I am having some trouble getting started with ntop due to confusion about the meaning of the output. I would greatly appreciate any help from more experienced users of ntop.
Here is an example of my confusion: IP -> Traffic Directions -> Local-to-local brings up a table of "Local IP Traffic". In the left column are all of the local machines. There are columns for "Data Sent" and "Data Received". Since every IP packet that is sent local-to-local must be sent by a local machine and received by a local machine, I expected the numbers in each of these columns to add up to the same amount. However, I must be confused because that is not the case! In a similar vein, I am confused about the tables shown by IP -> Traffic Directions -> Remote-to-Local. In this table, all of the hosts appear to be remote. Since any packet that is going from Remote to Local must be sent by a remote host, I would expect that the "Data Received" column would have all zeros. (Any packet that is received by a remote host cannot be categorized as Remote-to-local.) Again, I must be confused because these numbers are not all zero. So, can anyone clear this up for me? Exactly which IP packets get counted as "Remote-to-Local"? Exactly which row(s) of the table does such a packet contribute to, and in which column(s)? Thanks very much. Matt Stillerman
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
