A note kevin, for example if you change the name of a vlan, clients etc.. you can lost too.
Regards. On Sun, Jul 27, 2014 at 8:05 PM, Spider s <[email protected]> wrote: > Hello again kevin, you only delete user and pass, if you want delete > historical, delete this: /var/tmp/ntopng. > > Regards. > > > > On Sun, Jul 27, 2014 at 11:35 AM, Luca Deri <[email protected]> wrote: > >> Kevin >> I think the problem is simpler than it appears. If you can grant me >> access to your system I can see what happens >> >> Luca >> >> On 27 Jul 2014, at 01:20, Kevin <[email protected]> wrote: >> >> Thank you for the commands. What information (other than passwords) >> does flush remove from the database? Will I lose the collected traffic >> info? Is there a way to keep that? >> >> Cheers, >> K >> ------------------------------ >> From: Spider s <[email protected]> >> Sent: 7/26/2014 3:48 PM >> To: [email protected] >> Subject: Re: [Ntop] Cannot access web UI >> >> Hello kevin. >> >> use this: >> >> sudo tcpdump -vv -XX -i eth0 port 3000 >> >> With -XX you can see the package . >> >> >> Yes kevin, we see redis take the password.check into the package with XX >> >> If the password is on the package, i think you must flush database, and >> use admin admin for login again >> >> >> Try this if the passwors exist. >> >> >> on Shell >> >> redis-cli FLUSHDB >> redis-cli FLUSHALL >> >> >> Regards. >> >> >> On Sat, Jul 26, 2014 at 11:54 PM, Kevin Neely < >> [email protected]> wrote: >> >>> Yup, redis is receiving the password, according to the monitor command. >>> >>> here are the results from monitoring redis: >>> >>> 1406411141.705469 [0 127.0.0.1:42104] "GET" "user.admin.password" >>> 1406411141.765239 [0 127.0.0.1:42104] "LPOP" "dns.toresolve" >>> 1406411142.173654 [0 127.0.0.1:42104] "LPOP" "dns.toresolve" >>> >>> >>> And here is the traffic dump. ktneely-laptop is the client and piglet >>> is the system running ntopng >>> >>> >>> ktneely@piglet:/tmp⟫ sudo tcpdump -vv -i eth0 port 3000 >>> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size >>> 65535 byte >>> s >>> 14:48:35.216218 IP (tos 0x0, ttl 64, id 58957, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 64) >>> ktneely-laptop.local.57828 > piglet.local.3000: Flags [S], cksum >>> 0xf21e (cor >>> rect), seq 812530630, win 65535, options [mss 1460,nop,wscale >>> 4,nop,nop,TS val 9 >>> 38422175 ecr 0,sackOK,eol], length 0 >>> 14:48:35.216266 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto >>> TCP (6), >>> length 60) >>> piglet.local.3000 > ktneely-laptop.local.57828: Flags [S.], cksum >>> 0x83ae (in >>> correct -> 0xdcd4), seq 3250767805, ack 812530631, win 28960, options >>> [mss 1460, >>> sackOK,TS val 127083527 ecr 938422175,nop,wscale 7], length 0 >>> 14:48:35.395977 IP (tos 0x0, ttl 64, id 9524, offset 0, flags [DF], >>> proto TCP (6 >>> ), length 52) >>> ktneely-laptop.local.57828 > piglet.local.3000: Flags [.], cksum >>> 0x5ba4 (cor >>> rect), seq 1, ack 1, win 8235, options [nop,nop,TS val 938422417 ecr >>> 127083527], >>> length 0 >>> 14:48:35.396252 IP (tos 0x0, ttl 64, id 861, offset 0, flags [DF], proto >>> TCP (6) >>> , length 512) >>> ktneely-laptop.local.57828 > piglet.local.3000: Flags [P.], cksum >>> 0x02ce (co >>> rrect), seq 1:461, ack 1, win 8235, options [nop,nop,TS val 938422417 >>> ecr 127083 >>> 527], length 460 >>> 14:48:35.396280 IP (tos 0x0, ttl 64, id 58250, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 52) >>> piglet.local.3000 > ktneely-laptop.local.57828: Flags [.], cksum >>> 0x83a6 (inc >>> orrect -> 0x78eb), seq 1, ack 461, win 235, options [nop,nop,TS val >>> 127083572 ec >>> r 938422417], length 0 >>> 14:48:35.396457 IP (tos 0x0, ttl 64, id 58251, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 187) >>> piglet.local.3000 > ktneely-laptop.local.57828: Flags [P.], cksum >>> 0x842d (in >>> correct -> 0x2163), seq 1:136, ack 461, win 235, options [nop,nop,TS val >>> 1270835 >>> 72 ecr 938422417], length 135 >>> 14:48:35.396477 IP (tos 0x0, ttl 64, id 58252, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 52) >>> piglet.local.3000 > ktneely-laptop.local.57828: Flags [F.], cksum >>> 0x83a6 (in >>> correct -> 0x7863), seq 136, ack 