Address resolution takes time -- give it a try, using dig or nslookup - you'll be surprised.
That's why it's in a separate thread, fed by a queue. The queue is (by default) 4K. When the queue fills up, ntop just stops queuing addresses and keeps them in numeric form. As the queue gets emptied, ntop can accept additional addresses to resolve. In packet capture mode, you'll eventually see other packets from those hosts and everything gets resolved. When you send a huge file, ntop gets hit with all those addresses at once to resolve. This overflows the queue and some don't get resolved. You can try sending the file in smaller chunks, or you could edit the queue size in globals-defines.h and recompile. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hermano Toscano Moura Sent: Thursday, August 04, 2005 10:54 AM To: [email protected] Subject: [Ntop] Problem Sending NetFlow Traces Hi There... I'm sending a netflow trace to Ntop like this: flow-cat /home/hermano/gt/netflow | flow-send -dV5 0/127.0.0.1/5555 The file that Im sending has around 480Mb... But the results are not the expected, I think ntop is not processing all the information of this trace... The following messages appears: **WARNING** Address resolution queue is full [4096 slots] Addresses in excess won't be resolved - ntop continues My questions are... Why ntop cant process all the file? I think 480Mb is not a too large trace file... Can I fix this problem? If I send pieces of this trace(like 48 files of 10Mb), i solve my problem? Thanks evrybody in advance and sorry about my poor english! Hermano Toscano _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
