I'm still not following you... try using more words and a bigger/better example...
As a guess - If you're having libpcap problems, you might do a google search... http://archives.neohapsis.com/archives/snort/2002-07/0364.html sounded interesting If the NIC or the OS can't keep up, then they'll drop packets. S'be'it ... you need enough hardware to keep up with the network traffic. Once the NIC receives a packet, it's queued to libpcap which handles them as it can. Unless you're running a woefully underpowered system, libpcap doesn't usually drop packets - I mean, it can, given that it runs in user space (it could run out of buffer memory, etc.), but it's rare. Most packet capturing systems don't run much else. Once the packet is given to libpcap, it passes them on based on who is capturing what (the bpf filters). In the case of ntop, that means feeding them into the ntop queue for processing. You can lose packets here - ntop counts them (info.html). Still, if you aren't completely maxed out, you'll eventually catch up - we've discussed this on the list in the past and it's in the docs/FAQ -- 'Q. How much horsepower do I need to run ntop on a network of size x?' -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of rmkml Sent: Wednesday, December 11, 2002 4:50 PM To: [EMAIL PROTECTED] Subject: Re: [Ntop-dev] question about pcap stats on ntop ... Thanks for reply, ok ntop use libpcap library, but libcpcap drop packet on heavy load network, and I access on pcap stat on shutdown ntop process ? I find this pcap stat Ten minutes (example) Regards. _______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
