Hi Luca,
> due to popular demand I included in the current CVS a feature I planned
> for future releases. As someone noticed, due to the number of operations
> ntop has to perform on each packet, ntop is sometimes unable to keep up
> with high traffic. For this reason i have added the -A <accuracy level>
> flag:
>
> <accuracy level>
> 0: low accuracy
> 1: medium accuracy
> 2: high accuracy (default)
>
> Level 2 (high accuracy) is full accuracy. Level 1 (medium accuracy):
> ntop filters out non-local traffic and disables protocol decoding. Level
> 0 (low accuracy): ntop acts as level 1 and also disables TCP session
> handling. This flag has to be used when the network is overloaded and
> ntop can't keep up with the current traffic.
That's great. Thank you, this is much appreciated.
> Please run ntop and let me know if this is what you asked for hence
> finally release v.2.
On my system (Dual-Pentium 3, Linux, ntop compiled with tcpwrapper), the
current snapshot (01-12-17) doesn't work as expected:
First of all, some bugs which appear with all accuracy levels:
ntop doesn't show the "Global TCP/UDP Protocol Distribution" in Stats -
Traffic (see attached file)
ntop doesn't use the "-m" command line switch as expected. If I define
my local net, which is connected through a router, via "-m <local net>"
only exactly one computer (I suppose the first ntop sees) appears in the
stats with all the traffic of the local net. Normally you want to see
all your local boxes.
Not always but most of the time, ntop only show a nearly empty html page
when clicking on "Data Sent - TCP/UDP" or "Data Rcvd - TCP/UDP". The
last html line is:
<TH ><A HREF=/sortDataSentIP.html?98>Domain</A></TH><TH COLSPAN=2><A
HREF=/sortDataSentIP.html?-0>Sent <IMG SRC=arrow_down.gif
BORDER=0></A></TH>
ntop often crashes when I want to have a closer look at a host and look
at a html file <host IP addr.>.html, for example 1.0.0.0.html.
With accuracy level 0 ntop declares much traffic (half of the traffic)
as multicast, but it isn't multicast (see attached file).
With accuracy level 1 ntop doesn't map the non-local hosts to the one
host 0.1.2.3, as expected, but it works as level 2 except protocol
handling.
My experiences show that the protocol handling is not the important
thing when ntop has to handle much traffic, the session handling and the
much computers are important. The protocol handling indeed doesn't take
much CPU time and provides a lot of information, the protocol handling
is in my opinion one of the most important features of ntop. I think it
would be better to let the protocol handling untouched and perhaps to
provide an accuracy level 3 without protocol handling, but I think this
isn't necessary.
Did other mailinglist users make the same experience or have other
suggestions?
CU,
Michael
--
Michael Weidel, University of Ulm
Computing Center Network Administration
EMAIL: [EMAIL PROTECTED]
WWW (PGP-KEY): http://www.weidel.org/
Global Traffic Statistics
| Nw Interface Type | eth1 (Ethernet) [0.0.0.0/255.255.255.255] |
|---|
| Local Domain Name | uni-ulm.de |
|---|
| Sampling Since | Mon Dec 17 09:29:53 2001
[26:06] |
|---|
| Packets |
| Total | 16,027,819 |
|---|
| Dropped by the kernel | 10 |
|---|
| Dropped by ntop | 0 |
|---|
| Unicast | 52.3% | 8,375,502 |
|---|
| Broadcast | 47.7% | 7,652,317 |
|---|
 |
|---|
| Shortest | 42 bytes |
|---|
| Average Size | 820 bytes |
|---|
| Longest | 1,514 bytes |
|---|
| < 64 bytes | 38.1% | 6,105,709 |
|---|
| < 128 bytes | 12.1% | 1,943,517 |
|---|
| < 256 bytes | 3.3% | 536,706 |
|---|
| < 512 bytes | 4.4% | 698,425 |
|---|
| < 1024 bytes | 12.2% | 1,962,823 |
|---|
| < 1518 bytes | 29.8% | 4,780,639 |
|---|
| > 1518 bytes | 0.0% | 0 |
|---|
 |
|---|
| Packets too long [> 1514] | 0.0% | 0 |
|---|
| Bad Packets (Checksum) | 0.0% | 0 |
|---|
|
|---|
| Traffic |
| Total | 8.5 GB |
|---|
| IP Traffic | 8.5 GB |
|---|
| Fragmented IP Traffic | 495.1 KB [0.0%] |
|---|
| Non IP Traffic | 15.0 KB |
|---|
 |
|---|
|
|---|
| Network Load |
| Actual | 43.8 Mbps | 9391.0 Pkts/sec |
|---|
| Last Minute | 47.9 Mbps | 10280.8 Pkts/sec |
|---|
| Last 5 Minutes | 45.1 Mbps | 10246.5 Pkts/sec |
|---|
| Peak | 54.1 Mbps | 12080.0 Pkts/sec |
|---|
| Average | 44.6 Mbps | 10234.9 Pkts/sec |
|---|
|
|---|
Global Protocol Distribution
| Protocol | Data | Percentage |
|---|
| IP | 8.5 GB (100.0%) | | TCP | 7.9 GB | |
|---|
| UDP | 139.2 MB | |
|---|
| ICMP | 4.1 MB | |
|---|
| Other IP | 121.5 KB | |
|---|
|
|---|
| (R)ARP | 11.5 KB | |
|---|
| IGMP | 4.6 KB | |
|---|
 |
Global TCP/UDP Protocol Distribution
| TCP/UDP Protocol | Data | Percentage |
|---|
|
