Hi JT, nCap is definitively more performant what PF_RING (forget rtirq, you don't need it anymore with modern 2.6 kernels). However the bottleneck here is probably ntop rather than the capture speed. In other words ntop cannot really operate at 1 Gbit (line speed I mean) because it does too many per-packet operations (ntop is quite rich in term of provided statistics). In this view a preprocessor (e.g. nprobe) can let ntop scale at Gbit speeds. In this case you can really benefit from enhanced packet capture, whereas with a pure ntop solution you won't really take advantage of it.
Cheers, Luca jean-thomas dauchel wrote: > hi,my name is jean-thomas and i'm in training course for my studies > and the main subject of this training period is Ntop.Well, i decided > to to make Ntop more efficient since the heart of the network where i > work is gigabit.So my question is: > patching linux kernel with rtirq and addind module pf_ring to the > kernel is quite bit hard for such a newbie like me in linux,more over > i haven't find any how to install or how to configure with enough > details for me.I have read many docs but it isn't help me > enough,however i find a solution looks like easier with the lib nCap. > Some one should help me? > thanks a lot by advance > JT > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop -- Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/ Hacker: someone who loves to program and enjoys being clever about it - Richard Stallman _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
