Daniel ntop has been designed for little traffic (100/200 Mbit). Drops lead DPI to fail etc etc. You should use nprobe as pre-processor that sends flows to ntop
Luca On Oct 17, 2012, at 7:18 PM, Dpto. Datos Television Costa Blanca <[email protected]> wrote: > Hi Yuri, > > Dont know what you mean. I have few things ongoing on that list. > > 1.- An error that makes ntop crash: > > kernel: [173411.012267] ntop[16461]: > segfault at 35382e37 ip 00007f4db7433dba sp 00007f4da8a852c0 error 4 in > libc-2.15.so[7f4db73ea000+1b3000] > > 2.- Lots and lots of libpcap dropped packets in ntop. About 50-75%. If I set > -x and -X to a higher value, drops goes to 1000% > > 3.- Like 70% of the traffic is marked as unknow. Luca told me to send a dump > of packets. I asked if he needs something especial. > > In this point, like 30 seconds of capture are like 1Gb+ of dump. I can PM you > Luca and give temp access to the machine, so i think will be easiest for your > team to check the traffic. > > Thanks. > > --Daniel > > El 17/10/2012 19:08, Francalacci Yuri escribió: >> Do you save pcap files using tcpdump? If not, try doing it. >> Yuri >> >> Sent from my iPhone >> >> Il giorno 17/ott/2012, alle ore 14:27, "Dpto. Datos Television Costa Blanca" >> <[email protected]> ha scritto: >> >>> Hi >>> >>> After changing -O2 with -g in the Makefile, ntop still compiling without >>> debug. >>> >>> In the other hand. How do you need the pcap file for analyzing all the >>> unknow traffic? >>> >>> Also, If I set -x to 150000 and -X to 300000 pcap dropped packets goes to >>> +1000% (1 thousand). >>> >>> Thanks, >>> >>> --Daniel >>> >>> El 15/10/2012 9:02, Luca Deri escribió: >>>> On 10/13/2012 10:59 AM, [email protected] wrote: >>>>> Hi, >>>>> >>>>> And how do I compile with debug? >>>> Replace -O2 with -g into the Makefile file >>>> >>>>> Also I noticed some changes in libpcap drop rate after upgrading with >>>>> "apt-get upgrade" >>>>> Also, changin Sample Rate. >>>>> >>>>> If I set it to 2 or more, libpcap drop rate is 0% >>>>> If I set it to 0 or 1, libpcap drop rate is, in 10min work time, ~15% and >>>>> growing over time. >>>>> >>>>> How big do you need the pcap file for analyzing it? 1 hour, 1 day....? >>>> large enough to reproduce the problem >>>> >>>> Luca >>>>> Thanks >>>>> >>>>> Daniel >>>>> >>>>>> SVN please >>>>>> >>>>>> Regards Luca >>>>>> >>>>>> On Oct 12, 2012, at 7:18 PM, Luca Deri <[email protected]> wrote: >>>>>> >>>>>>> Daniel, >>>>>>> please compile ntop with debug information so that we can analyse the >>>>>>> core >>>>>>> >>>>>>> As of dot, it might be your map is too big. >>>>>>> >>>>>>> If you want us to improve our DPI library so that we reduce the Unknown >>>>>>> traffic, I need you to send me a pcap file with full packets I can use >>>>>>> to check what's going on. >>>>>>> >>>>>>> Thanks Luca >>>>>>> >>>>>>> >>>>>>> On Oct 12, 2012, at 7:08 PM, Dpto. Datos Television Costa Blanca >>>>>>> <[email protected]> wrote: >>>>>>> >>>>>>>> Hello again, >>>>>>>> >>>>>>>> Also to mention. After a few hours working NTop crashes with this: >>>>>>>> >>>>>>>> Oct 12 18:43:11 netanalyzer kernel: [173411.012267] ntop[16461]: >>>>>>>> segfault at 35382e37 ip 00007f4db7433dba sp 00007f4da8a852c0 error 4 in >>>>>>>> libc-2.15.so[7f4db73ea000+1b3000] >>>>>>>> >>>>>>>> Anything? >>>>>>>> >>>>>>>> El 12/10/2012 11:29, Dpto. Datos Television Costa Blanca escribió: >>>>>>>>> Hello everybody, >>>>>>>>> >>>>>>>>> Im testing last NTop stable 5.0.2 with PF_RING from the ubuntu x64 >>>>>>>>> packages in a Ubuntu 12.04 TLS 64bit version. >>>>>>>>> The box is a Dual Xeon 2.8GHz (2 physical cores) with 2Gb RAM with a >>>>>>>>> RAID 1 SCSI 10k rpm 40Gb hard drive. >>>>>>>>> I have NTop in a mirroed switch port monitoring a 100Mb/s average >>>>>>>>> network. Peak is about 200Mb/s >>>>>>>>> >>>>>>>>> Im having some issues with libpcap packet dropping and also with nDPI. >>>>>>>>> >>>>>>>>> In less of an hour running ntop, I have: >>>>>>>>> Dropped (libpcap) 44.8% 16,262,915 >>>>>>>>> Dropped (ntop) 0.0% 0 >>>>>>>>> Total