David
if packets are truncated you won't see all (e.g. application statistics)
but the rest will work
Luca
On 11/14/2011 08:21 AM, David Murray wrote:
If ntop is unable to do this, can anyone recommend another tool that
might be better suited?
On 07/11/11 09:16, David Murray wrote:
Hi,
I have a huge 500GB pcap file that I am using to get some high level
statistics. I am using the following command to feed pcap file into
ntop:
sudo ntop -m 0.0.0.0/ -f /mnt/tcpdump.pcap -n -4 -w3000 --w3c -p
/etc/ntop/protocol.list
The problem is that for privacy reasons, when we captured this data
using tcpdump, we only captured the headers or the first 85 bytes.
Currently, it appears that ntop is basing many of its statistics
based on the real captured payload size.
Is there any way to modify ntop behaviour to use the ip length field?
Thanks for your time,
Dave
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
