System: Quad core Intel with 4GB of RAM and Intel 82599EB 10GbE cardOS: FreeBSD
9.1 (64bit)Software: ntop 5.0.1, libpcap 1.4.0 (from FreeBSD ports system)ntop
Startup Parameters: /usr/local/bin/ntop -4 -n 0 -z -i ix0 -w 0 -W 443 -d
--use-syslog=daemon -x 65536 -X 262144
The link being monitored has about 360kpps/1.6Gbps of traffic on it. Since
tcpdump (unless writing to /dev/null) was not able to keep up with the amount
of traffic on the interface I was only expecting ntop to capture/process a
small amount of the incoming traffic. Which would be good enough for the
evaluation I'm doing. However, I'm seeing a completely unexpected behavior: At
start-up ntop receives and processes about 200k packets from libpcap before
everything stops. All graphs show zero throughput, ntop is not
receiving/processing any additional packets and the Protocol reports are all
empty. The only thing changing is the "Dropped (libpcap)" value. ntop claims
libpcap is dropping all packets and that it has nothing to process. Restarting
the process results in the same thing.
Is this just too much traffic for ntop to process via libpcap?
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
