Gary, Fernando, NTOP folks, I've been noticing some similar discrepancies in the network throughput tables that are either a misunderstanding on my part or inaccuracy on the ntop part. It's important to note that my ntop boxes run on flow data and not sniffing the actual port. I'm running ntop 3.2 on Fedora Core 6 boxes.
I have another snmp tool (Cricket) that polls our router's physical interface
every 1 minute and graphs the input and output bits/sec and I have experience
that shows this tool is highly accurate. Last week, I noticed that one of the
networks was at 90+Mbits/sec for over an hour. However, the ntop throughput
graph for that same network list quite a different number. The network
throughput graph in ntop listed a current throughput of 41.2M and an average of
46.6M. I've attached the graphs as reference.
If the 41.2M means megabytes and there is a line for every 30 seconds on the
10 Minute graph, that means 41.2Megabytes went through in 30 seconds which
equals 11Mbits/sec.
Now, if the 41.2 is Megabits/sec, that's wrong too when I have a host pumping
90Mbits one way into the link. My load should be 90Mbits/sec plus whatever
else is going in/out the link.
Maybe this is a problem with me using flowdata, but I have other ntop probes
that sit "in-line" on the links they analyze and they are not accurate either.
Maybe I'm just not interpreting the graphs properly and maybe there's something
I can do to help figure this out???
Thank you --Greg Redder
Network Analyst
Colorado State University
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Gatten
Sent: Wednesday, February 27, 2008 2:42 PM
To: [email protected]
Subject: Re: [Ntop] total traffic understanding - chart and table Discrepancies
I am now noticing a very similar instance to yours in "Global Protocol
Distribution". I have 88.7% TCP, 3.1% UDP 0% ICMP. These percentages are
accurate given the values: Total IP is 9.6GB; TCP is 8.5GB; UDP is 303.3MB,
ICMP is 1.3MB. So, there's about 800MB worth of "other" data that's not
accounted for which would also equal the missing 8%.
-----Original Message-----
From: Gary Gatten
Sent: Wednesday, February 27, 2008 3:14 PM
To: '[email protected]'
Subject: RE: [Ntop] total traffic understanding - chart and table Discrepancies
Unfortunately I can't answer your specific question. I'd say rounding error,
but your values are too far apart for that.
I have some similar type issues as well. For example, the rrd data available
with historical views isn't even close to the real-time and more accurate data.
Also, some of the counters within rrd contradict themselves.
My Summary Traffic says I have 99.9% unicast in the table, but the pie chart
color tells me I have 99.9% MULTICAST.
There are a number of other anomalies that I can't recall right now. I haven't
spent as much time in the nTop GUI lately.
I wish I could remember all the issues more accurately. I guess if it starts
bothering me I'll setup a QA instance where I generate known volumes of traffic
to predetermined hosts and make sure it's accounted for correctly. Until then
I'm not sure what to do...
Gary
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fernando Yamada
Sent: Wednesday, February 27, 2008 8:13 AM
To: [email protected]
Subject: [Ntop] total traffic understanding
Hello,
I'm having difficulties trying to understand total traffic sums on ntop.
For example, in "Global protocol distribution" I have a total of 2.4 GB
(99.9%) of IP traffic. Inside this IP traffic I have 2.1 GB (87.8%) of TCP,
80.7 MB (3.3%) and ICMP/IGMP/Other IP, accouting 0% each.
Why doesn't the sum match? 87.8% + 3.3% does not equal to 99.9%
Also, on traffic directions -> Remote to Local IP, the Total Traffic does not
match any other total.
I've search in the documentation about these issues with no success. If anyone
can explain to me or indicate me something to read about, I'd appreciate.
Thanks in advance and regards,
--
Fernando Yamada
Via IP Soluções para Internet Ltda
+55 48 2106-6161
e-mail: [EMAIL PROTECTED]
MSN: [EMAIL PROTECTED]
Skype: suporte2viaip
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in
1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended
recipient and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that any
review, use, dissemination, disclosure or copying of this email and its
attachments, if any, is strictly prohibited. If you have received this email
in error, please immediately notify the sender by return email and delete this
email from your system."
</font>
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
<<attachment: cricket.png>>
<<attachment: ntop.png>>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
