Date: Sun, 18 Jun 2006 23:58:46 +0200 From: "Philip Olsson" <olsson@puffy.nu> To: "Brian Candler" <B.Candler@pobox.com>, "Phil Regnauld" <regnauld@catpipe.net> Cc: freebsd-net@freebsd.org, Nash Nipples <trashy_bumper@yahoo.com> Subject: Re: Simple LAN IP accounting Message-ID: <06f801c69322$5f8969d0$0800a8c0@kaka> References: <4495530f.265f68ff.360d.48fa@mx.gmail.com><20060618142644.81731.qmail@web36304.mail.mud.yahoo.com><20060618180951.GA37133@uk.tiscali.com><20060618182151.GB2627@catpipe.net> <20060618205418.GA37548@uk.tiscali.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sun, Jun 18, 2006 at 08:21:51PM +0200, Phil Regnauld wrote: >> > very efficient way of doing this analysis. You can turn the sflow data >> > into >> > simple CSV records using 'sflowtool', or ntop has an sflow module. >> >> Ntop just seems very unreliable and bloated to me, at least after >> version 1. Has it changed ? > > I don't know. I looked at it briefly recently, but it didn't do what I > wanted (which was to be able to export and analyse *all* flows seen). At > least, there was an "export" function, but it was broken. > > If you just want something to visualize your top 20 traffic sources and > protocols, i.e. keep an eye on your network and notice sudden new large > sources such as viruses or P2P nodes, it may be useful. > Ntop is horribly unstable if you push some traffic. The memory usage increases and then later on crashes. It does not matter if you use libpcap or netflow. Something in the design seems wrong. I tested it recently and a year ago, same problem. The system does not run out of resources. // Philip
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?06f801c69322$5f8969d0$0800a8c0>