Bill East on 1 Apr 2009 15:38:41 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] ntop cool

On Wed, Apr 1, 2009 at 3:32 PM, brent timothy saner <> wrote:
Hash: SHA1

jeff wrote:
> Through all the playing around I've done with network monitoring, I
> never tried ntop.  I read an article on it and thought it might be an
> interesting idea.
> I got it working but it's of limited use on a switched network.  I hate
> that.  The results were cool enough to want to see them for the whole
> network so I put on my spelunking helmet and navigated the dark caverns
> of switch documentation, in search of how to mirror ports.

just as a side note for the readers, you wouldn't need to mirror ports
if you have a linux router upstream from the switch, since all traffic
passes through it. you can put ntop on that. :)

also useful for sniffing/capturing traffic (as well as a thousand and
one other uses).

I'm glad that Jeff got to see the Egress, I'll also mention that I'm running ntop with a dozen Cisco routers exporting flows (to a poor, tired, snatched from the dumpster D325 running Slack). It is, at times, an insanely useful tool for figuring out which user is sucking up the branch's bandwidth so you can throttle them. Their port. Of course.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --