,...) with for example "Data Sent - TCP/UDP" utilization over a period in time: "Stats-Networkload" So far... you have got too much traffic? If you don't need the info about hosts outside your net, you can map the hosts outside your net to a single host: in pbuf.c, function processIpPkt: after "NTOHL(ip.ip_src.s_addr);" add code that changes the src or dst IP address if it doesn't belong to your net and in the function handleTCPSession add at the beginning "return NULL;". It worked for me and you have much less hosts in your hash speeding ntop up very much. I don't give any warranty... The advantage is that ntop works much faster and displays only your hosts, the disadvantages are that you don't have information about other hosts and about sessions. But you have information about the protocol breakdown, your own top 50 bandwidth hogs and the network load. You could add a counter to the function "handleTCPSession" so you've got the total number of opened TCP sessions. If this is interesting for others, I could try to integrate this in a more userfriendly way into ntop so that Luca can integrate this into a new version of ntop (of course after he released ntop 2.0). Otherwise I 'll don't do this extra work, because for me it works fine. CU, Michael -- Michael Weidel, University of Ulm EMAIL: [EMAIL PROTECTED] WWW: http://www.weidel.org (PGP-KEY) http://www.columbo-homepage.de http://www.paesseradeln.de _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop
