Hi,
Ntopng is great, but sometimes is dificult for me identifying the user who is using more bandwith than it should.
In the traffic dashboard view, it fluctuates a lot, everytime the web refreshes (3 seconds), the top 10 hosts change, if a user is dowloading a file at 300mbps, it should be on the top all the time. Also sometimes I can see impossible data (one host using more than 1gbit/s on a gigabit ethernet).
I am not sure if this is a ntopng problem, a nprobe problem, a netflow problem, or if I am missing something in my configuration.
Here you can see an animated gif of what happens: https://gfycat.com/WeightyCarefreeAfricanwilddog
And this is my configuration:
[root@ntopng ~]# cat /etc/ntopng/ntopng.conf
-G=/var/run/ntopng.pid
--local-networks="192.168.0.0/16,91.xxxx"
--interface="tcp://127.0.0.1:5556"
[root@ntopng ~]# cat /etc/nprobe/nprobe-none.conf
--zmq="tcp://127.0.0.1:5556"
--collector-port=9996
-g=/var/run/nprobe-none.pid
-i=none
-n=none
--collector-sample-rate=1000
--upscale-traffic
-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_SRC_MASK %IPV4_DST_MASK %L4_SRC_PORT %L4_DST_PORT %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %SRC_TOS %PROTOCOL %ICMP_TYPE %INPUT_SNMP %SRC_AS %DST_AS %IPV4_NEXT_HOP %IPV6_NEXT_HOP %TCP_FLAGS %OUTPUT_SNMP %IN_BYTES %IN_PKTS %OUT_BYTES %OUT_PKTS %MIN_TTL %MAX_TTL %FIRST_SWITCHED %LAST_SWITCHED %SRC_VLAN %DST_VLAN %DOT1Q_SRC_VLAN %DOT1Q_DST_VLAN %EXPORTER_IPV4_ADDRESS %IN_SRC_MAC %OUT_DST_MAC"
-V 9
Thank you in advance.
Kind regards,
Javier Narvaez
_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Ntopng is great, but sometimes is dificult for me identifying the user who is using more bandwith than it should.
In the traffic dashboard view, it fluctuates a lot, everytime the web refreshes (3 seconds), the top 10 hosts change, if a user is dowloading a file at 300mbps, it should be on the top all the time. Also sometimes I can see impossible data (one host using more than 1gbit/s on a gigabit ethernet).
I am not sure if this is a ntopng problem, a nprobe problem, a netflow problem, or if I am missing something in my configuration.
Here you can see an animated gif of what happens: https://gfycat.com/WeightyCarefreeAfricanwilddog
And this is my configuration:
[root@ntopng ~]# cat /etc/ntopng/ntopng.conf
-G=/var/run/ntopng.pid
--local-networks="192.168.0.0/16,91.xxxx"
--interface="tcp://127.0.0.1:5556"
[root@ntopng ~]# cat /etc/nprobe/nprobe-none.conf
--zmq="tcp://127.0.0.1:5556"
--collector-port=9996
-g=/var/run/nprobe-none.pid
-i=none
-n=none
--collector-sample-rate=1000
--upscale-traffic
-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_SRC_MASK %IPV4_DST_MASK %L4_SRC_PORT %L4_DST_PORT %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %SRC_TOS %PROTOCOL %ICMP_TYPE %INPUT_SNMP %SRC_AS %DST_AS %IPV4_NEXT_HOP %IPV6_NEXT_HOP %TCP_FLAGS %OUTPUT_SNMP %IN_BYTES %IN_PKTS %OUT_BYTES %OUT_PKTS %MIN_TTL %MAX_TTL %FIRST_SWITCHED %LAST_SWITCHED %SRC_VLAN %DST_VLAN %DOT1Q_SRC_VLAN %DOT1Q_DST_VLAN %EXPORTER_IPV4_ADDRESS %IN_SRC_MAC %OUT_DST_MAC"
-V 9
Thank you in advance.
Kind regards,
Javier Narvaez
_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc