Closed reggoboy closed 3 years ago
reggoboy
commented
3 years ago I should clarify that I don't expect this community to know what's running on my Mac. I mainly want to understand how "login.microsoftonline.com" is derived in the Client field. Is it based on an IP address that is resolved through nslookup for display purposes? Is there a way to display the IP instead?
(For my reference: https://www.ntop.org/guides/ntopng/web_gui/flows.html?highlight=client)
simonemainardi
commented
3 years ago Click on the host, open its details page. At the bottom you will see "Additional Host Names". This will tell you from where the names are coming from.
simonemainardi
commented
3 years ago You can post a screenshot if you want.
simonemainardi
commented
3 years ago Name was wrongly assigned. I've coded a fix. New dev builds are in progress. Wait a couple of hours, then stopn ntopng, run redis-cli --scan --pattern *ntopng.serialized* | xargs redis-cli del, and restart it. It should be OK.
reggoboy
commented
3 years ago Thanks so much. It appears to be fixed. Now, all references to "login.microsoftonline.com" are gone. The stream that I believe I was looking at before now shows the name of my iMac instead, which makes perfect sense. I'm kind of curious what type of bug would end up displaying "login.microsoftonline.com" instead, but I'll try to get some sleep without knowing the answer to that ;-)
For the record, shortly after my previous post, the ntopng web app started saying "connection refused". Did you push something down dynamically? So I had to reboot to get it working, at which time the problem went away. I did NOT have to download the new build or run the redis-cli command above. In fact, I can't find that cli anywhere:
$ find / -name redis-cli 2> /dev/null
$
So whatever fixed it, did not involve either of those two steps. Still, I have downloaded and am running the new build.
Thanks again!
reggoboy
commented
3 years ago For the record, I took some screen shots before the "fix. Here you can see that top hitter:
And here you can see the details on it:
Hello guys,
I have >200 Mbps on my LAN that is originating from a Client labeled as login.microsoftonline.com. The Server is my NAS.
How can I figure out what this login.microsoftonline.com client is? I do have a backup running from my Mac to my NAS. But login.microsoftonline.com is obviously not the hostname of my Mac, nor does that match a reverse nslookup.
The client port is:
login.microsoftonline.com:49297
Looking this up via:
$ netstat -anv | grep 49297
displays PID=0, which makes no sense.
Any help in understanding where "login.microsoftonline.com" is coming from is greatly appreciated!