Thank you very much Markus! To be honest I believe what ntop is giving us is VERY useful. It's good to understand how the information is actually derived. I'm now off to write some tools to generate graphs and reports based on my database full of flow data. I would like to be able to generate host profiles similar to what ntop provides but over a historical time period and put in some cross-links to ntop data. Well, that's just the first thing I want to get done. We've been wanting to harness netflow data for a long time now.
Thanks again! --- Markus Rehbach <[EMAIL PROTECTED]> wrote: > Yes it is bytes/packets per sampling interval > (netflow packet) and it is not very accurate but > better than nothing. > > For me it is very helpful but I´m using software > probes and can use a fixed netflow sampling > interval. As shorter as correcter the result > byte/packets will be. > > Afaik Cisco´s are not able to export netflow data > with fixed sampling intervals and therefore the > results for the average packet sizes are really > very questionable. > > But because you do not know when any flow will be > exported by the Cisco all values vs. time will be > very questionable, too. > > Markus > > P.S.: I will ask our Cisco experts tomorrow but > the last time I looked for the fixed export > sampling interval on these machines there was no > chance to do it. Thank you for motivating me to > ask again. > > _____________ > > Void Main wrote: > > This may be a stupid question but here goes > anyway. :) > > We're collecting flows on a Linux box from our > Cisco > > switches using the flow-tools. We are also > forwarding > > them to an instance of ntop using flow-fanout. > ntop > > does an excellent job of breaking things down. One > > thing I don't understand though. How does ntop > break > > down packet sizes in the Traffic Report? When I > use > > "flow-export" (part of the flow-tools) to dump > flow > > records into a database the packet size is not > part of > > the flow information that is exported. flow-export > > does give number of packets and total bytes > associated > > with the flow record. Does ntop just use that > > information and devide total bytes by number of > > packets (which I don't think would be very > accurate) > > or is there more to flow records than what > flow-export > > spits out? I could look at the ntop source and > figure > > things out but I'm hoping that asking the question > > here directly might get a faster answer. > > > > Thanks! > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > protection around > > http://mail.yahoo.com > > _______________________________________________ > > Ntop mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
