This may be a stupid question but here goes anyway. :) We're collecting flows on a Linux box from our Cisco switches using the flow-tools. We are also forwarding them to an instance of ntop using flow-fanout. ntop does an excellent job of breaking things down. One thing I don't understand though. How does ntop break down packet sizes in the Traffic Report? When I use "flow-export" (part of the flow-tools) to dump flow records into a database the packet size is not part of the flow information that is exported. flow-export does give number of packets and total bytes associated with the flow record. Does ntop just use that information and devide total bytes by number of packets (which I don't think would be very accurate) or is there more to flow records than what flow-export spits out? I could look at the ntop source and figure things out but I'm hoping that asking the question here directly might get a faster answer.
Thanks! __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
