Displaying a Host’s Active TCP/UDP Sessions

Ok, suppose your sleuthing aroung with ntop finally identifies a particular host as the major consumer of bandwidth, what if you want to find out just what exactly s/he is doing online that is consuming so much bandwidth? Here is how ntop can help:

1. Identify the host you are interested in [one way is to sort on the Data for Network Traffic stats for local hosts.

2. Click on that host to bring up the Info about xxxxx page where xxxx is the name or IP address of the host you are interested in.

3. Scroll down to the bottom of the page to the Active TCP/UDP Sessions table. A screenshot is shown which "lays it all out for you". It almost something like you'd get running netstat on the host albeit cuter?

 

Active TCP/UDP Sessions for a Host

Active TCP/UDP Sessions for a Host

7 thoughts on “Displaying a Host’s Active TCP/UDP Sessions

  1. Hi! I have been reading your document about ntop and I can only say thanks, it is really good. However, and regarding to this post, there is something I’m missing. What if the host is no longer in the network? Is there any way to retrieve which hosts were at a specific time in the past? In the hosts view there only appear the online hosts and once they dessapear from there (10 min) there is nothing else you can do about it. I was expecting that enabling RRD for hosts would do something, however I don’t understand what happens with this enabled because I don’t appreciate any changes.
    Even storing the information in a external database, would it be possible to access the information stored from ntop webinterface?
    Thanks!

  2. I found that using the -c parameter, ntop won’t purge inactive hosts, so you can keep historical data about total bandwith used and graphs where you can see the use of this bandwith in time for a specific host. In my case this is enouhg. However it seems that only works fine for local hosts, as remote hosts are purged every 10 minutes of inactivity.
    I will have a look on Trisul, however it does not seem to support Netflow, does it?
    Thanks!

  3. For example, you may write several articles for Associated Content that are related to each other.

    I have just wasted over an hour playing around with a new site – a new site that I have no time to build.
    The features of the greatest SEO agency will be characterised in this form of method which they provide the top work in the internet search engine optimizer.

Leave a Reply