You can if you catch it within 24 hours, or even better if you can catch it real-time. Once sessions / hosts age out from inactivity the details are hard to get at. Try to view the nTop reports during the suspect time window. Else, turn up the logging configs in the rrd plugin (watch your disk space) and / or get the newer(newest) version of nTop that supports mySql and dump everything there.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of James Chase Sent: Thursday, July 30, 2009 11:18 AM To: [email protected] Subject: [Ntop] Identifying Inbound Network Traffic Hi, I'm seeing an inbound traffic spike at our hosting facility early every morning at roughly the same time through our MRTG and Cacti graphs. We recently installed NTOP to try and pin down the source and destination as well as port/protocol of the traffic, but I haven't been able to do this as effectively as I thought. I know through Cacti which host the traffic is going to, but it has ~10 virtual IP's and due to a limitation of the SNMP protocol I can't limit it to which IP exactly. But a more general question, is there a good way to get this information with NTOP? Taking a certain time period and identifying the association of a traffic spike; where the data is going to and where it is coming from, and on which port? I really want to drill down during the time period in question but the more detailed stats seem more cumulative. Should I just be sampling output to a file during the period in question? Are there other useful plugins for this? Thanks for any help, James _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
