All, I'm new to ntop and trying to figure out if it can answer forensic type questions. For example, if I enable RRD permanent storage, could I go back 2 weeks and see which hosts an entity exchanged data with for a given period of time? Could I further determine which protocols/ports were used and how much data was exchanged? I understand that I would not have full packet captures or anything like that. Are there any books or how-tos describing ways to use ntop (I guess just tips and tricks showing example of how to glean information from ntop).
Thanks! Jeff _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
