Mailing List Archive: NTop: Users

Newbie questions

Index | Next | Previous | View Threaded

matt_h at mac

Jan 15, 2003, 10:24 PM

Post #1 of 19 (2797 views)
Permalink

Newbie questions

Hi All,

I have just gotten nTop compiled and installed on a MacOS X box. (It
was pretty easy too!)

In playing around with the web interface I have come to the conclusion
that nTop can do a heck of a lot more that I really need. (This is a
good thing). However, the downside is that I have very little idea of
what I am looking at. (This is a bad thing.)

Our setup

We have one router (Cisco 828 - 192.168.0.1) connecting us to the rest
of the world. What I need to be able to do is count how much data each
IP address (192.168.0.x) is pulling from the internet. The ideal
situation would be to have all our internal IPs listed and the how much
data (TCP, UDP, everything..) they have pulled in for a given month.

It this possible with nTop?

Cheers.

- Matt

--

0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0
Matt Healey matt_h [at] mac

Burton at ntopsupport

Jan 16, 2003, 8:16 AM

Post #2 of 19 (2717 views)
Permalink

Re: Newbie questions [In reply to]

Look into the rrd plugin.

You might have to extract the data (rrdtool dump) then work with it to do your reporting...

-----Burton

---------- Original Message ----------------------------------
From: Matthew Healey <matt_h [at] mac>
Reply-To: ntop [at] unipi
Date: Thu, 16 Jan 2003 13:24:20 +0800

>Hi All,
>
>I have just gotten nTop compiled and installed on a MacOS X box. (It
>was pretty easy too!)
>
>In playing around with the web interface I have come to the conclusion
>that nTop can do a heck of a lot more that I really need. (This is a
>good thing). However, the downside is that I have very little idea of
>what I am looking at. (This is a bad thing.)
>
>Our setup
>
>We have one router (Cisco 828 - 192.168.0.1) connecting us to the rest
>of the world. What I need to be able to do is count how much data each
>IP address (192.168.0.x) is pulling from the internet. The ideal
>situation would be to have all our internal IPs listed and the how much
>data (TCP, UDP, everything..) they have pulled in for a given month.
>
>It this possible with nTop?
>
>Cheers.
>
>- Matt
>
>--
>
>0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0--0
> Matt Healey matt_h [at] mac
>
>_______________________________________________
>Ntop mailing list
>Ntop [at] unipi
>http://listgateway.unipi.it/mailman/listinfo/ntop
>

____________________________________________________________
Free 20MB Web Site Hosting and Personalized E-mail Service!
Get It Now At Doteasy.com http://www.doteasy.com/et/

alex at bsbnet

May 22, 2006, 1:32 PM

Post #3 of 19 (2704 views)
Permalink

RE: Newbie questions [In reply to]

Rafael, se precisar de ajuda em português, estamos aí.
Alex, Brasília-DF

-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: segunda-feira, 22 de maio de 2006 17:28
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions

Hello there,

I just installed ntop in the laboratory at my university, I searched a lot
looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both. hehe
I'd like to know if there is any documentation (a paper, a how-to, anything)
that could help me with the basics about how ntop works. Everything seems
very simple after ntop is running, it collects lots of data and show many
spreeadsheets and graphs. But I'd like to know how it works, and I do have
some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people here
at the lab is acessing (and then maybe block some of them). For that I
redirect the port of our gateway to the machine that's running ntop. Then I
saw the statistics at IP Summary -> Traffic, to see the host (in this case,
servers) that were acessed using http. Everything was fine untill I realize
that one of the hosts vanished, it seems that ntop only show a list of a few
last (maybe in the last hour, or something) acessed hosts, is that correct??
If so, there are anyway that I can have this information using ntop? Maybe a
log...

If there are many english mistakes, I'm really sorry, I'm brazillian and I
don't pratice that much...

Thanks for the attention,
Rafael Barbosa

_______________________________________________
Ntop mailing list
Ntop [at] unipi
http://listgateway.unipi.it/mailman/listinfo/ntop

Burton at ntopSupport

May 22, 2006, 1:44 PM

Post #4 of 19 (2702 views)
Permalink

RE: Newbie questions [In reply to]

Read the FAQ - there are articles on host purge and various flags you can
use to protect data.

It's available in your instance via the About menu.