Received (ntop) 36,289,290 >>>>>>>>> Total Packets Processed 36,289,291 >>>>>>>>> >>>>>>>>> WIth pfcount -i eth1 there is no packet drop. >>>>>>>>> >>>>>>>>> And in the Application Protocol TAB arround 40~50% of traffic is >>>>>>>>> unknow while http and bittorrent are really low. HTTP have an average >>>>>>>>> of 30Mb/s and Bittorrent have 3Mb/s average. And Im very sure there >>>>>>>>> are more of those. >>>>>>>>> >>>>>>>>> I tried opendpi_netfilter before (nDPI based sources) and bittorrent >>>>>>>>> was arround 40MBit and http arround 60Mbit >>>>>>>>> >>>>>>>>> Also some things dont work for me. Like: >>>>>>>>> IP -> Local -> Network Traffic Map | this keep loading while dot is >>>>>>>>> consuming 100% CPU >>>>>>>>> >>>>>>>>> In the Interface Report TAB, Remote Host Distance graph draw a very >>>>>>>>> big legend that goes from upper graph to bottom graph. >>>>>>>>> >>>>>>>>> Im doing something wrong? >>>>>>>>> >>>>>>>>> Thanks in advance. >>>>>>>>> >>>>>>>>> PS: Sorry for my english >>>>>>>> _______________________________________________ >>>>>>>> Ntop mailing list >>>>>>>> [email protected] >>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>>> _______________________________________________ >>>>>>> Ntop mailing list >>>>>>> [email protected] >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>>> _______________________________________________ >>>>>> Ntop mailing list >>>>>> [email protected] >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> -- >>> Daniel Baeza >>> COR TVT >>> Dpto. Datos TVT >>> Television Costa Blanca S.L. >>> Telf. 966190565 >>> WEB: http://www.tvt.es >>> Correo: [email protected] >>> >>> --AVISO LEGAL-- >>> En cumplimiento de la Ley Orgánica 15/1999, de 13 de diciembre de >>> protección de datos de carácter personal, se pone en conocimiento del >>> destinatario del presente correo electrónico, que los datos incluidos en >>> este mensaje, están dirigidos exclusivamente al citado destinatario cuyo >>> nombre aparece en el encabezamiento, por lo que si usted no es la persona >>> interesada rogamos nos comunique el error de envío y se abstenga de >>> realizar copias del mensaje o de los datos contenidos en el mismo o >>> remitirlo o entregarlo a otra persona, procediendo a borrarlo de inmediato. >>> Asimismo le informamos que sus datos de correo han quedado incluidos en >>> nuestra base de datos a fin de dirigirle, por este medio, comunicaciones >>> comerciales, profesionales e informativas y que usted dispone de los >>> derechos de acceso, rectificación, cancelación y especificación de los >>> mismos, derechos que podrá hacer efectivos dirigiéndose a Televisión >>> Costablanca, S.L., C/ San Policarpo 41 Bajo. C.P: 03181 Torrevieja >>> (Alicante). >>> >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop > > -- > Daniel Baeza > COR TVT > Dpto. Datos TVT > Television Costa Blanca S.L. > Telf. 966190565 > WEB: http://www.tvt.es > Correo: [email protected] > > --AVISO LEGAL-- > En cumplimiento de la Ley Orgánica 15/1999, de 13 de diciembre de protección > de datos de carácter personal, se pone en conocimiento del destinatario del > presente correo electrónico, que los datos incluidos en este mensaje, están > dirigidos exclusivamente al citado destinatario cuyo nombre aparece en el > encabezamiento, por lo que si usted no es la persona interesada rogamos nos > comunique el error de envío y se abstenga de realizar copias del mensaje o de > los datos contenidos en el mismo o remitirlo o entregarlo a otra persona, > procediendo a borrarlo de inmediato. > Asimismo le informamos que sus datos de correo han quedado incluidos en > nuestra base de datos a fin de dirigirle, por este medio, comunicaciones > comerciales, profesionales e informativas y que usted dispone de los derechos > de acceso, rectificación, cancelación y especificación de los mismos, > derechos que podrá hacer efectivos dirigiéndose a Televisión Costablanca, > S.L., C/ San Policarpo 41 Bajo. C.P: 03181 Torrevieja (Alicante). > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
