Hello again, > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton > M. Strauss III > Sent: quarta-feira, 28 de Abril de 2004 4:21 > To: [EMAIL PROTECTED] > Subject: RE: [Ntop] Post processing of tcpdump files with NTOP > > Which version of ntop? 3.0 is MUCH more stable than the 2.2 series. And > should have no problems.
Im using 3.0. > > You are wrong about memory usage - ntop doesn't benefit from running > off-line, in fact will probably need more memory because it won't be able > to > purge inactive hosts. I believe so, but in this specific case, the data collecting PC has only 256MB Ram which becomes exausted after +- 10H when using NTOP in real-time processing mode (due to the large amounts of traffic in the network). I also have a remote machine with 1GB ram which I can use, but not connected to the target network, therefore I can only use it to process previous collected data. It takes more memory, but with 1GB I could process more than than 10H. Ideally, it would be better if I could deploy the 1GB ram machine in the target network and use NTOP in real-time, but this is not the case, unfortunely. > > Certainly the data you're looking for is in the rrd files - you may need > to > create some custom graphs using rrdtool, but the data is there. That is interesting. I've to research further on that. I don't have a clue how can I make custom graphs with rrdtool, since I dont know much about rrdtool, only that is used to collect periodically. Thanks for the feedback :) -pfeito > > -----Burton > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > > pfeito > > Sent: Tuesday, April 27, 2004 7:28 PM > > To: [EMAIL PROTECTED] > > Subject: [Ntop] Post processing of tcpdump files with NTOP > > > > > > Hi to all! > > > > > > > > I'm trying to do some network analysis in a university department > network > > and I choose to use NTOP to acquire statistic data. 10 hours later NTOP > > crashed due to lack of memory (only 256MB were available in the NTOP > > machine). > > > > > > > > I spent a 2 or 3 hours reading some references, trying to understand the > > memory limitations of NTOP, and, if I understood well, its is kind of > > difficult to do a long run analysis (e.g. 1 week or +) with NTOP when > > dealing with medium size to large networks, although it really depends > on > > the machine specs. > > > > > > > > I decided to try a different approach: to collect raw tcpdump output for > a > > week, and then feed that data to NTOP. I've done a little > > experiment with an > > 1 minute tcpdump file and it seem to work well. > > > > > > > > Will this method work for 1 week tcpdump file ? I suspect that the > memory > > limitation still poses a problem, but I could do post processing in > > different machine (i.e. with 1GB Ram). It seems to me that this offline > > processing method should need less memory compared with real-time > > processing > > mode. > > > > > > > > Any feedback from people that has actually done some data processing > like > > this would be appreciated :) > > > > > > > > BTW: as I saw in another post, the tcpdump file only worked when one > > specific interface is indicated with -i parameter (e.g. tcpdump -i eth0 > -w > > dumpfile) > > > > > > > > -pfeito > > > > > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
