Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NTop>
  3. Users
How to monitor external traffic by internal IP.
achowe at snert
Jun 14, 2001, 7:26 AM
Post #1 of 3 (963 views)
Permalink
A company has asked me if it is possible to monitor the external
(internet) traffic flow by internal ip (192.168.0.x), so that they can
perform some sort of billing on bandwidth for their clients who rent
office space in the building. The SAGE list suggested that ntop might
be able to do this.

So fair I haven't figure out, with the given set of options on ntop-1.1
how to do this. I initially figured that I would observer the external
interface, but reasoned this would only give me all traffic from the
external IP of the firewall (of course I haven't been able to test this
yet since the machine hasn't been purchased and built).

If I monitor the traffic on the internal interface of the firewall then
I end up including traffic to the ethernet printer and between offices,
which is a free service.

So how do I monitor internal IPs usage of the external firewall
interface?

Is this something ntop can do by default (even the 2.0.beta)? Or do I
need a plugin? Does one exist? Do I have to write one? If so, is the
API clearly documented, since "use the source Luke" takes too long?

--
Anthony C Howe +33 6 11 89 73 78
http://www.snert.com/ ICQ# 7116561
"Microsoft (cough, sputter, spit, !@#$%) ..."
RE: How to monitor external traffic by internal IP. [ In reply to ]
dcolquho at opentext
Jun 14, 2001, 7:41 AM
Post #2 of 3 (951 views)
Permalink
Using -m <network address>/<# subnet mask bits>[,<network
the local subnet (this is in the man page). Then it's simply a matter
of looking at the host info report for the host you wish and it will
classify the traffic as local or remote, give you an MB total and
percentage breakdown. You should position your box on the inside of the
firewall. As always, do some checks first to make sure all your traffic
numbers jive before you start using Ntop as a meter maid.


> -----Original Message-----
> From: ntop-admin@unipi.it [mailto:ntop-admin@unipi.it] On
> Behalf Of Anthony Howe
> Sent: June 14, 2001 10:27 AM
> To: ntop maillist
> Subject: [Ntop] How to monitor external traffic by internal IP.
>
>
> A company has asked me if it is possible to monitor the external
> (internet) traffic flow by internal ip (192.168.0.x), so that they can
> perform some sort of billing on bandwidth for their clients who rent
> office space in the building. The SAGE list suggested that ntop might
> be able to do this.
>
> So fair I haven't figure out, with the given set of options
> on ntop-1.1
> how to do this. I initially figured that I would observer
> the external
> interface, but reasoned this would only give me all traffic from the
> external IP of the firewall (of course I haven't been able to
> test this
> yet since the machine hasn't been purchased and built).
>
> If I monitor the traffic on the internal interface of the
> firewall then
> I end up including traffic to the ethernet printer and
> between offices,
> which is a free service.
>
> So how do I monitor internal IPs usage of the external firewall
> interface?
>
> Is this something ntop can do by default (even the 2.0.beta)? Or do I
> need a plugin? Does one exist? Do I have to write one? If
> so, is the
> API clearly documented, since "use the source Luke" takes too long?
>
> --
> Anthony C Howe +33 6 11 89 73 78
> http://www.snert.com/ ICQ# 7116561
> "Microsoft (cough, sputter, spit, !@#$%) ..."
> _______________________________________________
> Ntop mailing list
> Ntop@unipi.it
> http://listmanager.unipi.it/mailman/listinfo/ntop
>
Re: How to monitor external traffic by internal IP. [ In reply to ]
achowe at snert
Jun 14, 2001, 8:58 AM
Post #3 of 3 (959 views)
Permalink
I tried this using the -m option for my server, which lies on a
different class C from the network/mask I specified as being the local
subnet for -m. The machine running ntop shows the Host Location as
being in the local subnet even though I didn't specify it.

The Data Rcvd / Sent lines (coloured in baby-blue and pink) only show
percentages (but I'm still only trying out ntop-1.1). No MB totals.
I'm I to understand that 2.0 shows both for these table entries in MB &
percentages?

Also I'm somewhat confused by these host reports - one field says its a
"remote" machine but all the Data Rcvd / Sent is 100% local in some
instances. I'm having a little trouble interperting this.

Anthony Howe

> Using -m <network address>/<# subnet mask bits>[,<network
> address>/<# subnet mask bits>] you should be able to specify
> the local subnet (this is in the man page). Then it's simply a matter
> of looking at the host info report for the host you wish and it will
> classify the traffic as local or remote, give you an MB total and
> percentage breakdown. You should position your box on the inside of the
> firewall. As always, do some checks first to make sure all your traffic
> numbers jive before you start using Ntop as a meter maid.



--
Anthony C Howe +33 6 11 89 73 78
http://www.snert.com/ ICQ# 7116561
"Microsoft (cough, sputter, spit, !@#$%) ..."

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal