Hi, I've made some tests with nprobe 4.9.4 and nprobe 5.2.9 and i've encountered two issues :o(.
The first one is with the 4.9.4 version: When a great amount of udp fragmented (more than 400000/s) packets is analysed, nprobe start to loose packets. I've checked the code and the problem seem to be located on the fragmented subroutine. If i reduce the delay for the "lastSeen" from 30 seconds ( hardcoded) to less, the issue disapear but the probe produce more flows per seconds. The second one with the 4.9.4 version: I have to change imcrement the MAX_EXPORT_QUEUE_LEN to a bigger value (524280) of handling the workflow :o( The first one is with the 5.2.9 version: - the netflow v9 generated packets dont contain the "right" size of the messages on the "in_bytes" section. - The flow generated with the 4.9.4 are "ok" but i'm looking for something possibily better since i've seem some interresting change on the fragment handling method. The second one with the 5.2.9 version: I have to change imcrement the MAX_EXPORT_QUEUE_LEN to a bigger value (524280) of handling the workflow :o( I'm available if someone whant more informations. Thanks in advance, _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
