hi: i just compile ntop and run it several hours, so please correct it if my words are wrong...
my linux firewall: P200 with 64MB ram, with mandrake 8.2, with 4 NICS (lan, dmz, 1536k/384k adsl , 512k/64k adsl) we have 5 clients connect to the firewall. when client downloading at full speed , linux loading is between 0.x ~ 1.x. my linux runs ntop,dhcpd,sshd,and some netfilter & policy routing stuff. it seems ok now. but i don't know if it will crash soon:) Regards, tbsky > It really depends on how much traffic you have and how many ACTIVE > hosts. > > Tigger is my (Linux) ntop development box. It's a P3-800 (100FSB) w > 384MB of RAM - two NICs, an onboard one and a USB (unnumbered) on the > CableModem side. Which clearly excessive for my network (Especially > overnight, when I'm asleep!) - which is 4 computers hooked up to a 1.5 > Mbps CableModem. But tigger is fine when I fire up UserModeLinux to > build the rpms... > > You can see it the light load in the "top" statistics: > > 9:39am up 10 days, 16:00, 1 user, load average: 0.08, 0.02, 0.01 > 34 processes: 33 sleeping, 1 running, 0 zombie, 0 stopped > CPU states: 2.6% user, 0.5% system, 0.0% nice, 3.6% idle > Mem: 383880K av, 353968K used, 29912K free, 0K shrd, > 79952K buff > Swap: 257032K av, 3184K used, 253848K free > 166560K cached > > But, there is nothing running other than ntop and the sshd session I'm > using to pull this data off with. > > ps -axf > PID TTY STAT TIME COMMAND > 6 ? SW 0:15 [kupdated] > 5 ? SW 0:00 [bdflush] > 4 ? SW 0:02 [kswapd] > 3 ? SWN 0:00 [ksoftirqd_CPU0] > 1 ? S 0:18 init > 2 ? SW 0:00 [keventd] > 8 ? SW 0:00 [khubd] > 9 ? SW 0:10 [kjournald] > 137 ? SW 0:00 [kjournald] > 518 ? S 0:00 /sbin/dhclient -1 -q -lf > /var/lib/dhcp/dhclient-eth0.leases -pf /var/run/ > 587 ? S 0:04 syslogd -m 0 > 592 ? S 0:00 klogd -2 > 612 ? S 0:00 portmap > 687 ? SL 0:00 ntpd -U ntp > 741 ? S 0:00 /usr/sbin/sshd > 1654 ? S 0:00 \_ /usr/sbin/sshd > 1655 pts/0 S 0:00 \_ -bash > 1702 pts/0 R 0:00 \_ ps -axf > 764 ? S 0:00 gpm -t ps/2 -m /dev/mouse > 782 ? S 0:00 crond > 832 ? S 0:02 xfs -droppriv -daemon > 902 ? S 0:00 /usr/sbin/atd > 934 tty2 S 0:00 /sbin/mingetty tty2 > 935 tty3 S 0:00 /sbin/mingetty tty3 > 8147 tty1 S 0:00 /sbin/mingetty tty1 > 21802 ? S 0:00 /usr/bin/ntop -i eth0,eth1 -p > /usr/share/ntop/protocol.list -P /usr/share > 21806 ? S 0:00 \_ /usr/bin/ntop -i eth0,eth1 -p > /usr/share/ntop/protocol.list -P /usr/s > 21807 ? S 0:00 \_ /usr/bin/ntop -i eth0,eth1 -p > /usr/share/ntop/protocol.list -P /u > 21808 ? S 0:44 \_ /usr/bin/ntop -i eth0,eth1 -p > /usr/share/ntop/protocol.list -P /u > 21809 ? S 0:00 \_ /usr/bin/ntop -i eth0,eth1 -p > /usr/share/ntop/protocol.list -P /u > 21810 ? S 0:00 \_ /usr/bin/ntop -i eth0,eth1 -p > /usr/share/ntop/protocol.list -P /u > 21811 ? S 0:00 \_ /usr/bin/ntop -i eth0,eth1 -p > /usr/share/ntop/protocol.list -P /u > 21812 ? S 0:13 \_ /usr/bin/ntop -i eth0,eth1 -p > /usr/share/ntop/protocol.list -P /u > 21813 ? S 1:04 \_ /usr/bin/ntop -i eth0,eth1 -p > /usr/share/ntop/protocol.list -P /u > > If I start a big ftp job, the download rate hits 14xxKbps and cpu > jumps: > > 21813 ntop 18 0 11376 9528 1892 R 1.3 2.4 1:05 ntop > ^^^ > > There is a lot more processor power than a simple 800:166 ratio > indicates (although I can't find a convenient database of results, > because the testing programs - SYSmark, SiSoft Sandra, etc. keep > evolving). > > The best I can offer is a STRONG opinion that you need MUCH more RAM - > 256MB and probably will need a faster processor - a PII-400 is what I > used to use when I started w/ ntop - and that box was also running > qmail, snort, squid, publicfile - but still low usage... > > -----Burton > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Boniforti Flavio > Sent: Wednesday, July 10, 2002 7:30 AM > To: [EMAIL PROTECTED] > Subject: R: R: [Ntop] install ntop at linux firewall.. > > >> Sorry, but I can't offer much hope for that small and >> out-dated a machine doing that much for you... > > OK, now it's pretty clear. Would I have to set up another machine which > would substitute my actual P166MMX or would it be possible to set up a > more powerful machine and leave it in my LAN for sniffing purposes? I'd > have to sniff LAN, Internet traffic and DMZ traffic (the whole traffic > passing through my 3 NICs on the gateway. > > Thank you for your suggestions... > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://lists.ntop.org/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://lists.ntop.org/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://lists.ntop.org/mailman/listinfo/ntop
