If you've looked in pbuf.c you're ahead of me... there is a snip of code in sessions.c where it looks like it's doing the countings, it's in handleSession(), around 1356... but I don't know how / when it gets in there...
-----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dilan Arumainathan Sent: Thursday, February 21, 2002 2:32 PM To: [EMAIL PROTECTED] Subject: Re: [Ntop] Re: Retransmitted packets There is an attempt to display retransmitted packets in the host spcific info page (Data Recvd -> Host Activity->[Any host]->{Total Data Rcvd}). It always prints "0 Retran. packets. [0%]" I looked in pbuf.c and there doesn't seem to be any attempt to detect retransmitted packets. If this is indeed supposed to be a count of retransmitted packets then it might be misleading. Is it? thanks dilan ----- Original Message ----- From: "Burton M. Strauss III" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, February 21, 2002 11:55 AM Subject: RE: [Ntop] Re: Retransmitted packets > I don't know about the internals of tcpdump. > > I am guessing that it's talking TCP retransmits, which it would be able to > detect by the ACK flags and sequence #s? > > I don't recall any code in ntop to specifically break those out - look at > processPacket() {in pbuf.c at the end) - that's where it's all handled... > > -----Burton > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dilan > Arumainathan > Sent: Thursday, February 21, 2002 12:24 PM > To: [EMAIL PROTECTED] > Subject: [Ntop] Re: Retransmitted packets > > > Additional info included: > > Ntop: > I ran NTOP and tcptrace against captured traffic (in a tcpdump file). > Tcptrace reported a lot of retransmitted traffic and Ntop did not. Is this > by design? > > thanks > dilan > > OS i486-pc-linux-gnu > ntop version 2.0.0 > Built on 02/19/02 08:25:17 PM > Started as lt-ntop -w 3000 -P /tmp > GDBM version This is GDBM version 1.7.3, as of May 19, 1994. > OpenSSL Support Absent > Multithreaded Yes > GD Chart Absent > UCD/NET SNMP Absent > TCP Wrappers Absent > Async. Addr. Resolution Yes > lsof Support No (Either disabled [Use -E option] or missing) > nmap Support No (Either disabled [Use -E option] or missing) > # Handled HTTP Requests 1341 > Actual Hash Size 362 > Top Hash Size 362 > # Queued Pkts to Process 0 > # Max Queued Pkts 0 > # Stored Hash Hosts 231 [63 %] > # Purged Hash Hosts 225 > # TCP Sessions 23 > # Terminated TCP Sessions 3112 > # Queued Addresses 0 > # Addresses Resolved with DNS 177 > # Addresses Kept Numeric 217 > # Addresses Found in Cache 0 > # Dropped Addresses 0 > # Active Threads 9 > > > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listmanager.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listmanager.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop
