Neil, we are aware of this and we'll provide a fix soon Regards Luca
On 09/17/2014 05:49 AM, Neil Page wrote: > ntopng v.1.2.2 (r8210) > > I've noticed in situations where a traffic flow is very long - > 12 > hours, and it happens to consume most of the available bandwidth, it > won't show up in any Historic data unless you can figure out exactly > when the flow started and stopped. > > EXAMPLE: > A fellow employee notices at about 20:00 last night while working that > there is a lot of lag between his office workstation and a datacenter > server (which we have a private circuit connection to). So I use > ntopng (running as a service, using a second NIC as a sniffer in > promiscuous mode - connected to a mirror port on a switch). I navigate > to the web interface of ntopng where I can see live flows. Nothing out > of the ordinary there - but that's because the lag occurred last > night; so I open via the Historical interface some saved flows, around > the 20:00 time frame. I spread out for a 19:30 - 20:30 window - > nothing significant appears in the list of flows. I widen it to 19:00 > - 21:00 and still nothing interesting appears. > > Finally after I load a 16:00 to 04:00 window I can see a replication > job is responsible. What I would like to be able to do is open a 5 > minute Historical flow dump and see a "snap shot" of that traffic to > determine who, in that 5-minute window, was the chief consumer of > bandwidth/packets/bytes. But if the flow lasts for 12+ hours, there's > no way to reveal that unless you happen to know exactly when the flow > started and ended. > > Any advice would be very much appreciated. Thank you, > Neil > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
