Hello
ntop seems to set the 'first','last' timestamp fields of the exported flows
to the time it actually sends them. I guess this is wrong, first should at
least be the time when the flow first reaches the router. Example with
a timedout session:
+---------------------+---------------+---------------+----+-------+---+
| t | s | d | dP | dO | p |
+---------------------+---------------+---------------+----+-------+---+
| 2002-04-11 18:13:59 | 204.71.140.70 | 212.117.64.2 | 28 | 33793 | 6 |
| 2002-04-11 18:13:59 | 212.117.64.2 | 204.71.140.70 | 0 | 0 | 6 |
| 2002-04-11 18:18:13 | 204.71.140.70 | 212.117.64.2 | 4 | 679 | 6 |
| 2002-04-11 18:18:13 | 212.117.64.2 | 204.71.140.70 | 0 | 0 | 6 |
| 2002-04-11 18:18:13 | 204.71.140.70 | 212.117.64.2 | 4 | 683 | 6 |
| 2002-04-11 18:18:13 | 212.117.64.2 | 204.71.140.70 | 0 | 0 | 6 |
| 2002-04-11 18:18:13 | 204.71.140.70 | 212.117.64.2 | 4 | 612 | 6 |
| 2002-04-11 18:18:13 | 212.117.64.2 | 204.71.140.70 | 0 | 0 | 6 |
| 2002-04-11 18:18:13 | 204.71.140.70 | 212.117.64.2 | 20 | 21830 | 6 |
| 2002-04-11 18:18:13 | 212.117.64.2 | 204.71.140.70 | 0 | 0 | 6 |
+---------------------+---------------+---------------+----+-------+---+
The flow was generated by the same "wget -r www.cw.com". After the first
export I waited.. and waited.. got bored and hit the shutdown button on the
web interface. Then suddenly the rest of the flows came throug.
(the byte and packet counters are absolutely correct, the null lines are
due to asymetric routing)
bye,
-christian-
--
Christian Hammers WESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet & Security for Professionals Fax 0241/911879
WESTEND ist CISCO Systems Partner - Authorized Reseller
_______________________________________________
Ntop-dev mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop-dev
