If you have the stream in a file, you can probably hack at flow-tools-fanout to slow down the rate (or does it have a rate parm - there's a tickle about that in the back of my head). A simple nanosleep of 0.1s after each packet send would eliminate an question about whether it's rate limited.
You did check the netFlow plugin statistics, right? Often 'lost' flows are actually port zero ... -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R.H.Hoek Sent: Friday, July 01, 2005 3:35 AM To: [email protected] Subject: [Ntop-dev] netflow and missing packets Dear all, Still I am trying to solve 'my' problem with missing netflow-packets by nTop send by our Cisco6509. In one of the last messages Burton said: "It could be that ntop isn't pulling them fast enough from the interface, but that's just a pretty simple select() recvfrom() call pair." I had a look into netflowPlugin.c and found that part of the code: if((rc = select(maxSock+1, &netflowMask, NULL, NULL, NULL)) > 0) { if(FD_ISSET(myGlobals.device[deviceId].netflowGlobals->netFlowInSocket, &netflowMask)){ len = sizeof(fromHost); rc = recvfrom(myGlobals.device[deviceId].netflowGlobals->netFlowInSocket, (char*)&buffer, sizeof(buffer), 0, (struct sockaddr*)&fromHost, (socklen_t*)&len); } . . . I have no experience/knowlegde changing this code. I wil try to find someone that can do this for me.... On the otherhand, if someone on this list can do this and want to test, I can send our netflowstream to you. With flow-tools-fanout I can simply fanout the stream to other hosts. Thanks........ -- Groeten, Roel H.Hoek _______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev _______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
