Hi, Ntopng is great, but sometimes is dificult for me identifying the user who is using more bandwith than it should.
In the traffic dashboard view, it fluctuates a lot, everytime the web refreshes (3 seconds), the top 10 hosts change, if a user is dowloading a file at 300mbps, it should be on the top all the time. Also sometimes I can see impossible data (one host using more than 1gbit/s on a gigabit ethernet). I am not sure if this is a ntopng problem, a nprobe problem, a netflow problem, or if I am missing something in my configuration. Here you can see an animated gif of what happens: https://gfycat.com/WeightyCarefreeAfricanwilddog And this is my configuration: [root@ntopng ~]# cat /etc/ntopng/ntopng.conf -G=/var/run/ntopng.pid --local-networks="192.168.0.0/16,91.xxxx" --interface="tcp://127.0.0.1:5556" [root@ntopng ~]# cat /etc/nprobe/nprobe-none.conf --zmq="tcp://127.0.0.1:5556" --collector-port=9996 -g=/var/run/nprobe-none.pid -i=none -n=none --collector-sample-rate=1000 --upscale-traffic -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_SRC_MASK %IPV4_DST_MASK %L4_SRC_PORT %L4_DST_PORT %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION %SRC_TOS %PROTOCOL %ICMP_TYPE %INPUT_SNMP %SRC_AS %DST_AS %IPV4_NEXT_HOP %IPV6_NEXT_HOP %TCP_FLAGS %OUTPUT_SNMP %IN_BYTES %IN_PKTS %OUT_BYTES %OUT_PKTS %MIN_TTL %MAX_TTL %FIRST_SWITCHED %LAST_SWITCHED %SRC_VLAN %DST_VLAN %DOT1Q_SRC_VLAN %DOT1Q_DST_VLAN %EXPORTER_IPV4_ADDRESS %IN_SRC_MAC %OUT_DST_MAC" -V 9 Thank you in advance. Kind regards, Javier Narvaez _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
