Why do you think it's a bug? ntop tracks sessions for your. What it doesn't do is full stateful connection tracking, and it's not the router that drops the packet.
ntop sees a packet from port whatever on host whatever to port something on host something. That's a session. The fact that it never get's an ACK back, and the fact that some upstream router drops it, doesn't change what ntop sees, which is the packet level information. After a while (the timeout), the session disappears. IMHO: Nope, sorry, no bug - functioning as designed -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Igor Schein Sent: Friday, February 22, 2002 12:25 PM To: [EMAIL PROTECTED] Subject: [Ntop] issues with reporting 2) My network is behind a firewall, and I don't allow http out. All browing goes through a proxy. Real Player in default installation tries to send data to http port on chanrr1.real.com once in a while (down with spyware!!) and those packets get dropped. However, for at least 20 minutes after a packet got dropped, there's a listing in IP Protos -> Sessions table like this: 172.17.0.208:1391 chanrr1.real.com:http 248 0 02/22/02 13:10:16 02/22/02 13:10:37 5:07 The 3rd and 4th column indicate that a small packet was dropped. The last column shows the age of the pseudo-connection, 5min in this case. I believe it's a bug. I'm using Feb 15 snapshot on RH-7.2 machine, and all traffic is mirror to a port on a switch level. _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop
