Displaying a Host’s Active TCP/UDP Sessions

Ok, suppose your sleuthing aroung with ntop finally identifies a particular host as the major consumer of bandwidth, what if you want to find out just what exactly s/he is doing online that is consuming so much bandwidth? Here is how ntop can help:

1. Identify the host you are interested in [one way is to sort on the Data for Network Traffic stats for local hosts.

2. Click on that host to bring up the Info about xxxxx page where xxxx is the name or IP address of the host you are interested in.

3. Scroll down to the bottom of the page to the Active TCP/UDP Sessions table. A screenshot is shown which “lays it all out for you”. It almost something like you’d get running netstat on the host albeit cuter?

 

Active TCP/UDP Sessions for a Host

Active TCP/UDP Sessions for a Host