-----Burton

_____

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: Monday, May 22, 2006 3:28 PM
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions

Hello there,

I just installed ntop in the laboratory at my university, I searched a lot
looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both. hehe
I'd like to know if there is any documentation (a paper, a how-to, anything)
that could help me with the basics about how ntop works. Everything seems
very simple after ntop is running, it collects lots of data and show many
spreeadsheets and graphs. But I'd like to know how it works, and I do have
some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people here
at the lab is acessing (and then maybe block some of them). For that I
redirect the port of our gateway to the machine that's running ntop. Then I
saw the statistics at IP Summary -> Traffic, to see the host (in this case,
servers) that were acessed using http. Everything was fine untill I realize
that one of the hosts vanished, it seems that ntop only show a list of a few
last (maybe in the last hour, or something) acessed hosts, is that correct??
If so, there are anyway that I can have this information using ntop? Maybe a
log...

If there are many english mistakes, I'm really sorry, I'm brazillian and I
don't pratice that much...

Thanks for the attention,
Rafael Barbosa

chris.moore at gmd

May 22, 2006, 1:46 PM

Post #5 of 19 (2676 views)
Permalink

RE: Newbie questions [In reply to]

Rafael,

First, your English is fine. Pretty good for a guy out of practice, I'd
say.

Second, make sure you're running version 3.2+ just to "get off on the
right foot.

In your Ntop interface, under the "About" menu menu you'll find the man
pages, FAQ, where to get help (here) etc.

The answer to your question is the "sticky hosts" option, but that may
or may not help you. With this option off (default) Ntop behaves as
you've seen, purging hosts after a period of time of not seeing them.
This, as it turns out, is actually a good thing in most cases. If you
are looking at an Internet link, you'll end up with thousands and
thousands of hosts (if not millions when looking at a University's
Internet link!). This will eat a ton of memory and disk space and give
you giant lists to search through.

What I do when using Ntop for functionality like this is to go through
it periodically during busy periods, just casually scanning for "weird"
stuff. Not very efficient, but the alternative is a proxy server or some
sort of software that will work with your firewall to log this stuff
(we're playing with WebSense - a $$$$ commercial product.

Regards,

Chris

________________________________

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: Monday, May 22, 2006 2:28 PM
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions

Hello there,

I just installed ntop in the laboratory at my university, I searched a
lot looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both.
hehe
I'd like to know if there is any documentation (a paper, a how-to,
anything) that could help me with the basics about how ntop works.
Everything seems very simple after ntop is running, it collects lots of
data and show many spreeadsheets and graphs. But I'd like to know how it
works, and I do have some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people
here at the lab is acessing (and then maybe block some of them). For
that I redirect the port of our gateway to the machine that's running
ntop. Then I saw the statistics at IP Summary -> Traffic, to see the
host (in this case, servers) that were acessed using http. Everything
was fine untill I realize that one of the hosts vanished, it seems that
ntop only show a list of a few last (maybe in the last hour, or
something) acessed hosts, is that correct?? If so, there are anyway that
I can have this information using ntop? Maybe a log...

If there are many english mistakes, I'm really sorry, I'm brazillian and
I don't pratice that much...

Thanks for the attention,
Rafael Barbosa

**********************************************************************
Confidential/Proprietary Note

The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. Thank you.
Guardian Mtg Documents, Inc.
225 Union Boulevard, Suite 200
Lakewood, CO 80228.
**********************************************************************

chris.moore at gmd

May 22, 2006, 1:46 PM

Post #6 of 19 (2692 views)
Permalink

RE: Newbie questions [In reply to]

NChoate at jwoperating

May 22, 2006, 2:01 PM

Post #7 of 19 (2691 views)
Permalink

RE: Newbie questions [In reply to]

If you don't want to use the sticky hosts option but want to retain info
a little longer and If you are up to the task, you can edit the
global_defines.h which sets a number of values at compile time.

In my case I changed some of the idle timeout settings that control the
purge behavior with some good results. Look for the
PARM_HOST_PURCH_MINIMUM_IDLE params and others in there to keep the
recorded sessions a little longer. I played with those and got them to
keep the last couple of days. As someone mentioned just before, the
sticky hosts can fill up your tables if you leave it running for long
periods. There are plenty in there to keep you busy tweaking.

