[ale] experimenting with ntop - very cool, but a question
Greg Freemyer
greg.freemyer at gmail.com
Fri Mar 13 17:30:33 EDT 2009
All,
If your into networking at all, you should try out ntop. I'm running
it by launching ntop from a console, then accessing the charts / views
via http://localhost:3000. When I launched the cli, it asked me for a
password.
I installed vuze on my workstation a couple days ago to see what it was about.
Sort of cool, but I was curious if it was doing anything in the
background after I "exited" it. Nothing obvious in the process table,
but I had a little icon down in the task bar.
I fired up ntop to look at my current network traffic and I'm talking
to possibly as many as 1000 different computers. Must be udp because
I don't see many open sockets.
I know its vuze because I exited the program via the taskbar icon and
the traffic went away, but is there a easy way using ntop (or other)
to see which process is sending / receiving udp traffic?
Can't say i've thought much about udp abuse before.
Thanks
Greg
--
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
First 99 Days Litigation White Paper -
http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf
The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com
More information about the Ale
mailing list