I've modified nftrack to dump the contents of Porttracker's database (ports.stat) in clear text. From what I understand the type-values in ports.stat are cumulative. So I did a little comparison between the PortDB data and the summary-data from nfdump within the same 5-minute interval. I got the PortDB data by taking the delta between two consecutive updates.
These are the values for the same tcp-port within that interval: PortDB (type 0,1 and 2): 662 flows, 253636 packets, 159295430 bytes Raw data: 1250 flows, 504478 packets, 394323917 bytes Shouldn't these be comparable? Or am I missing a vital point here, regarding the data in ports.stat? -tor ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
