[prev in list] [next in list] [prev in thread] [next in thread]
List: ntop
Subject: Re: [Ntop] packet size behaviour
From: Luca Deri <deri () ntop ! org>
Date: 2011-11-14 8:33:14
Message-ID: 4EC0D24A.5080602 () ntop ! org
[Download RAW message or body]
David
if packets are truncated you won't see all (e.g. application statistics)
but the rest will work
Luca
On 11/14/2011 08:21 AM, David Murray wrote:
> If ntop is unable to do this, can anyone recommend another tool that
> might be better suited?
>
> On 07/11/11 09:16, David Murray wrote:
>> Hi,
>>
>> I have a huge 500GB pcap file that I am using to get some high level
>> statistics. I am using the following command to feed pcap file into
>> ntop:
>>
>> sudo ntop -m 0.0.0.0/ -f /mnt/tcpdump.pcap -n -4 -w3000 --w3c -p
>> /etc/ntop/protocol.list
>>
>> The problem is that for privacy reasons, when we captured this data
>> using tcpdump, we only captured the headers or the first 85 bytes.
>> Currently, it appears that ntop is basing many of its statistics
>> based on the real captured payload size.
>>
>> Is there any way to modify ntop behaviour to use the ip length field?
>>
>> Thanks for your time,
>> Dave
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic