One of the most common questions people as is how to dump ntop
data into a database. Well there are scripts to do that for a MySQL
database on sourceforge.net.
However, within ntop, just click Utils|Data Dump to show the following dialog box:
You can dump data about different objects into different formats –
see the ntop guide for the formats. Some of these formats are importable
into a spreedsheet and from there you can unleash the full power of
Open Office Calc or Excel unto your traffic data.
Ok, suppose your sleuthing aroung
with ntop finally identifies a particular host as the major consumer of
bandwidth, what if you want to find out just what exactly s/he is doing
online that is consuming so much bandwidth? Here is how ntop can help:
1. Identify the host you are interested in [one way is to sort on the Data for Network Traffic stats for local hosts.
2. Click on that host to bring up the Info about xxxxx page where xxxx is the name or IP address of the host you are interested in.
3. Scroll down to the bottom of the page to the Active TCP/UDP Sessions table.
A screenshot is shown which "lays it all out for you". It almost
something like you'd get running netstat on the host albeit cuter?
Active TCP/UDP Sessions for a Host
I have been working on deploying the
latest version of the popular ntop bandwidth monitoring application.
Here is a guide I wrote to get other started. I will make updates
whenever I learn new things on this blog. You will also be able to
download the latest copy of the guide from here.
ntop Guide 1.1
I think ntop is a brilliant tool for seeing what is happening on your
network in realtime. It is Open Source, Free [as in both free speech
and free beer] and in active development. Check back on this page not
ony for latest copy of documentation but also for some screenshots and
use cases for ntop as well as other cool stuff I come across.