Nathan Choate

Sr. Network Administrator

J-W Operating Company

Longview, TX

(903) 291-2820 direct line

(903) 235-4417 cell

nchoate [at] jwoperating

-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: Monday, May 22, 2006 3:28 PM
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions

Hello there,

I just installed ntop in the laboratory at my university, I searched a
lot looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both.
hehe
I'd like to know if there is any documentation (a paper, a how-to,
anything) that could help me with the basics about how ntop works.
Everything seems very simple after ntop is running, it collects lots of
data and show many spreeadsheets and graphs. But I'd like to know how it
works, and I do have some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people
here at the lab is acessing (and then maybe block some of them). For
that I redirect the port of our gateway to the machine that's running
ntop. Then I saw the statistics at IP Summary -> Traffic, to see the
host (in this case, servers) that were acessed using http. Everything
was fine untill I realize that one of the hosts vanished, it seems that
ntop only show a list of a few last (maybe in the last hour, or
something) acessed hosts, is that correct?? If so, there are anyway that
I can have this information using ntop? Maybe a log...

If there are many english mistakes, I'm really sorry, I'm brazillian and
I don't pratice that much...

Thanks for the attention,
Rafael Barbosa

Burton at ntopSupport

May 22, 2006, 2:08 PM

Post #8 of 19 (2682 views)
Permalink

RE: Newbie questions [In reply to]

You probably want to make sure you are using the CVS version - or pick up
the patch I added recently for Nathan - otherwise, ntop ignores the
--disable-instantsessionpurge option.

-----Burton

(Search the back traffic on ntop-dev for my ref 704 - that will give you the
file(s) to diff).

_____

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
NChoate [at] jwoperating
Sent: Monday, May 22, 2006 4:02 PM
To: ntop [at] unipi
Subject: RE: [Ntop] Newbie questions

If you don't want to use the sticky hosts option but want to retain info a
little longer and If you are up to the task, you can edit the
global_defines.h which sets a number of values at compile time.

In my case I changed some of the idle timeout settings that control the
purge behavior with some good results. Look for the
PARM_HOST_PURCH_MINIMUM_IDLE params and others in there to keep the recorded
sessions a little longer. I played with those and got them to keep the last
couple of days. As someone mentioned just before, the sticky hosts can fill
up your tables if you leave it running for long periods. There are plenty
in there to keep you busy tweaking.

Nathan Choate

Sr. Network Administrator

J-W Operating Company

Longview, TX

(903) 291-2820 direct line

(903) 235-4417 cell

nchoate [at] jwoperating

-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: Monday, May 22, 2006 3:28 PM
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions

Hello there,

I just installed ntop in the laboratory at my university, I searched a lot
looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both. hehe
I'd like to know if there is any documentation (a paper, a how-to, anything)
that could help me with the basics about how ntop works. Everything seems
very simple after ntop is running, it collects lots of data and show many
spreeadsheets and graphs. But I'd like to know how it works, and I do have
some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people here
at the lab is acessing (and then maybe block some of them). For that I
redirect the port of our gateway to the machine that's running ntop. Then I
saw the statistics at IP Summary -> Traffic, to see the host (in this case,
servers) that were acessed using http. Everything was fine untill I realize
that one of the hosts vanished, it seems that ntop only show a list of a few
last (maybe in the last hour, or something) acessed hosts, is that correct??
If so, there are anyway that I can have this information using ntop? Maybe a
log...

If there are many english mistakes, I'm really sorry, I'm brazillian and I
don't pratice that much...

Thanks for the attention,
Rafael Barbosa

rrbarbosa at gmail

May 22, 2006, 2:08 PM

Post #9 of 19 (2693 views)
Permalink

Re: Newbie questions [In reply to]

I did't know about the FAQ, it's really big... I'll read it.

The problem monitoring the web-sites was just a example. But I'll read FAQ
before asking other questions.

E valeu pela força também Alex...

The answers was really fast, I'm impressed. Thanks.

