If both sides of a transfer are considered 'local', then the total traffic
should only be incremented by half the amount, so the data doesn't get
counted twice. The data sent and data received should be incremented
normally.
If only one side is local, the problem doesn't exist. The total data
counter is only incremented when traffic goes to or from the local host.
If neither side is local, we probably didn't see the traffic in the first
place (<grin>), but this scenario should still be addressed, because of the
following scenario:
Host attached to network A is communicating with host attached to network B.
All traffic passes through network C to get from A to B and back. A host
running ntop is attached to network C and sees all traffic from A to B and
from B to A. NONE of the traffic it sees is 'local' traffic, because the
ntop host is on network C.
Interesting, eh?
So how about this: Do away with the concept of 'local' and 'remote' hosts
altogether, and run the counters this way:
Data sent for host A = total bytes in packets with host A as the source.
Data received by host A = total bytes in packets with host A as the
destination.
Total traffic = total bytes received by the interface on the host running
ntop (so each packet will get counted only once).
That should work for all scenarios, and the host counters should be
accurate, regardless of 'local' or 'remote'. The concept of 'local' and
'remote' could be retained if you wanted to not keep stats at all on remote
hosts (and thus, conserve memory).
--J
> -----Original Message-----
> From: Luca Deri [mailto:l.deri@tecsiel.it]
> Sent: Wednesday, May 09, 2001 8:10 AM
> To: ntop-dev@Unipi.IT
> Subject: Re: [Ntop-dev] Ntop wrong traffic calculation
>
>
> Hi Jac,
> somehow you're right but do not forget that if one of the hosts is
> remote tthen your statement won't hold. What I suggest, if all of you
> like the idea, is to relabel "Total Traffic" to "Data
> Sent+Received" .
>
> What's your opinion?
>
> Luca
>
>
>
> Jac Engel wrote:
> >
> > Why is ntop reporting "Total traffic" wrong ?
> > I did a measurement between 2 hosts and I ftp a file to host A
> > of 158.5 Mb and then from host B to A a file of 88.4Mb.
> > For me total traffic is 246.9Mb and not what your program reports
> > the double value.
> >
> > Local IP Traffic
> > Host IP Address Data Received Data Sent
> > omcldb 15.204.12.23 158.5 MB 64.2 % 88.4 MB
> 35.8 %
> > vrede 15.204.44.11 88.4 MB 35.8 % 158.5 MB
> 64.2 %
> > Total Traffic Data Received Data Sent Bandwidth
> > 493.9 MB 246.9 MB 246.9 MB 46.7 Kbps
> >
> > The calculation one receive other transmit so total traffic should
> > be 246.9MB and not 493.9 MB
> >
> > Why is it calculated a double value ?
> > Regards
> > _______________________________________________
> > Ntop-dev mailing list
> > Ntop-dev@listmanager.unipi.it
> > http://listmanager.unipi.it/mailman/listinfo/ntop-dev
>
> --
> Luca Deri NETikos S.p.A.
> Via Matteucci 34/B 56124 Pisa, Italy.
> Ph. +39/050/968.639 Fax. +39/050/968.626
> Email: luca.deri@netikos.com
> WWW: http://luca.ntop.org/ ICQ: 68183632
> Software is about stuff, about getting hands dirty - Jim Coplien
> _______________________________________________
> Ntop-dev mailing list
> Ntop-dev@listmanager.unipi.it
> http://listmanager.unipi.it/mailman/listinfo/ntop-dev
>