I don't know about the internals of tcpdump.
I am guessing that it's talking TCP retransmits, which it would be able to
detect by the ACK flags and sequence #s?
I don't recall any code in ntop to specifically break those out - look at
processPacket() {in pbuf.c at the end) - that's where it's all handled...
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dilan
Arumainathan
Sent: Thursday, February 21, 2002 12:24 PM
To: [EMAIL PROTECTED]
Subject: [Ntop] Re: Retransmitted packets
Additional info included:
Ntop:
I ran NTOP and tcptrace against captured traffic (in a tcpdump file).
Tcptrace reported a lot of retransmitted traffic and Ntop did not. Is this
by design?
thanks
dilan
OS i486-pc-linux-gnu
ntop version 2.0.0
Built on 02/19/02 08:25:17 PM
Started as lt-ntop -w 3000 -P /tmp
GDBM version This is GDBM version 1.7.3, as of May 19, 1994.
OpenSSL Support Absent
Multithreaded Yes
GD Chart Absent
UCD/NET SNMP Absent
TCP Wrappers Absent
Async. Addr. Resolution Yes
lsof Support No (Either disabled [Use -E option] or missing)
nmap Support No (Either disabled [Use -E option] or missing)
# Handled HTTP Requests 1341
Actual Hash Size 362
Top Hash Size 362
# Queued Pkts to Process 0
# Max Queued Pkts 0
# Stored Hash Hosts 231 [63 %]
# Purged Hash Hosts 225
# TCP Sessions 23
# Terminated TCP Sessions 3112
# Queued Addresses 0
# Addresses Resolved with DNS 177
# Addresses Kept Numeric 217
# Addresses Found in Cache 0
# Dropped Addresses 0
# Active Threads 9
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop
