Re: [Ntop] Cannot access web UI

Kevin Sat, 26 Jul 2014 16:21:07 -0700

Thank you for the commands. What information (other than passwords) does flush 
remove from the database?  Will I lose the collected traffic info? Is there a 
way to keep that?


Cheers,
K

-----Original Message-----
From: "Spider s" <[email protected]>
Sent: ‎7/‎26/‎2014 3:48 PM
To: "[email protected]" <[email protected]>
Subject: Re: [Ntop] Cannot access web UI

Hello kevin.


use this:


sudo tcpdump -vv -XX -i eth0 port 3000


With -XX you can see the package .




Yes kevin, we see redis take the password.check into the package with XX


If the password is on the package, i think you must flush database, and use 
admin admin for login again




Try this if the passwors exist.




on Shell


redis-cli FLUSHDB
redis-cli FLUSHALL




Regards.



On Sat, Jul 26, 2014 at 11:54 PM, Kevin Neely <[email protected]> 
wrote:

Yup, redis is receiving the password, according to the monitor command.

here are the results from monitoring redis:

1406411141.705469 [0 127.0.0.1:42104] "GET" "user.admin.password"
1406411141.765239 [0 127.0.0.1:42104] "LPOP" "dns.toresolve"
1406411142.173654 [0 127.0.0.1:42104] "LPOP" "dns.toresolve"


And here is the traffic dump.  ktneely-laptop is the client and piglet is the 
system running ntopng


