> However I'm not confident that its performances are adequate.
> What ntop does (as far as I know) is:
> - capture a packet
> - transfer it at user level (that means overhead)
> - calculate statistics
> - discard the packet
>
> What the WinPcap library intends to do is:
> - *see* a packet
> - calculate statistics
> that means incredibly lower overhead.
>
> The problem is that:
> - WinPcap is available for Win32 only
> - WinPcap does not provide advanced monitor features (these
> are still under
> development), so it cannot be deployed "as is" to make you own ntop.
How does libpcap 0.5 fit into this?
> In other way, ntop is just another packet capture tool. The difference
> between Ethereal and ntop is just that Ethereal shows packets
> while ntop
> shows statistics. However the internals, i.e. the overhead to
> perform that
> job, are absolutely the same.
> Therefore, I guess, your P-III - 1GHz could not be able to
> grab all traffic.
<shrug> Even if it's missing packets, it ought to miss them at random,
right? Therefore at least the percentages for relative amount of protocol
usage would be correct. The raw bandwidth numbers I can get from the
routers themselves via SNMP.
As long as it doesn't *crash* it'll probably work... once the packet
dissectors are fixed.
> Please correct me if I'm wrong.
<grin> Don't know yet. I've built the box, but haven't put it in play yet.
I'll let you know (should I post to the list?).
--J