I've posted this before... Those counters are largely meaningless as they count the actual packets processed in the plugin via the bpf filter. Most plugins don't read packets so the counts are zero.
-----Burton > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Shawn Wall > Sent: Monday, October 25, 2004 8:30 AM > To: [EMAIL PROTECTED] > Subject: RE: [Ntop] NetFlow > > > > If I look under SUMMARY -> NETFLOWS the table here shows 0 for > packets and 0 > for traffic. In fact it shows 0 for all flow types except > LastSeenWatchPlugin: > > Flow Name Packets Traffic > rrdPlugin 0 0 > NetFlow 0 0 > icmpWatchPlugin 0 0 > LastSeenWatchPlugin 809,715 904.3 MB > > shawn > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Jonathan Feldman > Sent: Monday, October 25, 2004 6:26 AM > To: [EMAIL PROTECTED] > Subject: RE: [Ntop] NetFlow > > You're welcome; glad the document was helpful. :) > > See, Burton, people do read the docs. :) > > Shawn, can you explain what you mean by "My NetFlows still does not show > any packets or traffic?" What output is leading you to say this? > > Cheers, > > --Jonathan > > > -----Original Message----- > > From: Shawn Wall [mailto:[EMAIL PROTECTED] > > Sent: Sunday, October 24, 2004 4:06 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [Ntop] NetFlow > > > > I found my problem. Two issues: > > > > 1. I didn't have CEF enabled on the router (not mentioned in the CICSO > > docs!) > > > > 2. netstat showed high RECV-Q stats for 2055 on my Linux box. > Restarting > > NTOP resolved this. > > > > My NetFlows still does not show any packets or traffic? I don't know > if > > this > > is important since I am getting data from netflow. > > > > I have to give credit to a doc I found on google. Read it at: > > > > > http://www.mirrors.wiretapped.net/security/network-monitoring/ntop/ntop- > netflow-cisco.pdf > > > > shawn > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of > > Claudio Martella > > Sent: Sunday, October 24, 2004 1:48 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Ntop] NetFlow > > > > Actually IIRC the module doesn't give the kind of stats you were > looking > > for. I > > mean even if it recieves che netflow datagrams and calculates the > stats, > > that > > counters are incremented. They actually don't work. Just switch to the > > netflow-device and look at the ntop host or traffic stats, and see if > > everything > > is fine. I don't know if the NTOP team reccomends a particular distro, > but > > i > > wouldn't say there's one. > > > > > > On Sun, Oct 24, 2004 at 12:54:31PM -0600, Shawn Wall wrote: > > > I'm using the NTOP 3.0 rpm for Mandrake 10.x. I tried compiling NTOP > on > > > Mandrake but I found that it was not working i.e. I gave up and took > the > > > easy road. Is there a preferred/recommend Linux distro for NTOP? > > > > > > shawn > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of > > > Claudio Martella > > > Sent: Sunday, October 24, 2004 12:50 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: [Ntop] NetFlow > > > > > > What version are you using? I experience the same problem with the > > debian > > > package. Try compiling the last version by yourself. > > > > > > On Sun, Oct 24, 2004 at 11:10:56AM -0600, Shawn Wall wrote: > > > > I've recently tried sending Netflow exports from my 2501 to my > NTOP > > box. > > I > > > > sniffed the wire and I can see udp flow export packets from 80 to > 128 > > > bytes > > > > in length sent to NTOP from the router. I checked NTOP under > NETFLOWS > > and > > > it > > > > shows 0 packets and 0 traffic. Any ideas? Thanks. > > > > > > > > > > > > > > > > shawn > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > Ntop mailing list > > > > [EMAIL PROTECTED] > > > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > > > > -- > > > Claudio "thefly" Martella > > > [EMAIL PROTECTED] > > > GNU/PG keyid: 0x8EA95625 > > > _______________________________________________ > > > Ntop mailing list > > > [EMAIL PROTECTED] > > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > _______________________________________________ > > > Ntop mailing list > > > [EMAIL PROTECTED] > > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > > > > > > > > -- > > Claudio "thefly" Martella > > [EMAIL PROTECTED] > > GNU/PG keyid: 0x8EA95625 > > _______________________________________________ > > Ntop mailing list > > [EMAIL PROTECTED] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > _______________________________________________ > > Ntop mailing list > > [EMAIL PROTECTED] > > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