Rafael Barbosa

On 5/22/06, Chris Moore <chris.moore [at] gmd> wrote:
>
> Rafael,
>
>
>
> First, your English is fine. Pretty good for a guy out of practice, I'd
> say.
>
>
>
> Second, make sure you're running version 3.2+ just to "get off on the
> right foot.
>
>
>
> In your Ntop interface, under the "About" menu menu you'll find the man
> pages, FAQ, where to get help (here) etc.
>
>
>
> The answer to your question is the "sticky hosts" option, but that may or
> may not help you. With this option off (default) Ntop behaves as you've
> seen, purging hosts after a period of time of not seeing them. This, as it
> turns out, is actually a good thing in most cases. If you are looking at an
> Internet link, you'll end up with thousands and thousands of hosts (if not
> millions when looking at a University's Internet link!). This will eat a ton
> of memory and disk space and give you giant lists to search through.
>
>
>
> What I do when using Ntop for functionality like this is to go through it
> periodically during busy periods, just casually scanning for "weird" stuff.
> Not very efficient, but the alternative is a proxy server or some sort of
> software that will work with your firewall to log this stuff (we're playing
> with WebSense – a $$$$ commercial product.
>
>
>
> Regards,
>
>
>
> Chris
>
>
> ------------------------------
>
> *From:* ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] *On Behalf Of
> *Rafael Barbosa
> *Sent:* Monday, May 22, 2006 2:28 PM
> *To:* ntop [at] listgateway
> *Subject:* [Ntop] Newbie questions
>
>
>
> Hello there,
>
> I just installed ntop in the laboratory at my university, I searched a lot
> looking for a manual or something like it that could help me at the
> beginnig. Everything I found was much superficial, outdated or both. hehe
> I'd like to know if there is any documentation (a paper, a how-to,
> anything) that could help me with the basics about how ntop works.
> Everything seems very simple after ntop is running, it collects lots of data
> and show many spreeadsheets and graphs. But I'd like to know how it works,
> and I do have some doubts.
>
> One thing I want to do, and I don' know if its possible, is to use the
> information that ntop gather to figure out which web-sites the people here
> at the lab is acessing (and then maybe block some of them). For that I
> redirect the port of our gateway to the machine that's running ntop. Then I
> saw the statistics at IP Summary -> Traffic, to see the host (in this case,
> servers) that were acessed using http. Everything was fine untill I realize
> that one of the hosts vanished, it seems that ntop only show a list of a few
> last (maybe in the last hour, or something) acessed hosts, is that correct??
> If so, there are anyway that I can have this information using ntop? Maybe a
> log...
>
>
> If there are many english mistakes, I'm really sorry, I'm brazillian and I
> don't pratice that much...
>
> Thanks for the attention,
> Rafael Barbosa
> **********************************************************************
> Confidential/Proprietary Note
>
> The information in this email is confidential and may be legally
> privileged. Access to this email by anyone other than the intended addressee
> is unauthorized. If you are not the intended recipient of this message, any
> review, disclosure, copying, distribution, retention, or any action taken or
> omitted to be taken in reliance on it is prohibited and may be unlawful. If
> you are not the intended recipient, please reply to or forward a copy of
> this message to the sender and delete the message, any attachments, and any
> copies thereof from your system. Thank you.
> Guardian Mtg Documents, Inc.
> 225 Union Boulevard, Suite 200
> Lakewood, CO 80228.
> **********************************************************************
>
> _______________________________________________
> Ntop mailing list
> Ntop [at] unipi
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>

rrbarbosa at gmail

May 22, 2006, 2:08 PM

Post #10 of 19 (2692 views)
Permalink

Re: Newbie questions [In reply to]

NChoate at jwoperating

May 22, 2006, 2:10 PM

Post #11 of 19 (2710 views)
Permalink

RE: Newbie questions [In reply to]

Didn't realize you added a patch for me! I had already got into
global_defines.h and reversed the setting :-)

Nathan Choate

Sr. Network Administrator

J-W Operating Company

Longview, TX

(903) 291-2820 direct line

(903) 235-4417 cell

nchoate [at] jwoperating

-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Burton Strauss
Sent: Monday, May 22, 2006 4:09 PM
To: ntop [at] unipi
Subject: RE: [Ntop] Newbie questions

You probably want to make sure you are using the CVS version - or pick
up the patch I added recently for Nathan - otherwise, ntop ignores the
--disable-instantsessionpurge option.

-----Burton

(Search the back traffic on ntop-dev for my ref 704 - that will give you
the file(s) to diff).

_____

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
NChoate [at] jwoperating
Sent: Monday, May 22, 2006 4:02 PM
To: ntop [at] unipi
Subject: RE: [Ntop] Newbie questions

If you don't want to use the sticky hosts option but want to retain info
a little longer and If you are up to the task, you can edit the
global_defines.h which sets a number of values at compile time.

In my case I changed some of the idle timeout settings that control the
purge behavior with some good results. Look for the
PARM_HOST_PURCH_MINIMUM_IDLE params and others in there to keep the
recorded sessions a little longer. I played with those and got them to
keep the last couple of days. As someone mentioned just before, the
sticky hosts can fill up your tables if you leave it running for long
periods. There are plenty in there to keep you busy tweaking.

