Hello,
I've been working with aggregation on nprobe v.5.2.5 ($Revision: 964 $)
for i686-pc-linux-gnu on an Ubuntu 8.04 server box.
When I use -p=0/0/1/0/0/1, nfcapd puts about 18 MB of data on the disk
for a 5 minute window, including real AS numbers.
When I use -p=0/0/0/0/0/1, nfcapd puts exactly 444 or 392 *bytes* of
data on the disk for a 5 minute window.
There are always exactly three (very large) flows.
It seems to me this means the AS lookup is happening after the IP is
zeroed out. Or am I missing something?
Thanks,
Steve
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
