Hi Lego,
On Mon, 2006-04-10 at 01:14 +0200, LEGO wrote:
> Almost (if not every) thing you request is already available in ntop.
>
> http://www.ntop.org
Thanks for the suggestion, but I'm afraid I have to disagree. Almost all
of the features I listed as requirements or criteria for this simple
interface are NOT in ntop, at least version 3.1rc1:
The only line chart is "Network Load Statistics", which is not broken
down by anything. You can click on this chart, but the resulting numbers
in the "Network Load Statistics Matrix" bear no relation to the chart
whatsoever. Apart from that, there are only a few pie charts, which are
much less useful.
The per-host statistics that it does provide are confusing and difficult
to read. It's not possible to drill down from the host level into useful
statistics about per-port traffic for that host.
The sum total of information on the "network flows" page: rrdPlugin 0 0
(yes, I did configure the rrd plugin).
For most reports, it's not clear over what period the data is collected,
but it seems to be a total for the entire time that ntop was running.
This is nothing like real-time. You definitely cannot select a time
period and show statistics for just that period.
All manner of relatively useless information is shown, such as
distribution of TTLs and packet sizes, especially on the home/traffic
summary page!
The report "TCP/UDP Traffic Port Distribution: Last Minute View" is
useless, it doesn't even state what units it is in (packets or bytes or
Martians).
The data shown in many places is self-inconsistent, and even says things
like "The total of the values will NOT be 100% as local traffic will be
counted TWICE (once as sent and again as received)." This makes it
difficult to interpret and scares users.
It does not have any way to alert the administrator of excessive
traffic, and makes it pretty damn difficult to track down that traffic
once you know that it exists. For this purpose, it provides far too many
useless statistics while not giving enough useful ones.
I would rather use a packet sniffer than use ntop to diagnose a network
bandwidth issue. This is not the tool I'm looking for. I think it would
be easier to make Ethereal into that tool than ntop.
Cheers, Chris.
--
___ __ _
/ __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |