Hi all
I've been looking at using freebsd 4.10 and NTOP(v3) to monitor a 100mb wan connection. The traffic averages at about 8mb/s and occasionally peaks at 44mb/s. I'll be honest in that the box I'm running it on isnt that great (pII 450Mhz and 256mb RAM). What confuses me at the moment is the amount of drops attributed to libpcap - according to the web server I'm dropping anything from 85% (the lowest I've seen it) up to 200%(not sure how?). And these are at times when traffic throughput is only around 6mb/s. The amount of drops due to ntop is always 0%. I've tried turning of rrdtool as well and set pcap to non blocking. Ok, you could simply argue that the machine is junk and I'm wasting my time - except that ntop is using less than a third of the systems utilisation and when I run snort on the same interface which also uses libpcap I loose NO packets. Absolutely nothing. I've read from previous posts that libpcap occasionally fibs about its stats, but why fib to one application and not the other? So� any ideas on why the libpcap performance when used by ntop is terrible compared to that of snort? I've tried 2 different machines and 3 different Nics (all different manufacturers - intel, 3com and netgear) and I still get similar results. Any suggestions greatfully received. Kind Regards Ross ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
