Do you save pcap files using tcpdump? If not, try doing it. Yuri Sent from my iPhone
Il giorno 17/ott/2012, alle ore 14:27, "Dpto. Datos Television Costa Blanca" <[email protected]> ha scritto: > Hi > > After changing -O2 with -g in the Makefile, ntop still compiling without > debug. > > In the other hand. How do you need the pcap file for analyzing all the unknow > traffic? > > Also, If I set -x to 150000 and -X to 300000 pcap dropped packets goes to > +1000% (1 thousand). > > Thanks, > > --Daniel > > El 15/10/2012 9:02, Luca Deri escribió: >> On 10/13/2012 10:59 AM, [email protected] wrote: >>> Hi, >>> >>> And how do I compile with debug? >> Replace -O2 with -g into the Makefile file >> >>> >>> Also I noticed some changes in libpcap drop rate after upgrading with >>> "apt-get upgrade" >>> Also, changin Sample Rate. >>> >>> If I set it to 2 or more, libpcap drop rate is 0% >>> If I set it to 0 or 1, libpcap drop rate is, in 10min work time, ~15% and >>> growing over time. >>> >>> How big do you need the pcap file for analyzing it? 1 hour, 1 day....? >> large enough to reproduce the problem >> >> Luca >>> >>> Thanks >>> >>> Daniel >>> >>>> SVN please >>>> >>>> Regards Luca >>>> >>>> On Oct 12, 2012, at 7:18 PM, Luca Deri <[email protected]> wrote: >>>> >>>>> Daniel, >>>>> please compile ntop with debug information so that we can analyse the >>>>> core >>>>> >>>>> As of dot, it might be your map is too big. >>>>> >>>>> If you want us to improve our DPI library so that we reduce the Unknown >>>>> traffic, I need you to send me a pcap file with full packets I can use >>>>> to check what's going on. >>>>> >>>>> Thanks Luca >>>>> >>>>> >>>>> On Oct 12, 2012, at 7:08 PM, Dpto. Datos Television Costa Blanca >>>>> <[email protected]> wrote: >>>>> >>>>>> Hello again, >>>>>> >>>>>> Also to mention. After a few hours working NTop crashes with this: >>>>>> >>>>>> Oct 12 18:43:11 netanalyzer kernel: [173411.012267] ntop[16461]: >>>>>> segfault at 35382e37 ip 00007f4db7433dba sp 00007f4da8a852c0 error 4 in >>>>>> libc-2.15.so[7f4db73ea000+1b3000] >>>>>> >>>>>> Anything? >>>>>> >>>>>> El 12/10/2012 11:29, Dpto. Datos Television Costa Blanca escribió: >>>>>>> Hello everybody, >>>>>>> >>>>>>> Im testing last NTop stable 5.0.2 with PF_RING from the ubuntu x64 >>>>>>> packages in a Ubuntu 12.04 TLS 64bit version. >>>>>>> The box is a Dual Xeon 2.8GHz (2 physical cores) with 2Gb RAM with a >>>>>>> RAID 1 SCSI 10k rpm 40Gb hard drive. >>>>>>> I have NTop in a mirroed switch port monitoring a 100Mb/s average >>>>>>> network. Peak is about 200Mb/s >>>>>>> >>>>>>> Im having some issues with libpcap packet dropping and also with nDPI. >>>>>>> >>>>>>> In less of an hour running ntop, I have: >>>>>>> Dropped (libpcap) 44.8% 16,262,915 >>>>>>> Dropped (ntop) 0.0% 0 >>>>>>> Total Received (ntop) 36,289,290 >>>>>>> Total Packets Processed 36,289,291 >>>>>>> >>>>>>> WIth pfcount -i eth1 there is no packet drop. >>>>>>> >>>>>>> And in the Application Protocol TAB arround 40~50% of traffic is >>>>>>> unknow while http and bittorrent are really low. HTTP have an average >>>>>>> of 30Mb/s and Bittorrent have 3Mb/s average. And Im very sure there >>>>>>> are more of those. >>>>>>> >>>>>>> I tried opendpi_netfilter before (nDPI based sources) and bittorrent >>>>>>> was arround 40MBit and http arround 60Mbit >>>>>>> >>>>>>> Also some things dont work for me. Like: >>>>>>> IP -> Local -> Network Traffic Map | this keep loading while dot is >>>>>>> consuming 100% CPU >>>>>>> >>>>>>> In the Interface Report TAB, Remote Host Distance graph draw a very >>>>>>> big legend that goes from upper graph to bottom graph. >>>>>>> >>>>>>> Im doing something wrong? >>>>>>> >>>>>>> Thanks in advance. >>>>>>> >>>>>>> PS: Sorry for my english >>>>>> >>>>>> _______________________________________________ >>>>>> Ntop mailing list >>>>>> [email protected] >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop > > -- > Daniel Baeza > COR TVT > Dpto. Datos TVT > Television Costa Blanca S.L. > Telf. 966190565 > WEB: http://www.tvt.es > Correo: [email protected] > > --AVISO LEGAL-- > En cumplimiento de la Ley Orgánica 15/1999, de 13 de diciembre de protección > de datos de carácter personal, se pone en conocimiento del destinatario del > presente correo electrónico, que los datos incluidos en este mensaje, están > dirigidos exclusivamente al citado destinatario cuyo nombre aparece en el > encabezamiento, por lo que si usted no es la persona interesada rogamos nos > comunique el error de envío y se abstenga de realizar copias del mensaje o de > los datos contenidos en el mismo o remitirlo o entregarlo a otra persona, > procediendo a borrarlo de inmediato. > Asimismo le informamos que sus datos de correo han quedado incluidos en > nuestra base de datos a fin de dirigirle, por este medio, comunicaciones > comerciales, profesionales e informativas y que usted dispone de los derechos > de acceso, rectificación, cancelación y especificación de los mismos, > derechos que podrá hacer efectivos dirigiéndose a Televisión Costablanca, > S.L., C/ San Policarpo 41 Bajo. C.P: 03181 Torrevieja (Alicante). > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
