Why are you trying this? It's
bogus - just use -B "filter" for the ntop instance.
Hello,
In the first place it was just a test of this function of ntop. I am
considering the possibility to keep the raw Netflow data for shorts
periods for security reasons. I wanted to test how I could use ntop to
analyze this raw data. It was not my goal to make a test of a live
tcpdump with a live ntop on it, it was a mistake (I did'nt stop tcpdump
as I believed I did).
But when I saw the result, I was curious of what was displayed.
Thanks for your answer.
-----Burton
Hello,
Here what I tried :
- I started a tcpdump -w file.pcap dst host my_host and dst port
2055 &
- A few minutes later, I launched ntop as a daemon with the -f
file.pcap argument, the tcpdump was still (and is still) running.
Ntop complained a little because it find the file.pcap to be a
truncated file, but it processed it.
Now this very instance of ntop I launched on the pcap file a few hours
ago displays in (Summary->Network load) a graph with the last hour.
A long time after the moment I first launched ntop.
My question is : does ntop rescan the pcap file and display the
evolution or does it display the actual time by error ?
I hope that I made myself clear :-[ .
--
Didier Benza [EMAIL PROTECTED]
Tel : +33 492 38 7167 / Fax : +33 492 38 7602
INRIA 2004, Route des Lucioles, BP 93, 06902 Sophia Antipolis Cedex
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
--
Didier Benza [EMAIL PROTECTED]
Tel : +33 492 38 7167 / Fax : +33 492 38 7602
INRIA 2004, Route des Lucioles, BP 93, 06902 Sophia Antipolis Cedex
|
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