Nathan Choate

Sr. Network Administrator

J-W Operating Company

Longview, TX

(903) 291-2820 direct line

(903) 235-4417 cell

nchoate [at] jwoperating

-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: Monday, May 22, 2006 3:28 PM
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions

Hello there,

I just installed ntop in the laboratory at my university, I searched a
lot looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both.
hehe
I'd like to know if there is any documentation (a paper, a how-to,
anything) that could help me with the basics about how ntop works.
Everything seems very simple after ntop is running, it collects lots of
data and show many spreeadsheets and graphs. But I'd like to know how it
works, and I do have some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people
here at the lab is acessing (and then maybe block some of them). For
that I redirect the port of our gateway to the machine that's running
ntop. Then I saw the statistics at IP Summary -> Traffic, to see the
host (in this case, servers) that were acessed using http. Everything
was fine untill I realize that one of the hosts vanished, it seems that
ntop only show a list of a few last (maybe in the last hour, or
something) acessed hosts, is that correct?? If so, there are anyway that
I can have this information using ntop? Maybe a log...

If there are many english mistakes, I'm really sorry, I'm brazillian and
I don't pratice that much...

Thanks for the attention,
Rafael Barbosa

Burton at ntopSupport

May 22, 2006, 2:24 PM

Post #12 of 19 (2701 views)
Permalink

RE: Newbie questions [In reply to]

Well, they do different things...

Your change affects the time before ntop may choose to purge. This affects
both HOSTS and SESSIONS.

A host w/ no active sessions and no traffic is considered idle and can be
selected for purge. This purges the whole kit and kaboodle.

Individual sessions may also be purged on the same schedule.

But you had also found that the command line switch wasn't being honored.

ntop used to - by mistake - treat a closed session as instantly eligible for
purge. So you never saw data for recently ended sessions in that part of the
web server. But when I fixed the bug, I was concerned that this could -
under some situations - cause a huge increase in the number of sessions
being tracked and thus memory usage. So I defaulted to the old behavior and
added the switch to make ntop work correctly. I've just never gotten around
to flipping them the way they should be.

-----Burton

_____

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
NChoate [at] jwoperating
Sent: Monday, May 22, 2006 4:10 PM
To: ntop [at] unipi
Subject: RE: [Ntop] Newbie questions

Didn't realize you added a patch for me! I had already got into
global_defines.h and reversed the setting :-)

Nathan Choate

Sr. Network Administrator

J-W Operating Company

Longview, TX

(903) 291-2820 direct line

(903) 235-4417 cell

nchoate [at] jwoperating

-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Burton Strauss
Sent: Monday, May 22, 2006 4:09 PM
To: ntop [at] unipi
Subject: RE: [Ntop] Newbie questions

You probably want to make sure you are using the CVS version - or pick up
the patch I added recently for Nathan - otherwise, ntop ignores the
--disable-instantsessionpurge option.

-----Burton

(Search the back traffic on ntop-dev for my ref 704 - that will give you the
file(s) to diff).

_____

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
NChoate [at] jwoperating
Sent: Monday, May 22, 2006 4:02 PM
To: ntop [at] unipi
Subject: RE: [Ntop] Newbie questions

If you don't want to use the sticky hosts option but want to retain info a
little longer and If you are up to the task, you can edit the
global_defines.h which sets a number of values at compile time.

In my case I changed some of the idle timeout settings that control the
purge behavior with some good results. Look for the
PARM_HOST_PURCH_MINIMUM_IDLE params and others in there to keep the recorded
sessions a little longer. I played with those and got them to keep the last
couple of days. As someone mentioned just before, the sticky hosts can fill
up your tables if you leave it running for long periods. There are plenty
in there to keep you busy tweaking.

Nathan Choate

Sr. Network Administrator

J-W Operating Company

Longview, TX

(903) 291-2820 direct line

(903) 235-4417 cell

nchoate [at] jwoperating

-----Original Message-----
From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: Monday, May 22, 2006 3:28 PM
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions

Hello there,

I just installed ntop in the laboratory at my university, I searched a lot
looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both. hehe
I'd like to know if there is any documentation (a paper, a how-to, anything)
that could help me with the basics about how ntop works. Everything seems
very simple after ntop is running, it collects lots of data and show many
spreeadsheets and graphs. But I'd like to know how it works, and I do have
some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people here
at the lab is acessing (and then maybe block some of them). For that I
redirect the port of our gateway to the machine that's running ntop. Then I
saw the statistics at IP Summary -> Traffic, to see the host (in this case,
servers) that were acessed using http. Everything was fine untill I realize
that one of the hosts vanished, it seems that ntop only show a list of a few
last (maybe in the last hour, or something) acessed hosts, is that correct??
If so, there are anyway that I can have this information using ntop? Maybe a
log...

