You should see the new column in the IP Summary | Traffic page, just like you do for other protocols specified in that parameter (HTTP, FTP, etc.)
Sort by that column and look at the host name on the left side... -----Burton > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Robert Eden > Sent: Monday, May 03, 2004 9:56 AM > To: [EMAIL PROTECTED] > Subject: [Ntop] using NTOP to detect virus/worms > > > Howdy all... > > New NTOP user here. Sorry if this is a FAQ, I searched the archives and > didn't find the question. > > NTOP is currently doing a great job showing my network > utilization. I would > also like to use it to track down systems infected with worms when/if they > appear on my network. > > I set up a Protocol.List and added "Sasser-Worm=445|5554|9996". > I don't see > it on the IP/Distribution page, so I assume I'm currently clean. If I do > get a hit however, how can I tell where it came from? > > Is this the sort of thing a plugin is used for? > > Robert > > > > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
