[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntop
Subject:    Re: [Ntop] packet size behaviour
From:       Luca Deri <deri () ntop ! org>
Date:       2011-11-14 8:33:14
Message-ID: 4EC0D24A.5080602 () ntop ! org
[Download RAW message or body]

David
if packets are truncated you won't see all (e.g. application statistics) 
but the rest will work

Luca

On 11/14/2011 08:21 AM, David Murray wrote:
> If ntop is unable to do this, can anyone recommend another tool that 
> might be better suited?
>
> On 07/11/11 09:16, David Murray wrote:
>> Hi,
>>
>> I have a huge 500GB pcap file that I am using to get some high level 
>> statistics. I am using the following command to feed pcap file into 
>> ntop:
>>
>> sudo ntop -m 0.0.0.0/ -f /mnt/tcpdump.pcap -n -4 -w3000 --w3c -p 
>> /etc/ntop/protocol.list
>>
>> The problem is that for privacy reasons, when we captured this data 
>> using tcpdump, we only captured the headers or the first 85 bytes. 
>> Currently, it appears that ntop is basing many of its statistics 
>> based on the real captured payload size.
>>
>> Is there any way to modify ntop behaviour to use the ip length field?
>>
>> Thanks for your time,
>> Dave
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
[prev in list] [next in list] [prev in thread] [next in thread]