ktneely@piglet:/tmp⟫ sudo tcpdump -vv -i eth0 port 3000        
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 byte
s
14:48:35.216218 IP (tos 0x0, ttl 64, id 58957, offset 0, flags [DF], proto TCP (
6), length 64)
    ktneely-laptop.local.57828 > piglet.local.3000: Flags [S], cksum 0xf21e (cor
rect), seq 812530630, win 65535, options [mss 1460,nop,wscale 4,nop,nop,TS val 9
38422175 ecr 0,sackOK,eol], length 0
14:48:35.216266 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), 
length 60)
    piglet.local.3000 > ktneely-laptop.local.57828: Flags [S.], cksum 0x83ae (in
correct -> 0xdcd4), seq 3250767805, ack 812530631, win 28960, options [mss 1460,
sackOK,TS val 127083527 ecr 938422175,nop,wscale 7], length 0
14:48:35.395977 IP (tos 0x0, ttl 64, id 9524, offset 0, flags [DF], proto TCP (6
), length 52)
    ktneely-laptop.local.57828 > piglet.local.3000: Flags [.], cksum 0x5ba4 (cor
rect), seq 1, ack 1, win 8235, options [nop,nop,TS val 938422417 ecr 127083527],
 length 0
14:48:35.396252 IP (tos 0x0, ttl 64, id 861, offset 0, flags [DF], proto TCP (6)
, length 512)
    ktneely-laptop.local.57828 > piglet.local.3000: Flags [P.], cksum 0x02ce (co
rrect), seq 1:461, ack 1, win 8235, options [nop,nop,TS val 938422417 ecr 127083
527], length 460
14:48:35.396280 IP (tos 0x0, ttl 64, id 58250, offset 0, flags [DF], proto TCP (
6), length 52)
    piglet.local.3000 > ktneely-laptop.local.57828: Flags [.], cksum 0x83a6 (inc
orrect -> 0x78eb), seq 1, ack 461, win 235, options [nop,nop,TS val 127083572 ec
r 938422417], length 0
14:48:35.396457 IP (tos 0x0, ttl 64, id 58251, offset 0, flags [DF], proto TCP (
6), length 187)
    piglet.local.3000 > ktneely-laptop.local.57828: Flags [P.], cksum 0x842d (in
correct -> 0x2163), seq 1:136, ack 461, win 235, options [nop,nop,TS val 1270835
72 ecr 938422417], length 135
14:48:35.396477 IP (tos 0x0, ttl 64, id 58252, offset 0, flags [DF], proto TCP (
6), length 52)
    piglet.local.3000 > ktneely-laptop.local.57828: Flags [F.], cksum 0x83a6 (in
correct -> 0x7863), seq 136, ack 461, win 235, options [nop,nop,TS val 127083572
 ecr 938422417], length 0
14:48:35.595580 IP (tos 0x0, ttl 64, id 46630, offset 0, flags [DF], proto TCP (
6), length 52)
    ktneely-laptop.local.57828 > piglet.local.3000: Flags [.], cksum 0x586a (cor
rect), seq 461, ack 136, win 8227, options [nop,nop,TS val 938422611 ecr 1270835
72], length 0
14:48:35.595602 IP (tos 0x0, ttl 64, id 15321, offset 0, flags [DF], proto TCP (
6), length 52)
    ktneely-laptop.local.57828 > piglet.local.3000: Flags [.], cksum 0x5869 (cor
rect), seq 461, ack 137, win 8227, options [nop,nop,TS val 938422611 ecr 1270835
72], length 0
14:48:35.596001 IP (tos 0x0, ttl 64, id 61499, offset 0, flags [DF], proto TCP (
6), length 52)
    ktneely-laptop.local.57828 > piglet.local.3000: Flags [F.], cksum 0x5868 (co
rrect), seq 461, ack 137, win 8227, options [nop,nop,TS val 938422611 ecr 127083
572], length 0
14:48:35.596026 IP (tos 0x0, ttl 64, id 52588, offset 0, flags [DF], proto TCP (
6), length 52)
    piglet.local.3000 > ktneely-laptop.local.57828: Flags [.], cksum 0x776e (cor
rect), seq 137, ack 462, win 235, options [nop,nop,TS val 127083622 ecr 93842261
1], length 0
14:48:35.622653 IP (tos 0x0, ttl 64, id 28558, offset 0, flags [DF], proto TCP (
6), length 64)
    ktneely-laptop.local.57829 > piglet.local.3000: Flags [S], cksum 0xa25d (cor
rect), seq 325625536, win 65535, options [mss 1460,nop,wscale 4,nop,nop,TS val 9
38422635 ecr 0,sackOK,eol], length 0
14:48:35.622698 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), 
length 60)
    piglet.local.3000 > ktneely-laptop.local.57829: Flags [S.], cksum 0x83ae (in
correct -> 0x8e18), seq 23234227, ack 325625537, win 28960, options [mss 1460,sa
ckOK,TS val 127083629 ecr 938422635,nop,wscale 7], length 0
14:48:35.878410 IP (tos 0x0, ttl 64, id 30807, offset 0, flags [DF], proto TCP (
6), length 64)
    ktneely-laptop.local.57830 > piglet.local.3000: Flags [S], cksum 0x3db7 (cor
rect), seq 1625341172, win 65535, options [mss 1460,nop,wscale 4,nop,nop,TS val 
938422884 ecr 0,sackOK,eol], length 0
14:48:35.878438 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), 
length 60)
    piglet.local.3000 > ktneely-laptop.local.57830: Flags [S.], cksum 0x83ae (in