If there are many english mistakes, I'm really sorry, I'm brazillian and I
don't pratice that much...

Thanks for the attention,
Rafael Barbosa

shawn at clearwave

May 23, 2006, 8:40 AM

Post #13 of 19 (2716 views)
Permalink

RE: Newbie questions [In reply to]

If you would like an example of how to leverage ntop for traffic accounting,
check out my whitepaper in the user contrib area on sourceforge titled
NTOP_Usage_Tracking.pdf

http://sourceforge.net/project/showfiles.php?group_id=17233
<http://sourceforge.net/project/showfiles.php?group_id=17233&package_id=5580
2> &package_id=55802

_____

From: ntop-bounces [at] unipi [mailto:ntop-bounces [at] unipi] On Behalf Of
Rafael Barbosa
Sent: Monday, May 22, 2006 2:28 PM
To: ntop [at] listgateway
Subject: [Ntop] Newbie questions

Hello there,

I just installed ntop in the laboratory at my university, I searched a lot
looking for a manual or something like it that could help me at the
beginnig. Everything I found was much superficial, outdated or both. hehe
I'd like to know if there is any documentation (a paper, a how-to, anything)
that could help me with the basics about how ntop works. Everything seems
very simple after ntop is running, it collects lots of data and show many
spreeadsheets and graphs. But I'd like to know how it works, and I do have
some doubts.

One thing I want to do, and I don' know if its possible, is to use the
information that ntop gather to figure out which web-sites the people here
at the lab is acessing (and then maybe block some of them). For that I
redirect the port of our gateway to the machine that's running ntop. Then I
saw the statistics at IP Summary -> Traffic, to see the host (in this case,
servers) that were acessed using http. Everything was fine untill I realize
that one of the hosts vanished, it seems that ntop only show a list of a few
last (maybe in the last hour, or something) acessed hosts, is that correct??
If so, there are anyway that I can have this information using ntop? Maybe a
log...

If there are many english mistakes, I'm really sorry, I'm brazillian and I
don't pratice that much...

Thanks for the attention,
Rafael Barbosa

Ggatten at waddell

Sep 4, 2010, 12:22 PM

Post #14 of 19 (1134 views)
Permalink

Re: newbie questions [In reply to]

To support 10 interfaces you may need to tweak a def in globals-defines.h and recompile.

From the GUI, Admin->Switch NIC will get you to other ints to view their stats. You can't see protocol details from multiple nics on the same report. You can see "summary" info from all NIC in the Traffic Summary page.

________________________________
From: ntop-bounces [at] listgateway <ntop-bounces [at] listgateway>
To: ntop [at] listgateway <ntop [at] listgateway>
Sent: Sat Sep 04 14:05:05 2010
Subject: [Ntop] newbie questions

â€‹Hello,

I've just installed ntop (on Ubuntu 10.04) and had a few questions...

The server has interfaces eth0:1 - eth0:10, but ntop only lists eth0:1 - eth0:7. How can I list all of them?

Also, I wanted to be able to see IP traffic specific to each interface. Ntop is showing the HTTP, SMTP, etc traffic overall for eth0, but I wanted to see traffic for each interface. Is this possible?

Thanks
Ricardo

<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>

ricardo at americasnet

Sep 4, 2010, 12:33 PM

Post #15 of 19 (1138 views)
Permalink

Re: newbie questions [In reply to]

Thanks.

Actually I figured out that if I switch the nic which goes to the
local network, then I can dial down to the different servers.

At Saturday, 09-04-2010 on 12:22 "Gary Gatten" wrote:

To support 10 interfaces you may need to tweak a def in
globals-defines.h and recompile.

>From the GUI, Admin->Switch NIC will get you to other ints to view
their stats. You can't see protocol details from multiple nics on the
same report. You can see "summary" info from all NIC in the Traffic
Summary page.

-------------------------
FROM: ntop-bounces [at] listgateway
TO: ntop [at] listgateway
SENT: Sat Sep 04 14:05:05 2010
SUBJECT: [Ntop] newbie questions

â€‹Hello,

I've just installed ntop (on Ubuntu 10.04) and had a few questions...

The server has interfaces eth0:1 - eth0:10, but ntop only lists
eth0:1 - eth0:7. How can I list all of them?

Also, I wanted to be able to see IP traffic specific to each
interface. Ntop is showing the HTTP, SMTP, etc traffic overall for
eth0, but I wanted to see traffic for each interface. Is this
possible?

