I'm running ntopng v. 1.2.1 (r8157) - fantastic product by the way! Loads of useful information, and invaluable for diagnosing network issues.
I'm noticing something odd however. I have historic flows turned on, (i.e. --dump-flows) and as I view the hosts according to throughput or total bytes, I see the traffic direction is often listed incorrectly. I've ran numerous tests to determine how consistent this is. When an internal hosts downloads a ~2GB file from an external internet server, the flow is recorded as the internal host "sending" rather than "receiving". Every way you could read this flow shows the same thing: that the internal host is "sending" 2GB of data. I'm just curious why the flow would be presented that way. In cases of diagnostics, this could be very misleading. Thanks in advance for your help, NeilPage
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
