RE: [Ntop] tracking endpoints according to bandwidth utilization

Wed, 06 Jul 2005 11:20:00 -0700

Thanks for the reply, Burton!
 
What you say about the NAT mapping makes sense.  But then if that's true, how could I see your example of "PC -> Yahoo"?  I would love to get exactly that!  Here's what I see:
 
Yahoo 1.3 Mbps
PC1 500 Kbps
PC2 64 Kbps
 
There's not much I can do with that information.  Know what I mean?  What I really need is something like this:
 
PC1 -> Yahoo 1.3 Mbps
Google -> PC2 500 Kbps
eMule -> PC3 64 Kbps
 
thanks again,
Gary

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss
Sent: Tuesday, July 05, 2005 7:26 PM
To: [email protected]
Subject: RE: [Ntop] tracking endpoints according to bandwidth utilization

If the gateway/firewall is doing NAT, you can't do it.  Only the NAT process itself has the mapping information. 
 
( Well, recent Linux kernels can make it available to a user land process via a /proc file, but in general my comment is true. )
 
However, why are you combining the data?? - That's at best erroneous.
 
Say an internal host contacts Yahoo.  Inside the FW, you see
 
  PC -> Yahoo
 Yahoo -> PC
 
That's a complete picture.
 
 
Outside the FW, you see
 
FW -> Yahoo
Yahoo -> FW
 
That too is a complete picture, albeit with less useful information.
 
-----Burton
 
 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Merrick
Sent: Tuesday, July 05, 2005 5:41 PM
To: [email protected]
Subject: [Ntop] tracking endpoints according to bandwidth utilization

I am trying to use Ntop to find out who is using up the majority of my Internet bandwidth and for what purpose.
 
I have Ntop NICs connected to both sides of my firewall, and configured it to use both interfaces either together or separately.  Ntop does a great job of showing me things like the top hosts sent and received throughput.  But that's only one side of the connection.  I'm having a difficult time putting the data together to show me, say, who on my LAN is using up most of our bandwidth from what external server for what purpose.
 
I would very much appreciate any pointers you may have.  Read the FAQ and the archives, still not sure about the solution.  I'm using Ntop 3.1 on Suse Linux 9.3 Pro.
 
Thanks in advance,
Gary
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

Reply via email to