Thanks
Ricardo

"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential. If
you are not the intended recipient, you are hereby notified that any
review, use, dissemination, disclosure or copying of this email and
its attachments, if any, is strictly prohibited. If you have received
this email in error, please immediately notify the sender by return
email and delete this email from your system."

ricardo at americasnet

Sep 4, 2010, 12:37 PM

Post #16 of 19 (1132 views)
Permalink

Re: newbie questions [In reply to]

Another question...

Is there a way to associate a name with a local IP?

Right now i'm looking at IP -> Summary -> Traffic and it lists my
internal IPs 192.168 and there are a few of them. I wanted to
associate a server name to each of the internal IPs for easier
reading... can this be done?

Thanks

At Saturday, 09-04-2010 on 12:22 "Gary Gatten" wrote:

To support 10 interfaces you may need to tweak a def in
globals-defines.h and recompile.

>From the GUI, Admin->Switch NIC will get you to other ints to view
their stats. You can't see protocol details from multiple nics on the
same report. You can see "summary" info from all NIC in the Traffic
Summary page.

-------------------------
FROM: ntop-bounces [at] listgateway
TO: ntop [at] listgateway
SENT: Sat Sep 04 14:05:05 2010
SUBJECT: [Ntop] newbie questions

â€‹Hello,

I've just installed ntop (on Ubuntu 10.04) and had a few questions...

The server has interfaces eth0:1 - eth0:10, but ntop only lists
eth0:1 - eth0:7. How can I list all of them?

Also, I wanted to be able to see IP traffic specific to each
interface. Ntop is showing the HTTP, SMTP, etc traffic overall for
eth0, but I wanted to see traffic for each interface. Is this
possible?

Thanks
Ricardo

"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential. If
you are not the intended recipient, you are hereby notified that any
review, use, dissemination, disclosure or copying of this email and
its attachments, if any, is strictly prohibited. If you have received
this email in error, please immediately notify the sender by return
email and delete this email from your system."

Ggatten at waddell

Sep 4, 2010, 12:44 PM

Post #17 of 19 (1142 views)
Permalink

Re: newbie questions [In reply to]

It should resolve if hosts are in DNS, local hosts, etc. Else, in the gui when you look at a specific host you can assign it a name in there

________________________________
From: ntop-bounces [at] listgateway <ntop-bounces [at] listgateway>
To: ntop [at] unipi <ntop [at] unipi>
Sent: Sat Sep 04 14:37:46 2010
Subject: Re: [Ntop] newbie questions

Another question...

Is there a way to associate a name with a local IP?

Right now i'm looking at IP -> Summary -> Traffic and it lists my internal IPs 192.168 and there are a few of them. I wanted to associate a server name to each of the internal IPs for easier reading... can this be done?

Thanks

At Saturday, 09-04-2010 on 12:22 "Gary Gatten" <Ggatten [at] waddell> wrote:
To support 10 interfaces you may need to tweak a def in globals-defines.h and recompile.

From the GUI, Admin->Switch NIC will get you to other ints to view their stats. You can't see protocol details from multiple nics on the same report. You can see "summary" info from all NIC in the Traffic Summary page.

________________________________
From: ntop-bounces [at] listgateway <ntop-bounces [at] listgateway>
To: ntop [at] listgateway <ntop [at] listgateway>
Sent: Sat Sep 04 14:05:05 2010
Subject: [Ntop] newbie questions

â€‹Hello,

I've just installed ntop (on Ubuntu 10.04) and had a few questions...

The server has interfaces eth0:1 - eth0:10, but ntop only lists eth0:1 - eth0:7. How can I list all of them?

Also, I wanted to be able to see IP traffic specific to each interface. Ntop is showing the HTTP, SMTP, etc traffic overall for eth0, but I wanted to see traffic for each interface. Is this possible?

Thanks
Ricardo
"This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system."

<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>

ricardo at americasnet

Sep 4, 2010, 1:00 PM

Post #18 of 19 (1137 views)
Permalink

Re: newbie questions [In reply to]

Sorry for so many questions...

I entered a name in /etc/hosts for a local IP, but when I view the IP
traffic summary it still only lists by IP.

When I go into the html page for the host I don't see anywhere that I
can assign a name?

Ricardo

At Saturday, 09-04-2010 on 12:44 "Gary Gatten" wrote:

It should resolve if hosts are in DNS, local hosts, etc. Else, in
the gui when you look at a specific host you can assign it a name in
there

-------------------------
FROM: ntop-bounces [at] listgateway
TO: ntop [at] unipi
SENT: Sat Sep 04 14:37:46 2010
SUBJECT: Re: [Ntop] newbie questions

Another question...