correct -> 0xf9a5), seq 1031764514, ack 1625341173, win 28960, options [mss 1460
,sackOK,TS val 127083693 ecr 938422884,nop,wscale 7], length 0
14:48:35.997077 IP (tos 0x0, ttl 64, id 22302, offset 0, flags [DF], proto TCP (
6), length 52)
    ktneely-laptop.local.57829 > piglet.local.3000: Flags [.], cksum 0x0c7f (cor
rect), seq 1, ack 1, win 8235, options [nop,nop,TS val 938422982 ecr 127083629],
 length 0
14:48:35.997141 IP (tos 0x0, ttl 64, id 15666, offset 0, flags [DF], proto TCP (
6), length 409)
    ktneely-laptop.local.57829 > piglet.local.3000: Flags [P.], cksum 0x5a1b (co
rrect), seq 1:358, ack 1, win 8235, options [nop,nop,TS val 938422982 ecr 127083
629], length 357
14:48:35.997165 IP (tos 0x0, ttl 64, id 41599, offset 0, flags [DF], proto TCP (
6), length 52)
    piglet.local.3000 > ktneely-laptop.local.57829: Flags [.], cksum 0x83a6 (inc
orrect -> 0x29fc), seq 1, ack 358, win 235, options [nop,nop,TS val 127083723 ec
r 938422982], length 0
14:48:35.997506 IP (tos 0x0, ttl 64, id 41600, offset 0, flags [DF], proto TCP (
6), length 265)
    piglet.local.3000 > ktneely-laptop.local.57829: Flags [P.], cksum 0x847b (in
correct -> 0xd29c), seq 1:214, ack 358, win 235, options [nop,nop,TS val 1270837
23 ecr 938422982], length 213
14:48:35.997599 IP (tos 0x0, ttl 64, id 41601, offset 0, flags [DF], proto TCP (
6), length 1500)
    piglet.local.3000 > ktneely-laptop.local.57829: Flags [.], cksum 0x894e (inc
orrect -> 0x496c), seq 214:1662, ack 358, win 235, options [nop,nop,TS val 12708
3723 ecr 938422982], length 1448
14:48:35.997683 IP (tos 0x0, ttl 64, id 41602, offset 0, flags [DF], proto TCP (
6), length 1450)
    piglet.local.3000 > ktneely-laptop.local.57829: Flags [FP.], cksum 0x891c (i
ncorrect -> 0x4ba4), seq 1662:3060, ack 358, win 235, options [nop,nop,TS val 12
7083723 ecr 938422982], length 1398
14:48:36.086741 IP (tos 0x0, ttl 64, id 42124, offset 0, flags [DF], proto TCP (
6), length 52)
    ktneely-laptop.local.57830 > piglet.local.3000: Flags [.], cksum 0x7892 (cor
rect), seq 1, ack 1, win 8235, options [nop,nop,TS val 938423097 ecr 127083693],
 length 0
14:48:36.225476 IP (tos 0x0, ttl 64, id 41214, offset 0, flags [DF], proto TCP (
6), length 52)
    ktneely-laptop.local.57829 > piglet.local.3000: Flags [.], cksum 0x08ee (cor
rect), seq 358, ack 214, win 8222, options [nop,nop,TS val 938423244 ecr 1270837
23], length 0
14:48:36.267069 IP (tos 0x0, ttl 64, id 4835, offset 0, flags [DF], proto TCP (6
), length 52)
    ktneely-laptop.local.57829 > piglet.local.3000: Flags [.], cksum 0xfe1b (cor
rect), seq 358, ack 3061, win 8104, options [nop,nop,TS val 938423285 ecr 127083
723], length 0
14:48:36.267104 IP (tos 0x0, ttl 64, id 5568, offset 0, flags [DF], proto TCP (6
), length 52)
    piglet.local.3000 > ktneely-laptop.local.57829: Flags [.], cksum 0x1701 
(correct), seq 3061, ack 359, win 235, options [nop,nop,TS val 127084077 ecr 
938424426], length 0
14:48:41.084582 IP (tos 0x0, ttl 64, id 38586, offset 0, flags [DF], proto TCP 
(6), length 52)
    ktneely-laptop.local.57830 > piglet.local.3000: Flags [F.], cksum 0x651a 
(correct), seq 1, ack 1, win 8235, options [nop,nop,TS val 938428080 ecr 
127083693], length 0
14:48:41.084673 IP (tos 0x0, ttl 64, id 24258, offset 0, flags [DF], proto TCP 
(6), length 120)
    piglet.local.3000 > ktneely-laptop.local.57830: Flags [P.], cksum 0x83ea 
(incorrect -> 0x47a2), seq 1:69, ack 2, win 227, options [nop,nop,TS val 
127084995 ecr 938428080], length 68
14:48:41.084723 IP (tos 0x0, ttl 64, id 24259, offset 0, flags [DF], proto TCP 
(6), length 100)
    piglet.local.3000 > ktneely-laptop.local.57830: Flags [FP.], cksum 0x83d6 
(incorrect -> 0xbc73), seq 69:117, ack 2, win 227, options [nop,nop,TS val 
127084995 ecr 938428080], length 48
14:48:41.377999 IP (tos 0x0, ttl 64, id 20584, offset 0, flags [DF], proto TCP 
(6), length 52)
    ktneely-laptop.local.57830 > piglet.local.3000: Flags [.], cksum 0x5ea3 
(correct), seq 2, ack 69, win 8231, options [nop,nop,TS val 938428369 ecr 
127084995], length 0
14:48:41.378042 IP (tos 0x0, ttl 64, id 4240, offset 0, flags [DF], proto TCP 
(6), length 52)
    ktneely-laptop.local.57830 > piglet.local.3000: Flags [.], cksum 0x5e75 
(correct), seq 2, ack 118, win 8228, options [nop,nop,TS val 938428369 ecr 
127084995], length 0






