It really depends on how much traffic you have and how many ACTIVE hosts.
Tigger is my (Linux) ntop development box. It's a P3-800 (100FSB) w 384MB
of RAM - two NICs, an onboard one and a USB (unnumbered) on the CableModem
side. Which clearly excessive for my network (Especially overnight, when
I'm asleep!) - which is 4 computers hooked up to a 1.5 Mbps CableModem. But
tigger is fine when I fire up UserModeLinux to build the rpms...
You can see it the light load in the "top" statistics:
9:39am up 10 days, 16:00, 1 user, load average: 0.08, 0.02, 0.01
34 processes: 33 sleeping, 1 running, 0 zombie, 0 stopped
CPU states: 2.6% user, 0.5% system, 0.0% nice, 3.6% idle
Mem: 383880K av, 353968K used, 29912K free, 0K shrd, 79952K
buff
Swap: 257032K av, 3184K used, 253848K free 166560K
cached
But, there is nothing running other than ntop and the sshd session I'm using
to pull this data off with.
ps -axf
PID TTY STAT TIME COMMAND
6 ? SW 0:15 [kupdated]
5 ? SW 0:00 [bdflush]
4 ? SW 0:02 [kswapd]
3 ? SWN 0:00 [ksoftirqd_CPU0]
1 ? S 0:18 init
2 ? SW 0:00 [keventd]
8 ? SW 0:00 [khubd]
9 ? SW 0:10 [kjournald]
137 ? SW 0:00 [kjournald]
518 ? S 0:00 /sbin/dhclient -1 -q -lf
/var/lib/dhcp/dhclient-eth0.leases -pf /var/run/
587 ? S 0:04 syslogd -m 0
592 ? S 0:00 klogd -2
612 ? S 0:00 portmap
687 ? SL 0:00 ntpd -U ntp
741 ? S 0:00 /usr/sbin/sshd
1654 ? S 0:00 \_ /usr/sbin/sshd
1655 pts/0 S 0:00 \_ -bash
1702 pts/0 R 0:00 \_ ps -axf
764 ? S 0:00 gpm -t ps/2 -m /dev/mouse
782 ? S 0:00 crond
832 ? S 0:02 xfs -droppriv -daemon
902 ? S 0:00 /usr/sbin/atd
934 tty2 S 0:00 /sbin/mingetty tty2
935 tty3 S 0:00 /sbin/mingetty tty3
8147 tty1 S 0:00 /sbin/mingetty tty1
21802 ? S 0:00 /usr/bin/ntop -i eth0,eth1 -p
/usr/share/ntop/protocol.list -P /usr/share
21806 ? S 0:00 \_ /usr/bin/ntop -i eth0,eth1 -p
/usr/share/ntop/protocol.list -P /usr/s
21807 ? S 0:00 \_ /usr/bin/ntop -i eth0,eth1 -p
/usr/share/ntop/protocol.list -P /u
21808 ? S 0:44 \_ /usr/bin/ntop -i eth0,eth1 -p
/usr/share/ntop/protocol.list -P /u
21809 ? S 0:00 \_ /usr/bin/ntop -i eth0,eth1 -p
/usr/share/ntop/protocol.list -P /u
21810 ? S 0:00 \_ /usr/bin/ntop -i eth0,eth1 -p
/usr/share/ntop/protocol.list -P /u
21811 ? S 0:00 \_ /usr/bin/ntop -i eth0,eth1 -p
/usr/share/ntop/protocol.list -P /u
21812 ? S 0:13 \_ /usr/bin/ntop -i eth0,eth1 -p
/usr/share/ntop/protocol.list -P /u
21813 ? S 1:04 \_ /usr/bin/ntop -i eth0,eth1 -p
/usr/share/ntop/protocol.list -P /u
If I start a big ftp job, the download rate hits 14xxKbps and cpu jumps:
21813 ntop 18 0 11376 9528 1892 R 1.3 2.4 1:05 ntop
^^^
There is a lot more processor power than a simple 800:166 ratio indicates
(although I can't find a convenient database of results, because the testing
programs - SYSmark, SiSoft Sandra, etc. keep evolving).
The best I can offer is a STRONG opinion that you need MUCH more RAM - 256MB
and probably will need a faster processor - a PII-400 is what I used to use
when I started w/ ntop - and that box was also running qmail, snort, squid,
publicfile - but still low usage...
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Boniforti Flavio
Sent: Wednesday, July 10, 2002 7:30 AM
To: [EMAIL PROTECTED]
Subject: R: R: [Ntop] install ntop at linux firewall..
> Sorry, but I can't offer much hope for that small and
> out-dated a machine doing that much for you...
OK, now it's pretty clear. Would I have to set up another machine which
would substitute my actual P166MMX or would it be possible to set up a
more powerful machine and leave it in my LAN for sniffing purposes? I'd
have to sniff LAN, Internet traffic and DMZ traffic (the whole traffic
passing through my 3 NICs on the gateway.
Thank you for your suggestions...
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://lists.ntop.org/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://lists.ntop.org/mailman/listinfo/ntop
