Problem: "Host A" Tx / Rx an abnormal amount of data. I want to see where that data went and what ports were used.
Example: At 2AM "BobsPC" sends 2GB of data as seen in "Host Traffic Stats" //ntopsystem:3000/BobsPC.html. WTF was Bob doing at 2AM sending 2GB of data when he shouldn't even be here and doesn't usually send 2GB of data in a week! Uploading pictures or the Customer Database to our competitor? Solution: In "Host Traffic Stats" table (or elsewhere) each row (each time period) should be a hyperlink that pops a traffic matrix for BobPC during that specific time period. This will answer the question of where did Bob send 2GB of data at 2am. This would work but only provide data for last 24 hours? Alternate Solution: An Adhoc traffic matrix tool that would allow a user to select: host(s) and time periods to build said matrix. For example: For this scenario I could choose "BobsPC" and time period "today 01:00 - 02:00". But If I wanted to see who Bob has been talking with in the last month and the relative usage thereof, something like: "BobsPC" and "last 30 days"; then pop a table (and graph?) sorted by most highly used partners (total data) but also sort on Tx, Rx, etc. Obviously protocol detail is important as well. Obviously this will require additional storage, so maybe make this a user selectable feature t o enable/disable, length of history, level of detail (hosts or hosts and ports?), etc. Also, a filter (BPF style) for selecting which hosts to track / store this level of info for would be awesome. I haven't played much with the 3.3.3+ versions, so MAYBE recent features allow the "WTF is Bob doing?" question to be answered? If so, PLEASE tell how! If there is some way to do this even if it's not point and click, I'd be VERY interested! Thanks! Gary PS: I would pay for this if it would help get it done quicker! This functionality would be a great improvement to nTop IMHO! <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
