Hi, And how do I compile with debug?
Also I noticed some changes in libpcap drop rate after upgrading with "apt-get upgrade" Also, changin Sample Rate. If I set it to 2 or more, libpcap drop rate is 0% If I set it to 0 or 1, libpcap drop rate is, in 10min work time, ~15% and growing over time. How big do you need the pcap file for analyzing it? 1 hour, 1 day....? Thanks Daniel > SVN please > > Regards Luca > > On Oct 12, 2012, at 7:18 PM, Luca Deri <[email protected]> wrote: > >> Daniel, >> please compile ntop with debug information so that we can analyse the >> core >> >> As of dot, it might be your map is too big. >> >> If you want us to improve our DPI library so that we reduce the Unknown >> traffic, I need you to send me a pcap file with full packets I can use >> to check what's going on. >> >> Thanks Luca >> >> >> On Oct 12, 2012, at 7:08 PM, Dpto. Datos Television Costa Blanca >> <[email protected]> wrote: >> >>> Hello again, >>> >>> Also to mention. After a few hours working NTop crashes with this: >>> >>> Oct 12 18:43:11 netanalyzer kernel: [173411.012267] ntop[16461]: >>> segfault at 35382e37 ip 00007f4db7433dba sp 00007f4da8a852c0 error 4 in >>> libc-2.15.so[7f4db73ea000+1b3000] >>> >>> Anything? >>> >>> El 12/10/2012 11:29, Dpto. Datos Television Costa Blanca escribió: >>>> Hello everybody, >>>> >>>> Im testing last NTop stable 5.0.2 with PF_RING from the ubuntu x64 >>>> packages in a Ubuntu 12.04 TLS 64bit version. >>>> The box is a Dual Xeon 2.8GHz (2 physical cores) with 2Gb RAM with a >>>> RAID 1 SCSI 10k rpm 40Gb hard drive. >>>> I have NTop in a mirroed switch port monitoring a 100Mb/s average >>>> network. Peak is about 200Mb/s >>>> >>>> Im having some issues with libpcap packet dropping and also with nDPI. >>>> >>>> In less of an hour running ntop, I have: >>>> Dropped (libpcap) 44.8% 16,262,915 >>>> Dropped (ntop) 0.0% 0 >>>> Total Received (ntop) 36,289,290 >>>> Total Packets Processed 36,289,291 >>>> >>>> WIth pfcount -i eth1 there is no packet drop. >>>> >>>> And in the Application Protocol TAB arround 40~50% of traffic is >>>> unknow while http and bittorrent are really low. HTTP have an average >>>> of 30Mb/s and Bittorrent have 3Mb/s average. And Im very sure there >>>> are more of those. >>>> >>>> I tried opendpi_netfilter before (nDPI based sources) and bittorrent >>>> was arround 40MBit and http arround 60Mbit >>>> >>>> Also some things dont work for me. Like: >>>> IP -> Local -> Network Traffic Map | this keep loading while dot is >>>> consuming 100% CPU >>>> >>>> In the Interface Report TAB, Remote Host Distance graph draw a very >>>> big legend that goes from upper graph to bottom graph. >>>> >>>> Im doing something wrong? >>>> >>>> Thanks in advance. >>>> >>>> PS: Sorry for my english >>>> >>> >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
