Peter analysing only one traffic direction will break (most of) nDPI. Please don;t do that.
As you’re asking several questions, I suggest you to file individual issues on https://github.com/ntop/ntopng/issues so we can answer one by one Luca > On 29 Aug 2016, at 23:36, Peter Shute <psh...@nuw.org.au> wrote: > > I've now got NetFlow data being logged in MySQL via nprobe and ntopng. I'm > mostly interested in analysing the inbound traffic from the internet to help > me find out why we're going over our ISP's download quota. For example, I'd > like to find out which device here downloaded the most from the internet > yesterday. > > I assumed I must use the Historical Data Explorer, but I can't see any way to > filter out all the other flows - ie internal and outgoing. I think I need to > look at just the flows where the src ip address is not 192.168.x.y and the > dst ip address is 192.168.x.y. > > I've defined a Traffic Profile called "Incoming only" as "dst net 192.168 and > not src net 192.168", but the only place I can see to use this is to click on > Interfaces, then select my interface, then click on the funny little symbol > that I think is a doctor with a stethoscope, and then on the chart symbol > beside the "Incoming only" profile name. (Can I suggest tool tips for all > the symbols so one doesn't have to click on them to find out what they are?) > > But then what? I'd like to be able to select a data range that covers, say, > yesterday from midnight to midnight, and see which address downloaded the > most data. I can choose a one day range, but it will end at the current time. > And I can't see how to get a list of top downloaders for that whole day. If I > hover over the chart, it shows a list which I think is for that minute only. > And it lists senders and receivers - how can there be both if my filter only > matches external sources and internal destinations? > > If I choose a week for the chart length, it still ends at the current time, > and I think it still shows the top senders and receivers for one minute > periods. I can't tell for sure which day I've chosen because it only displays > times, not dates. (Could I suggest that dates are also shown, or at least a > clear vertical line for each midnight?) > > Am I looking in the wrong place for the data I want? Or do I need to query > the MySQL database myself? > > Peter Shute > _______________________________________________ > Ntop-misc mailing list > Ntop-misc@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
