Like I said, I think that machine is marginal. It may work/may not... you will have to watch the two things I described in my other email on the topic:
1. Memory actually being used - swap space is bad for responsiveness. 2. Packet loss (kernel - check ifconfig and ntop - check the configuration page) -----Burton ---------- Original Message ---------------------------------- From: <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Thu, 11 Jul 2002 00:21:09 +0800 (CST) >hi: > i just compile ntop and run it several hours, so please correct > it if my words are wrong... > > my linux firewall: P200 with 64MB ram, with mandrake 8.2, > with 4 NICS (lan, dmz, 1536k/384k adsl , 512k/64k adsl) > we have 5 clients connect to the firewall. > when client downloading at full speed , linux loading is between > 0.x ~ 1.x. > my linux runs ntop,dhcpd,sshd,and some netfilter & policy routing stuff. > it seems ok now. but i don't know if it will crash soon:) > >Regards, >tbsky > >> It really depends on how much traffic you have and how many ACTIVE >> hosts. >> >> Tigger is my (Linux) ntop development box. It's a P3-800 (100FSB) w >> 384MB of RAM - two NICs, an onboard one and a USB (unnumbered) on the >> CableModem side. Which clearly excessive for my network (Especially >> overnight, when I'm asleep!) - which is 4 computers hooked up to a 1.5 >> Mbps CableModem. But tigger is fine when I fire up UserModeLinux to >> build the rpms... >> >> You can see it the light load in the "top" statistics: >> >> 9:39am up 10 days, 16:00, 1 user, load average: 0.08, 0.02, 0.01 >> 34 processes: 33 sleeping, 1 running, 0 zombie, 0 stopped >> CPU states: 2.6% user, 0.5% system, 0.0% nice, 3.6% idle >> Mem: 383880K av, 353968K used, 29912K free, 0K shrd, >> 79952K buff >> Swap: 257032K av, 3184K used, 253848K free >> 166560K cached >> >> But, there is nothing running other than ntop and the sshd session I'm >> using to pull this data off with. >> >> ps -axf >> PID TTY STAT TIME COMMAND >> 6 ? SW 0:15 [kupdated] >> 5 ? SW 0:00 [bdflush] >> 4 ? SW 0:02 [kswapd] >> 3 ? SWN 0:00 [ksoftirqd_CPU0] >> 1 ? S 0:18 init >> 2 ? SW 0:00 [keventd] >> 8 ? SW 0:00 [khubd] >> 9 ? SW 0:10 [kjournald] >> 137 ? SW 0:00 [kjournald] >> 518 ? S 0:00 /sbin/dhclient -1 -q -lf >> /var/lib/dhcp/dhclient-eth0.leases -pf /var/run/ >> 587 ? S 0:04 syslogd -m 0 >> 592 ? S 0:00 klogd -2 >> 612 ? S 0:00 portmap >> 687 ? SL 0:00 ntpd -U ntp >> 741 ? S 0:00 /usr/sbin/sshd >> 1654 ? S 0:00 \_ /usr/sbin/sshd >> 1655 pts/0 S 0:00 \_ -bash >> 1702 pts/0 R 0:00 \_ ps -axf >> 764 ? S 0:00 gpm -t ps/2 -m /dev/mouse >> 782 ? S 0:00 crond >> 832 ? S 0:02 xfs -droppriv -daemon >> 902 ? S 0:00 /usr/sbin/atd >> 934 tty2 S 0:00 /sbin/mingetty tty2 >> 935 tty3 S 0:00 /sbin/mingetty tty3 >> 8147 tty1 S 0:00 /sbin/mingetty tty1 >> 21802 ? S 0:00 /usr/bin/ntop -i eth0,eth1 -p >> /usr/share/ntop/protocol.list -P /usr/share >> 21806 ? S 0:00 \_ /usr/bin/ntop -i eth0,eth1 -p >> /usr/share/ntop/protocol.list -P /usr/s >> 21807 ? S 0:00 \_ /usr/bin/ntop -i eth0,eth1 -p >> /usr/share/ntop/protocol.list -P /u >> 21808 ? S 0:44 \_ /usr/bin/ntop -i eth0,eth1 -p >> /usr/share/ntop/protocol.list -P /u >> 21809 ? S 0:00 \_ /usr/bin/ntop -i eth0,eth1 -p >> /usr/share/ntop/protocol.list -P /u >> 21810 ? S 0:00 \_ /usr/bin/ntop -i eth0,eth1 -p >> /usr/share/ntop/protocol.list -P /u >> 21811 ? S 0:00 \_ /usr/bin/ntop -i eth0,eth1 -p >> /usr/share/ntop/protocol.list -P /u >> 21812 ? S 0:13 \_ /usr/bin/ntop -i eth0,eth1 -p >> /usr/share/ntop/protocol.list -P /u >> 21813 ? S 1:04 \_ /usr/bin/ntop -i eth0,eth1 -p >> /usr/share/ntop/protocol.list -P /u >> >> If I start a big ftp job, the download rate hits 14xxKbps and cpu >> jumps: >> >> 21813 ntop 18 0 11376 9528 1892 R 1.3 2.4 1:05 ntop >> ^^^ >> >> There is a lot more processor power than a simple 800:166 ratio >> indicates (although I can't find a convenient database of results, >> because the testing programs - SYSmark, SiSoft Sandra, etc. keep >> evolving). >> >> The best I can offer is a STRONG opinion that you need MUCH more RAM - >> 256MB and probably will need a faster processor - a PII-400 is what I >> used to use when I started w/ ntop - and that box was also running >> qmail, snort, squid, publicfile - but still low usage... >> >> -----Burton >> >> >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >> Boniforti Flavio >> Sent: Wednesday, July 10, 2002 7:30 AM >> To: [EMAIL PROTECTED] >> Subject: R: R: [Ntop] install ntop at linux firewall.. >> >> >>> Sorry, but I can't offer much hope for that small and >>> out-dated a machine doing that much for you... >> >> OK, now it's pretty clear. Would I have to set up another machine which >> would substitute my actual P166MMX or would it be possible to set up a >> more powerful machine and leave it in my LAN for sniffing purposes? I'd >> have to sniff LAN, Internet traffic and DMZ traffic (the whole traffic >> passing through my 3 NICs on the gateway. >> >> Thank you for your suggestions... __________________________________________________ D O T E A S Y - "Join the web hosting revolution!" http://www.doteasy.com _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://lists.ntop.org/mailman/listinfo/ntop
