You need to figure out how the files differ... if -i any is creating a differently formatted file (maybe with an interface prefix or something), well, then ntop doesn't know how to read it - ntop just reads the bytes that are there.
-i any Setting the device to any on a call to pcap_open_live now works in memory mapped mode. That is to say the network device can be specified as "any" and cooked packets will be put on the ring by the kernel for all interfaces seen by ifconfig. This corresponds to the latest libpcap from tcpdump.org which has code in the pcap_read_packet (called by pcap_loop, pcap_dispatch, etc.) to handle the any device. The PCAP_STATS code has been modified to add the packet stats for each device together when in this mode. I'm pretty sure ntop is expecting raw packets, and I've NEVER seen a clear explaination of what cooked mode is... -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mauro G. Todeschini Sent: Thursday, September 26, 2002 2:59 AM To: [EMAIL PROTECTED] Subject: [Ntop] about tcpdump dump file Hi, after the problem I had with windows I decided to copile ntop for linux (2.1.50+). It seeems that if I use it sniffing live traffic everithing is OK. But if I use it with a dump file from tcpdump, it seems that tcpdump can't understand the kind of traffic in the dump file. I'm sure that the dumpfile contains a lot of IP traffic (I can see it through ethereal, mainly POP3 traffic) but the trafic is classified ad OSI or Other. It seems that the size of traffic is Ok (the dumpfile is 1Mb and the sum of traffic showed by ntop is about 1Mb). Is there a problem perhaps depending... ehi perhaps now I understand: if I dump a file with tcpdump -i any -C 1 -w dumpfile I have the problem, If I dump a file with tcpdump -i eth0 -C 1 -w dumpfile I don't have the problem so the problem is that ntop doesn't work with tcpdump option "-i any". Am I right? Bye -- Mauro G. Todeschini e-mail: [EMAIL PROTECTED] _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://lists.ntop.org/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://lists.ntop.org/mailman/listinfo/ntop
