Simple LAN IP accounting
Philip Olsson
olsson at puffy.nu
Sun Jun 18 21:59:06 UTC 2006
> On Sun, Jun 18, 2006 at 08:21:51PM +0200, Phil Regnauld wrote:
>> > very efficient way of doing this analysis. You can turn the sflow data
>> > into
>> > simple CSV records using 'sflowtool', or ntop has an sflow module.
>>
>> Ntop just seems very unreliable and bloated to me, at least after
>> version 1. Has it changed ?
>
> I don't know. I looked at it briefly recently, but it didn't do what I
> wanted (which was to be able to export and analyse *all* flows seen). At
> least, there was an "export" function, but it was broken.
>
> If you just want something to visualize your top 20 traffic sources and
> protocols, i.e. keep an eye on your network and notice sudden new large
> sources such as viruses or P2P nodes, it may be useful.
>
Ntop is horribly unstable if you push some traffic. The memory usage
increases and then later on crashes. It does not matter if you use libpcap
or netflow. Something in the design seems wrong.
I tested it recently and a year ago, same problem.
The system does not run out of resources.
// Philip
More information about the freebsd-net
mailing list