On 07/24/2014 09:06 AM, Spider s wrote:

Hello again, more easy for debug.


Yo can use redis client and monitor, and check if password was send.


Do this on shell
:
redis-cli


monitor




Now go to the web and try login.


You must see any similar to this:




1406217237.542554 "LPOP" "dns.toresolve"
1406217237.642430 "LPOP" "dns.toresolve"
1406217238.542795 "LPOP" "dns.toresolve"
1406217238.642616 "LPOP" "dns.toresolve"
1406217238.697366 "GET" "user.admin.password"


Now you can check if password was send to redis.




If not try reset complete database, if is corrupt you need flush.






(from Shell)

redis-cli FLUSHDB
redis-cli FLUSHALL



Remove redis-cli if you are into redis-cli.


With this you lost all users from DB.
Let me know when you solve it.
Regards.



On Thu, Jul 24, 2014 at 5:41 PM, Spider s <[email protected]> wrote:

Hello, kevin  try this:




tcpdump -i venet0:0 -vv -XX port 3000


Port 3000 if use default port.




With this you can see all packets send to port 3000, and check if we send the 
password, or is a redis error.




xx.xxx.xxx.xxx > vps.com.3000: Flags [P.], cksum 0xc8a1 (correct), seq 1:449, 
ack 1, win 4380, length 448
        0x0000:  0000 ffff 0000 0000 0000 0000 0000 0800  ................
        0x0010:  4500 01e8 4808 4000 6e06 87dd 5981 3cec  [email protected].<.
        0x0020:  17ef 8cce 0a5e 0bb8 79df bce4 a162 b986  .....^..y....b..
        0x0030:  5018 111c c8a1 0000 504f 5354 202f 6175  P.......POST./au
        0x0040:  7468 6f72 697a 652e 6874 6d6c 2048 5454  thorize.html.HTT
        0x0050:  502f 312e 310d 0a41 6363 6570 743a 2074  P/1.1..Accept:.t
        0x0060:  6578 742f 6874 6d6c 2c20 6170 706c 6963  ext/html,.applic
        0x0070:  6174 696f 6e2f 7868 746d 6c2b 786d 6c2c  ation/xhtml+xml,
        0x0080:  202a 2f2a 0d0a 5265 6665 7265 723a 2068  .*/*..Referer:.h
        0x0090:  7474 703a 2f2f 3233 2e32 3339 2e31 3430  ttp://23.239.140
        0x00a0:  2e32 3036 3a33 3030 302f 6c6f 6769 6e2e  .206:3000/login.
        0x00b0:  6874 6d6c 0d0a 4163 6365 7074 2d4c 616e  html..Accept-Lan
        0x00c0:  6775 6167 653a 2065 732d 4553 0d0a 5573  guage:.es-ES..Us
        0x00d0:  6572 2d41 6765 6e74 3a20 4d6f 7a69 6c6c  er-Agent:.Mozill
        0x00e0:  612f 352e 3020 2857 696e 646f 7773 204e  a/5.0.(Windows.N
        0x00f0:  5420 362e 313b 2057 4f57 3634 3b20 5472  T.6.1;.WOW64;.Tr
        0x0100:  6964 656e 742f 372e 303b 2072 763a 3131  ident/7.0;.rv:11
        0x0110:  2e30 2920 6c69 6b65 2047 6563 6b6f 0d0a  .0).like.Gecko..
        0x0120:  436f 6e74 656e 742d 5479 7065 3a20 6170  Content-Type:.ap
        0x0130:  706c 6963 6174 696f 6e2f 782d 7777 772d  plication/x-www-
        0x0140:  666f 726d 2d75 726c 656e 636f 6465 640d  form-urlencoded.
        0x0150:  0a41 6363 6570 742d 456e 636f 6469 6e67  .Accept-Encoding
        0x0160:  3a20 677a 6970 2c20 6465 666c 6174 650d  :.gzip,.deflate.
        0x0170:  0a48 6f73 743a 2032 332e 3233 392e 3134  .Host:.23.239.14
        0x0180:  302e 3230 363a 3330 3030 0d0a 436f 6e74  0.206:3000..Cont
        0x019

[The entire original message is not included.]

_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: [Ntop] Cannot access web UI

Reply via email to