[ale] experimenting with ntop - very cool, but a question

Greg Freemyer greg.freemyer at gmail.com
Fri Mar 13 17:30:33 EDT 2009


All,

If your into networking at all, you should try out ntop.  I'm running
it by launching ntop from a console, then accessing the charts / views
via http://localhost:3000.  When I launched the cli, it asked me for a
password.

I installed vuze on my workstation a couple days ago to see what it was about.

Sort of cool, but I was curious if it was doing anything in the
background after I "exited" it.  Nothing obvious in the process table,
but I had a little icon down in the task bar.

I fired up ntop to look at my current network traffic and I'm talking
to possibly as many as 1000 different computers.  Must be udp because
I don't see many open sockets.

I know its vuze because I exited the program via the taskbar icon and
the traffic went away, but is there a easy way using ntop (or other)
to see which process is sending / receiving udp traffic?

Can't say i've thought much about udp abuse before.

Thanks
Greg
-- 
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
First 99 Days Litigation White Paper -
http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com


More information about the Ale mailing list