Peter Franzel
Mon, 23 Nov 2009 13:46:49 -0800
Hi, I am currently testing some things with with pmacct. But at the beginning I have noticed a strange behavior. I am trying to analyse in- and outgoing traffic from a dedicated host of my home network to the external net (internet). Incomming traffc seems to be well managed, but the measurments for incomming traffic strangely seems to be wrong. I excluded everything that could cause this problem but still have this issue. Here some impressions of my testings: ################### pmacct - config: ! debug: false daemonize: true interface: eth1 plugin_buffer_size: 20480 plugin_pipe_size: 20480000 plugins: memory[net_port] networks_file: /usr/local/etc/networks.lst ports_file: /usr/local/etc/ports.lst aggregate[net_port]: src_net,src_port,dst_net,dst_port imt_path[net_port]: /tmp/nets_ports.pipe ################### network.lst: ! ! local networks ! 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24 ################### ports ! ! local ports ! ! Web Traffic 80 443 ################### Doing: 1. I reset the counters: /usr/local/bin/pmacct -c src_net,src_port -N 0.0.0.0,80 -p /tmp/nets_ports.pipe -r 0 /usr/local/bin/pmacct -c dst_net,dst_port -N 0.0.0.0,80 -p /tmp/nets_ports.pipe -r 0 ################### 2. I do an ifconfig on the transmitting host: eth0 Link encap:Ethernet Hardware Adresse 00:1c:25:da:a1:a6 inet Adresse:192.168.1.202 Bcast:192.168.1.255 Maske:255.255.255.0 inet6-Adresse: fe80::21c:25ff:feda:a1a6/64 Gültigkeitsbereich:Verbindung UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1 RX packets:192 errors:0 dropped:0 overruns:0 frame:0 TX packets:74 errors:0 dropped:0 overruns:0 carrier:0 Kollisionen:0 Sendewarteschlangenlänge:1000 RX bytes:9847 (9.8 KB) TX bytes:7376 (7.3 KB) Interrupt:17 ################### 3. I did an wget: wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.31.tar.gz --2009-11-22 00:53:08-- http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.31.tar.gz Auflösen des Hostnamen »www.kernel.org«.... 199.6.1.164, 130.239.17.4 Verbindungsaufbau zu www.kernel.org|199.6.1.164|:80... verbunden. HTTP Anforderung gesendet, warte auf Antwort... 200 OK Länge: 78278595 (75M) [application/x-gzip] In »linux-2.6.31.tar.gz« speichern. 100%[========================================================================================================================>] 78.278.595 2,66M/s in 28s 2009-11-23 00:53:37 (2,68 MB/s) - »linux-2.6.31.tar.gz« gespeichert [78278595/78278595] 4. I read the counters pe...@tcprobe:/$ /usr/local/bin/pmacct -c src_net,src_port -N 0.0.0.0,80 -p /tmp/nets_ports.pipe -r 81105947 pe...@tcprobe:/$ /usr/local/bin/pmacct -c dst_net,dst_port -N 0.0.0.0,80 -p /tmp/nets_ports.pipe -r 1454205 ################### 5. I do another ifconfig eth0 Link encap:Ethernet Hardware Adresse 00:1c:25:da:a1:a6 inet Adresse:192.168.1.202 Bcast:192.168.1.255 Maske:255.255.255.0 inet6-Adresse: fe80::21c:25ff:feda:a1a6/64 Gültigkeitsbereich:Verbindung UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1 RX packets:54577 errors:0 dropped:0 overruns:0 frame:0 TX packets:27539 errors:0 dropped:0 overruns:0 carrier:0 Kollisionen:0 Sendewarteschlangenlänge:1000 RX bytes:81116775 (81.1 MB) TX bytes:1846141 (1.8 MB) Interrupt:17 ################### Results: (I know that this procedure can not be really accurate...) Pmacct data --> 81105947 bytes RX <-> 1454205 bytes TX Difference between ifconfigs: --> 81106928 bytes RX <-> 1838765 bytes TX Difference between "pmacct" und "ifconfig" --> 981 bytes RX <-> 384560 bytes TX I thing RX Traffic is brilliant, but why is there such a big difference between TX bytes?! Is there something I am going wrong or where is the fault? I would be nice if somebody can help me. Many thanks, Peter _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists