RE: [Ntop] tracking endpoints according to bandwidth utilization

Wed, 06 Jul 2005 16:00:30 -0700

Check the hosts page - look at the per-connection info, recent talkers, etc.  (

Last Contacted Peers

Sent To IP Address
192.168.142.255 192.168.142.255 
Total Contacts 1

 

TCP/UDP Recently Used Ports

Client Port Server Port

     

    Active TCP Sessions

    )
     
    Or consider turning on the RRD Matrix dump...
     
    -----Burton
     

    From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Merrick
    Sent: Wednesday, July 06, 2005 1:20 PM
    To: [email protected]
    Subject: RE: [Ntop] tracking endpoints according to bandwidth utilization

    Thanks for the reply, Burton!
     
    What you say about the NAT mapping makes sense.  But then if that's true, how could I see your example of "PC -> Yahoo"?  I would love to get exactly that!  Here's what I see:
     
    Yahoo 1.3 Mbps
    PC1 500 Kbps
    PC2 64 Kbps
     
    There's not much I can do with that information.  Know what I mean?  What I really need is something like this:
     
    PC1 -> Yahoo 1.3 Mbps
    Google -> PC2 500 Kbps
    eMule -> PC3 64 Kbps
     
    thanks again,
    Gary

    From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss
    Sent: Tuesday, July 05, 2005 7:26 PM
    To: [email protected]
    Subject: RE: [Ntop] tracking endpoints according to bandwidth utilization

    If the gateway/firewall is doing NAT, you can't do it.  Only the NAT process itself has the mapping information. 
     
    ( Well, recent Linux kernels can make it available to a user land process via a /proc file, but in general my comment is true. )
     
    However, why are you combining the data?? - That's at best erroneous.
     
    Say an internal host contacts Yahoo.  Inside the FW, you see
     
      PC -> Yahoo
     Yahoo -> PC
     
    That's a complete picture.
     
     
    Outside the FW, you see
     
    FW -> Yahoo
    Yahoo -> FW
     
    That too is a complete picture, albeit with less useful information.
     
    -----Burton
     
     

    From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Merrick
    Sent: Tuesday, July 05, 2005 5:41 PM
    To: [email protected]
    Subject: [Ntop] tracking endpoints according to bandwidth utilization

    I am trying to use Ntop to find out who is using up the majority of my Internet bandwidth and for what purpose.
     
    I have Ntop NICs connected to both sides of my firewall, and configured it to use both interfaces either together or separately.  Ntop does a great job of showing me things like the top hosts sent and received throughput.  But that's only one side of the connection.  I'm having a difficult time putting the data together to show me, say, who on my LAN is using up most of our bandwidth from what external server for what purpose.
     
    I would very much appreciate any pointers you may have.  Read the FAQ and the archives, still not sure about the solution.  I'm using Ntop 3.1 on Suse Linux 9.3 Pro.
     
    Thanks in advance,
    Gary
    _______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

    Reply via email to