Is there a way to associate a name with a local IP?

Right now i'm looking at IP -> Summary -> Traffic and it lists my
internal IPs 192.168 and there are a few of them. I wanted to
associate a server name to each of the internal IPs for easier
reading... can this be done?

Thanks

At Saturday, 09-04-2010 on 12:22 "Gary Gatten" wrote:

To support 10 interfaces you may need to tweak a def in
globals-defines.h and recompile.

>From the GUI, Admin->Switch NIC will get you to other ints to view
their stats. You can't see protocol details from multiple nics on the
same report. You can see "summary" info from all NIC in the Traffic
Summary page.

-------------------------
FROM: ntop-bounces [at] listgateway
TO: ntop [at] listgateway
SENT: Sat Sep 04 14:05:05 2010
SUBJECT: [Ntop] newbie questions

â€‹Hello,

I've just installed ntop (on Ubuntu 10.04) and had a few questions...

The server has interfaces eth0:1 - eth0:10, but ntop only lists
eth0:1 - eth0:7. How can I list all of them?

Also, I wanted to be able to see IP traffic specific to each
interface. Ntop is showing the HTTP, SMTP, etc traffic overall for
eth0, but I wanted to see traffic for each interface. Is this
possible?

Thanks
Ricardo

"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential. If
you are not the intended recipient, you are hereby notified that any
review, use, dissemination, disclosure or copying of this email and
its attachments, if any, is strictly prohibited. If you have received
this email in error, please immediately notify the sender by return
email and delete this email from your system."

"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential. If
you are not the intended recipient, you are hereby notified that any
review, use, dissemination, disclosure or copying of this email and
its attachments, if any, is strictly prohibited. If you have received
this email in error, please immediately notify the sender by return
email and delete this email from your system."

Ggatten at waddell

Sep 4, 2010, 1:38 PM

Post #19 of 19 (1135 views)
Permalink

Re: newbie questions [In reply to]

Once ntop fails to resolve an IP, It may not try again - not sure. Check your resolv.conf as well, make sure its correct.

I don't have ntop in front of me, but unless it was removed in v4x, on the host details page near the top is a place to name to host.

________________________________
From: ntop-bounces [at] listgateway <ntop-bounces [at] listgateway>
To: ntop [at] unipi <ntop [at] unipi>
Sent: Sat Sep 04 15:00:31 2010
Subject: Re: [Ntop] newbie questions

Sorry for so many questions...

I entered a name in /etc/hosts for a local IP, but when I view the IP traffic summary it still only lists by IP.

When I go into the html page for the host I don't see anywhere that I can assign a name?

Ricardo

At Saturday, 09-04-2010 on 12:44 "Gary Gatten" <Ggatten [at] waddell> wrote:
It should resolve if hosts are in DNS, local hosts, etc. Else, in the gui when you look at a specific host you can assign it a name in there

________________________________
From: ntop-bounces [at] listgateway <ntop-bounces [at] listgateway>
To: ntop [at] unipi <ntop [at] unipi>
Sent: Sat Sep 04 14:37:46 2010
Subject: Re: [Ntop] newbie questions

Another question...

Is there a way to associate a name with a local IP?

Right now i'm looking at IP -> Summary -> Traffic and it lists my internal IPs 192.168 and there are a few of them. I wanted to associate a server name to each of the internal IPs for easier reading... can this be done?

Thanks

At Saturday, 09-04-2010 on 12:22 "Gary Gatten" <Ggatten [at] waddell> wrote:
To support 10 interfaces you may need to tweak a def in globals-defines.h and recompile.

From the GUI, Admin->Switch NIC will get you to other ints to view their stats. You can't see protocol details from multiple nics on the same report. You can see "summary" info from all NIC in the Traffic Summary page.

________________________________
From: ntop-bounces [at] listgateway <ntop-bounces [at] listgateway>
To: ntop [at] listgateway <ntop [at] listgateway>
Sent: Sat Sep 04 14:05:05 2010
Subject: [Ntop] newbie questions

â€‹Hello,

I've just installed ntop (on Ubuntu 10.04) and had a few questions...

The server has interfaces eth0:1 - eth0:10, but ntop only lists eth0:1 - eth0:7. How can I list all of them?

Also, I wanted to be able to see IP traffic specific to each interface. Ntop is showing the HTTP, SMTP, etc traffic overall for eth0, but I wanted to see traffic for each interface. Is this possible?

Thanks
Ricardo
"This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system."
"This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system."

<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads