Hi,
I have a huge 500GB pcap file that I am using to get some high level
statistics. I am using the following command to feed pcap file into ntop:
sudo ntop -m 0.0.0.0/ -f /mnt/tcpdump.pcap -n -4 -w3000 --w3c -p
/etc/ntop/protocol.list
The problem is that for privacy reasons, when we captured this data
using tcpdump, we only captured the headers or the first 85 bytes.
Currently, it appears that ntop is basing many of its statistics based
on the real captured payload size.
Is there any way to modify ntop behaviour to use the ip length field?
Thanks for your time,
Dave
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
