Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NTop>
  3. Users
Dropoff in performance after about an hour
dcolquho at opentext
May 15, 2001, 9:09 AM
Post #1 of 4 (1174 views)
Permalink
Sorry for the attachment, but these graphs are the result of my work with
Ntop, and they show a trend of false readings. After about an hour of use
on our (about 50% loaded) 10Mbit external link I see the traffic reported by
Ntop drop off. When I check the console I notice that there are 30 to 45
second pauses between TCP session announcements. There's about one minute
between pauses, meaning that Ntop is only reporting about 60% of the actual
traffic (rough guess).

You can see where Ntop has been restarted and shortly after the reported
traffic rate drops dramatically. The one hour graph shows gaps where Ntop
was unable to reply to my requests for data collection. If any more
information would help please just let me know. Thanks.

--
Dan Colquhoun
Information Services
Open Text
519-888-7111 x2482

Attached Files:

Re: Dropoff in performance after about an hour [ In reply to ]
postmaster at doladns
May 15, 2001, 9:48 AM
Post #2 of 4 (1166 views)
Permalink
ATTENTION:

The Mailer-Daemon at doladns successfully received email from you
on Tue, 15 May 2001 12:09:04 -0400 with the subject: [Ntop] Dropoff in performance after about an hour

However, it has found evidence of something that it believes to be a virus.

As a result, your email was NOT delivered to the recipient.

If you believe this to be a mistake, please email postmaster@doladns

Unless this is the case, please do not respond to this mail, it is an auto reply
Re: Dropoff in performance after about an hour [ In reply to ]
deri at ntop
May 24, 2001, 6:38 AM
Post #3 of 4 (1161 views)
Permalink
Hi Dan,
I apologise for the late reply: coulc you please save the ntop log in a file
and sned it to me so that I can see whether there's something strange when
the dropoff happens? Do you have an idea what's the cause of the problem?

How didi you draw the graphs, using the ntop Perl/PHP interface ?

Thanks, Luca


----- Original Message -----
From: "Dan Colquhoun" <dcolquho@opentext.com>
To: "Ntop" <ntop@Unipi.IT>
Sent: Tuesday, May 15, 2001 6:09 PM
Subject: [Ntop] Dropoff in performance after about an hour


> Sorry for the attachment, but these graphs are the result of my work with
> Ntop, and they show a trend of false readings. After about an hour of use
> on our (about 50% loaded) 10Mbit external link I see the traffic reported
by
> Ntop drop off. When I check the console I notice that there are 30 to 45
> second pauses between TCP session announcements. There's about one minute
> between pauses, meaning that Ntop is only reporting about 60% of the
actual
> traffic (rough guess).
>
> You can see where Ntop has been restarted and shortly after the reported
> traffic rate drops dramatically. The one hour graph shows gaps where Ntop
> was unable to reply to my requests for data collection. If any more
> information would help please just let me know. Thanks.
>
> --
> Dan Colquhoun
> Information Services
> Open Text
> 519-888-7111 x2482
>
RE: Dropoff in performance after about an hour [ In reply to ]
dcolquho at opentext
May 24, 2001, 7:37 AM
Post #4 of 4 (1154 views)
Permalink
The graphs were drawn using RRD data collected through the Perl interface.

I could send you the RRD files (as they're rather innocuous, but probably
useless) but I'm unable to send the tcpdump file generated by ntop for
security/privacy reasons (plus it's huge). I have a 200MB core file that I
can pull info from if you tell me how.

Possible causes: I've just noticed in my system messages that the interface
being used to monitor traffic is leaving promiscuous mode. I'm testing now
to confirm this. I cant think of any reason RedHat 7.1 would do this, and
as it doesn't happen at a specific time (only relative to the start of ntop)
I'm guessing it's not an OS issue.

As for why the processor usage goes to 100%, that's a mystery. It may be
causing the missed traffic or it may be a sideffect. I'll grab the
configuration screen next time it happens, but is there a better way to get
a look at the state of resources needed internally by ntop when it's
running?


-----Original Message-----
From: ntop-admin@unipi.it [mailto:ntop-admin@unipi.it]On Behalf Of Luca
Deri
Sent: May 24, 2001 9:38 AM
To: ntop@unipi.it
Subject: Re: [Ntop] Dropoff in performance after about an hour


Hi Dan,
I apologise for the late reply: coulc you please save the ntop log in a file
and sned it to me so that I can see whether there's something strange when
the dropoff happens? Do you have an idea what's the cause of the problem?

How didi you draw the graphs, using the ntop Perl/PHP interface ?

Thanks, Luca


----- Original Message -----
From: "Dan Colquhoun" <dcolquho@opentext.com>
To: "Ntop" <ntop@Unipi.IT>
Sent: Tuesday, May 15, 2001 6:09 PM
Subject: [Ntop] Dropoff in performance after about an hour


> Sorry for the attachment, but these graphs are the result of my work with
> Ntop, and they show a trend of false readings. After about an hour of use
> on our (about 50% loaded) 10Mbit external link I see the traffic reported
by
> Ntop drop off. When I check the console I notice that there are 30 to 45
> second pauses between TCP session announcements. There's about one minute
> between pauses, meaning that Ntop is only reporting about 60% of the
actual
> traffic (rough guess).
>
> You can see where Ntop has been restarted and shortly after the reported
> traffic rate drops dramatically. The one hour graph shows gaps where Ntop
> was unable to reply to my requests for data collection. If any more
> information would help please just let me know. Thanks.
>
> --
> Dan Colquhoun
> Information Services
> Open Text
> 519-888-7111 x2482
>

_______________________________________________
Ntop mailing list
Ntop@unipi.it
http://listmanager.unipi.it/mailman/listinfo/ntop

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal