Il 08/08/2012 11:26, Luca Deri ha scritto:
Antenagora,
the only thing that comes to my mind is that for some reason, ntop has
in memory the same mac address twice. Can you please explain me in
detail what is the configuration you are using in ntop?
Thanks Luca,
I'm relatively new to ntop. I am testing the development version in a
small environment, only a few desktop.
I've set up a bridge on the server and ntop is configured to listen on
this bridge (br0). All the network traffic i neeed to analize flows from
eth0 to eth1 inside of the bridge. Everything seems to work correctly
even nDPI (one of the reasons i am evaluating ntop).
The only warning i am hitting in the log files is this:
Wed Aug 8 12:06:57 2012 **WARNING** RRD:
rrd_update(/usr/local/var/ntop/rrd/interfaces/br0/hosts/00/1D/09/1B/FD/C5/totPeersRcvd.rrd)
error:
/usr/local/var/ntop/rrd/interfaces/br0/hosts/00/1D/09/1B/FD/C5/totPeersRcvd.rrd:
illegal attempt to update using time 1344420416 when last update time is
1344420416 (minimum one second step)
Maybe i see some mac address twice because of my configuration, what do
you think? Are ntop developers using a chat channel like the fedora or
debian one, to discuss issues like this ?
auto eth0
iface eth0 inet manual
auto eth1
iface eth1 inet manual
auto br0
iface br0 inet manual
bridge_ports eth0 eth1
bridge_stp off
bridge_fd 0
bridge_maxwait 0
Here is the configuration:
ntop Version.....x86_64-3.2.0-27-generic-linux-gnu (64 bit)
Running as user.....nobody
Configured on.....Aug 7 2012 16:13:38
Built on.....Aug 7 2012 16:16:17
OS.....x86_64-3.2.0-27-generic-linux-gnu
This version of ntop is.....the current DEVELOPMENT version - Expect the
unexpected!
Next version recheck is.....Wed Aug 22 17:28:16 2012
libpcap Version.....libpcap version 1.1.1
RRD Version.....1.4007
GeoIP Version.....GEO-533LITE 20090701 Build 1 Copyright (c) 2007
MaxMind LLC All Rights Reserved
GeoIP AS Version.....GEO-117 20090321 Build 1 Copyright (c) 2007 MaxMind
LLC All Rights Reserved
Running from.....ntop
Libraries in...../usr/local/lib
Library path.....(nil)
Process Id.....16160
Run State.....Run
Command Line
Started as.........ntop
Resolved to.........ntop
Preferences Used
-a | --access-log-file.....(default) (nil)
-b | --disable-decoders.....(default) No
-c | --sticky-hosts.....Yes
-d | --daemon.....No
-e | --max-table-rows.....(default) 30
-g | --track-local-hosts.....(default) Track all hosts
-i | --interface (effective).....br0
-l | --pcap-log.....(default) (nil)
-m | --local-subnets (effective).....192.168.100.0/24
-n | --numeric-ip-addresses.....(default) dnsResolutionForAll
-p | --protocols.....(default) internal list
-q | --create-suspicious-packets.....(default) Disabled
-r | --refresh-time.....(default) 120
-s | --no-promiscuous.....(default) No
-t | --trace-level.....(default) 3
-u | --user.....nobody (uid=65534, gid=65534)
-w | --http-server.....Inactive
-z | --disable-sessions.....(default) No
-B | --filter-expression.....(default) none
-D | --domain.....none
-F | --flow-spec.....(default) none
-K | --enable-debug.....(default) No
-L | --use-syslog.....daemon
-M | --no-interface-merge (effective).....(default) (Merging
Interfaces) Yes
-O | --pcap-file-path.....(default) /usr/local/var/ntop
-P | --db-file-path.....(default) /usr/local/var/ntop
-Q | --spool-file-path.....(default) /usr/local/var/ntop
-U | --mapper.....(default) http://www.geoiptool.com/en/
-W | --https-server.....(default) Active, all interfaces, port 3000
-X.....32768
--disable-mutexextrainfo.....Yes
--disable-stopcap.....Yes
--instance.....(default) (nil)
--p3p-cp.....(default) none
--p3p-uri.....(default) none
--skip-version-check.....Yes
--w3c.....Yes
Run time/Internal
Web server (http://).....Not Active
SSL Web server URL.....https://any:3000
GDBM version.....GDBM version 1.8.3. 10/15/2002 (built Jul 18 2011 06:22:50)
Embedded Python.....2.7.3 (default, Apr 20 2012, 23:04:22)
[GCC 4.6.3]
OpenSSL Version.....OpenSSL 1.0.1 14 Mar 2012
zlib version.....1.2.3.4
Protocol Decoders.....Enabled
Fragment Handling.....Disabled
Tracking only local hosts.....No
# IP Protocols Being Monitored.....8
# Protocol slots.....1100
# IP Ports Being Monitored.....33
# IP Ports slots.....66
WebServer Request Queue.....10
Devices (Network Interfaces).....1
Domain name (short).....(nil)
Total Hash Collisions (Vendor/Special) (lookup).....0
Local Networks.....192.168.100.0/24
Networks
br0 Local Network.....0.0.0.0/24
ntop Web Server
Item..................http://...................https://# Handled
Requests.....-.....4907
# Successful requests (200).....-.....4904
# Bad (We don't want to talk with you) requests.....-.....0
# Invalid requests - 401 DENIED.....-.....2
# Invalid requests - 403 FORBIDDEN.....-.....0
# Invalid requests - 404 NOT FOUND.....-.....0
# SSI Requests.....0
# Bad SSI Requests.....0
# Handled SSI Requests.....0
# Handled SIGPIPE Errors.....1
Host Memory Cache
Limit.....#define MAX_HOSTS_CACHE_LEN 512
Packets
Received.....368,597
Processed Immediately.....223,893 (60.7 %)
Queued.....0 (0.0 %)
Current Queue (br0).....0
Maximum Queue (br0).....0 (Limit 2048)
Packet processing:....Queue (pre-process).......Processing
Minimum.....0.000031.....0.000004
Average.....0.000113.....0.000071
Maximum.....0.001391.....0.023777
Standard Deviation.....0.000107.....0.000745
Maximum ever.....0.165698.....0.168340
Throughput (pps) min/avg/max.....39.7/5447.2/28571.4
Host/Session counts - global
Purged Hosts.....0
Terminated Sessions.....0
Host/Session counts - Device 0 (br0)
Hash Bucket Size.....1.8 KBytes
Actual Host Hash Size.....32768
Stored hosts.....1025
Host Bucket List Length.....[min 1][max 80][avg 1.2]
Max host lookup.....79
Session Bucket Size.....424
Session Actual Hash Size.....65535
Sessions.....7,796
Max Num. Sessions.....7,796
Session Bucket List Length.....[min 1][max 4][avg 1.1]
Fragments Handling
Queued Fragments.....0
----- Address Resolution -----
DNS Sniffing (other hosts requests)
DNS Packets sniffed.....6141
less 'requests'.....3070
less 'failed'.....18
less 'reverse dns' (in-addr.arpa).....0
DNS Packets processed.....3053
Stored in cache (includes aliases).....6475
Vendor Lookup Table
Input lines read.....103555
Records added total.....16384
.....includes special records.....59
getVendorInfo() calls.....0
getSpecialVendorInfo() calls.....88
Found 48bit (xx:xx:xx:xx:xx:xx) match.....1
Found 24bit (xx:xx:xx) match.....75
Found multicast bit set.....4
Found LAA (Locally assigned address) bit set.....6
Thread counts
Active.....9
Children (active).....202
Directory (search) order
Data Files......
/usr/local/share/ntop
/usr/local/share/ntop
Config Files......
/usr/local/etc/ntop
/usr/local/etc/ntop
/etc
Plugins....../plugins
/usr/local/lib/ntop/plugins
/usr/local/lib/ntop/plugins
Compile Time: ./configure
./configure parameters.....
Built on (Host).....x86_64-unknown-linux-gnu
Built for(Target).....x86_64-unknown-linux-gnu
preprocessor (CPPFLAGS).....gcc -E -DLINUX -I/usr/local/include
-I/opt/local/include
compiler (CFLAGS).....gcc -g -O2 -I/usr/local/include
-I/opt/local/include -Wshadow -Wpointer-arith -Wmissing-prototypes
-Wmissing-declarations -Wnested-externs -fPIC -DPIC
-I/usr/include/python2.7 -I/usr/include/python2.7 -fno-strict-aliasing
-DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Wformat-security
-Werror=format-security -DHAVE_CONFIG_H
include path.....-I/usr/include/python2.7 -fno-strict-aliasing -DNDEBUG
-fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security
system libraries.....-L/usr/local/lib -L/opt/local/lib -lcrypt -lc -lssl
-lcrypto -lrrd_th -lpcap -lgdbm -lz -lpthread -ldl -lutil -lm
-lpython2.7 -lGeoIP
install path...../usr/local
GNU C (gcc) version.....4.6.3 (4.6.3)
uname data.....sysname(Linux) release(3.2.0-27-generic)
version(#43-Ubuntu SMP Fri Jul 6 14:25:57 UTC 2012) machine(x86_64)
_______________________________________________
Ntop-dev mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
