Gary
ntop 3.x cannot answer you're right. The one I;m cooking will be able
to give you both metrics/graphs and evidence of such traffic. I need
some more months of work. That's should explain why the mainstream
ntop is slowly moving. stay tuned.
Luca
PS. Anyone willing to provide me an account on FreeBSD machines where
the ntop bug shows up?
On May 27, 2009, at 11:08 PM, Gary Gatten wrote:
OK, I have another example that I believe is similar to yours:
I have a end user system that at 2AM this morning sent 1.5GB of data
somewhere. Who received this data and what was it? nTop can not
easily answer this for me – that I know of. I don’t have rrd
configured to store enough detail due to lack of disk space, but if
I did I *THINK* it could be used with arbitrary graphs/reports to
get what you and I (and everyone) would need to answer this question.
I would LOVE this functionality. Traffic Matrix is close, but far
from ideal. Seems nTop stores at least some of the necessary data,
so perhaps it wouldn’t be TOO difficult to tweak?
From: [email protected] [mailto:[email protected]] On Behalf
Of Gary Gatten
Sent: Wednesday, May 27, 2009 3:34 PM
To: [email protected]
Subject: Re: [Ntop] per host pair data?
Active/current is before the session info times out and is purged
and no longer available on reports. Ntop is good "what's happening
right now" tool, but getting "detailed" history not as easy.
Have u tried traffic map and matrix? Ill be back at my desk in a few
and can check further
----- Original Message -----
From: [email protected] <[email protected]>
To: [email protected] <[email protected]>
Sent: Wed May 27 15:27:52 2009
Subject: Re: [Ntop] per host pair data?
What defines "active / current"? If by that you mean all traffic seen
since ntop was started, then yes I would like to see "active /
current". I
have a host that communicates with about 40-50 other hosts, I need
to know
who is it talking to the most (or say the top 5 talkers), what was the
volume, and what protocol(s).
Thanks!
Phil
> If the traffic is active / current its easy. If its in the past,
much
more difficult - at least from my knowledge. Which are you
interested in?
If past, ill need to research - I can't think of an "easy" way to
get that
info in a pretty little picture. Probably with rrd if you're
exporting the
right info.
> > Basically, I need to answer the questions "Who communicated the
most
with host a, how much data flowed, and what kind of data was it"
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
"This email is intended to be reviewed by only the intended
recipient and may contain information that is privileged and/or
confidential. If you are not the intended recipient, you are hereby
notified that any review, use, dissemination, disclosure or copying
of this email and its attachments, if any, is strictly prohibited.
If you have received this email in error, please immediately notify
the sender by return email and delete this email from your system."
"This email is intended to be reviewed by only the intended
recipient and may contain information that is privileged and/or
confidential. If you are not the intended recipient, you are hereby
notified that any review, use, dissemination, disclosure or copying
of this email and its attachments, if any, is strictly prohibited.
If you have received this email in error, please immediately notify
the sender by return email and delete this email from your system."
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
