If you know WHO is doing the scans, you can exclude them from ntop stats via the -B "bpf filter" option, e.g. -B "! net 192.168.1.0/24"
-----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of f. Andrew Lawton Sent: Thursday, October 03, 2002 4:51 AM To: '[EMAIL PROTECTED]' Subject: RE: [Ntop] Command line suggestions. Was "Large hash" On Thu, 2002-10-03 at 12:19, Horta, Benny wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Welcome to the world of big pipes and limitations of current > technology :) If your trying to run NTOP on a border pipe to the the > internet, good luck expect to enter the VIP club of 2GB of ram > minimum. I would say for highly used OC3s 2 gigabytes of ram is a > starting point. anytime a user goes to a website that is one host to > add to the has, and if you have 30,000+ workstations surfing the web > the hash will grow quickly. so if 30,000 hosts visit 40 different > sites each thats a possible hash of 1.2million :) > Well as a final email on this.. 1) We have some engineers that are doing Nessus scans for customers. It's all authorized, so I'm going to have to live with it. At least until their department shells out for it's on T1 (yea, right). 2) I found that using the -S2 parameter helped quite a bit. I found that most of what I will need to track is local anyway. 3) If it starts happening again, I probably am going to have to join Benny's 2gig RAM club. Thanks to all that responded. It's appreciated. _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://lists.ntop.org/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
