It's "funny" how many questions are related to the purging of idle hosts/sessions.
By default, when hosts are idle for n mins (forget the default), it's purged/erased/deleted/etc. GONE! You can do three things: 1.) Nothing - just accept / understand this is how it works. 2.) Enable "sticky-hosts", read the FAQ / man and be careful. 3.) Tweak the idle timers in the source. MAYBE only on globals-define.h, but I forget exactly. Let's say I have a network range, /24 - or 254 hosts. But, lets say there are really no hosts on it; zero. You browse that range in ntop and it's zero. Cool right? Now you run a scan / ping sweep / broadcast ping / etc and an arp is issued for every IP on that range. Even though nothing is there, nTop *MAY* show 254 hosts... I say MAY because it MAY depend on if you're using netflow or libpcap to populate ntop - I don't recall which option leads to which behavior. I just recall that with netflow when my "Security" team's "AWESOME" AV software (eTrust) would scan my ENTIRE LAN range, I'd end up with 64,000+ hosts! Not good! See my warning on sticky-hosts... So no, host count is not cumulative; it's dynamic based on the number of "Active" hosts at that period of time. You can view the Host History reports and see the historical data, trends, etc. HTH G -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Eric Rogers Sent: Thursday, March 25, 2010 4:53 PM To: [email protected] Subject: [Ntop] Total number of local hosts... Hello all! I am trying to ensure that I am seeing all local hosts in the ntop reports. I am looking to get a total number of hosts that access the internet and the numbers appear to be way off. Any guidance would be appreciated. I have gone to Summery | hosts and sorted the list and found the IP range I was interested in. But I wonder if hosts are automatically deleted after X days or if this report should reflect all hosts from the first date ntop started collecting. Thanks to all for any direct you can provide! -Eric _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
