Displaying a Host’s Active TCP/UDP Sessions

Ok, suppose your sleuthing aroung with ntop finally identifies a particular host as the major consumer of bandwidth, what if you want to find out just what exactly s/he is doing online that is consuming so much bandwidth? Here is how ntop can help:

1. Identify the host you are interested in [one way is to sort on the Data for Network Traffic stats for local hosts.

2. Click on that host to bring up the Info about xxxxx page where xxxx is the name or IP address of the host you are interested in.

3. Scroll down to the bottom of the page to the Active TCP/UDP Sessions table. A screenshot is shown which “lays it all out for you”. It almost something like you’d get running netstat on the host albeit cuter?

 

Active TCP/UDP Sessions for a Host

Active TCP/UDP Sessions for a Host

NTOP Bandwidth Monitoring on Ubuntu 8.04

I have been working on deploying the latest version of the popular ntop bandwidth monitoring application. Here is a guide I wrote to get other started. I will make updates whenever I learn new things on this blog. You will also be able to download the latest copy of the guide from here.

ntop Guide 1.1

I think ntop is a brilliant tool for seeing what is happening on your network in realtime. It is Open Source, Free [as in both free speech and free beer] and in active development. Check back on this page not ony for latest copy of documentation but also for some screenshots and use cases for ntop as well as other cool stuff I come across.