461, win 235, options [nop,nop,TS val >>> 127083572 >>> ecr 938422417], length 0 >>> 14:48:35.595580 IP (tos 0x0, ttl 64, id 46630, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 52) >>> ktneely-laptop.local.57828 > piglet.local.3000: Flags [.], cksum >>> 0x586a (cor >>> rect), seq 461, ack 136, win 8227, options [nop,nop,TS val 938422611 ecr >>> 1270835 >>> 72], length 0 >>> 14:48:35.595602 IP (tos 0x0, ttl 64, id 15321, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 52) >>> ktneely-laptop.local.57828 > piglet.local.3000: Flags [.], cksum >>> 0x5869 (cor >>> rect), seq 461, ack 137, win 8227, options [nop,nop,TS val 938422611 ecr >>> 1270835 >>> 72], length 0 >>> 14:48:35.596001 IP (tos 0x0, ttl 64, id 61499, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 52) >>> ktneely-laptop.local.57828 > piglet.local.3000: Flags [F.], cksum >>> 0x5868 (co >>> rrect), seq 461, ack 137, win 8227, options [nop,nop,TS val 938422611 >>> ecr 127083 >>> 572], length 0 >>> 14:48:35.596026 IP (tos 0x0, ttl 64, id 52588, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 52) >>> piglet.local.3000 > ktneely-laptop.local.57828: Flags [.], cksum >>> 0x776e (cor >>> rect), seq 137, ack 462, win 235, options [nop,nop,TS val 127083622 ecr >>> 93842261 >>> 1], length 0 >>> 14:48:35.622653 IP (tos 0x0, ttl 64, id 28558, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 64) >>> ktneely-laptop.local.57829 > piglet.local.3000: Flags [S], cksum >>> 0xa25d (cor >>> rect), seq 325625536, win 65535, options [mss 1460,nop,wscale >>> 4,nop,nop,TS val 9 >>> 38422635 ecr 0,sackOK,eol], length 0 >>> 14:48:35.622698 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto >>> TCP (6), >>> length 60) >>> piglet.local.3000 > ktneely-laptop.local.57829: Flags [S.], cksum >>> 0x83ae (in >>> correct -> 0x8e18), seq 23234227, ack 325625537, win 28960, options [mss >>> 1460,sa >>> ckOK,TS val 127083629 ecr 938422635,nop,wscale 7], length 0 >>> 14:48:35.878410 IP (tos 0x0, ttl 64, id 30807, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 64) >>> ktneely-laptop.local.57830 > piglet.local.3000: Flags [S], cksum >>> 0x3db7 (cor >>> rect), seq 1625341172, win 65535, options [mss 1460,nop,wscale >>> 4,nop,nop,TS val >>> 938422884 ecr 0,sackOK,eol], length 0 >>> 14:48:35.878438 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto >>> TCP (6), >>> length 60) >>> piglet.local.3000 > ktneely-laptop.local.57830: Flags [S.], cksum >>> 0x83ae (in >>> correct -> 0xf9a5), seq 1031764514, ack 1625341173, win 28960, options >>> [mss 1460 >>> ,sackOK,TS val 127083693 ecr 938422884,nop,wscale 7], length 0 >>> 14:48:35.997077 IP (tos 0x0, ttl 64, id 22302, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 52) >>> ktneely-laptop.local.57829 > piglet.local.3000: Flags [.], cksum >>> 0x0c7f (cor >>> rect), seq 1, ack 1, win 8235, options [nop,nop,TS val 938422982 ecr >>> 127083629], >>> length 0 >>> 14:48:35.997141 IP (tos 0x0, ttl 64, id 15666, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 409) >>> ktneely-laptop.local.57829 > piglet.local.3000: Flags [P.], cksum >>> 0x5a1b (co >>> rrect), seq 1:358, ack 1, win 8235, options [nop,nop,TS val 938422982 >>> ecr 127083 >>> 629], length 357 >>> 14:48:35.997165 IP (tos 0x0, ttl 64, id 41599, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 52) >>> piglet.local.3000 > ktneely-laptop.local.57829: Flags [.], cksum >>> 0x83a6 (inc >>> orrect -> 0x29fc), seq 1, ack 358, win 235, options [nop,nop,TS val >>> 127083723 ec >>> r 938422982], length 0 >>> 14:48:35.997506 IP (tos 0x0, ttl 64, id 41600, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 265) >>> piglet.local.3000 > ktneely-laptop.local.57829: Flags [P.], cksum >>> 0x847b (in >>> correct -> 0xd29c), seq 1:214, ack 358, win 235, options [nop,nop,TS val >>> 1270837 >>> 23 ecr 938422982], length 213 >>> 14:48:35.997599 IP (tos 0x0, ttl 64, id 41601, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 1500) >>> piglet.local.3000 > ktneely-laptop.local.57829: Flags [.], cksum >>> 0x894e (inc >>> orrect -> 0x496c), seq 214:1662, ack 358, win 235, options [nop,nop,TS >>> val 12708 >>> 3723 ecr 938422982], length 1448 >>> 14:48:35.997683 IP (tos 0x0, ttl 64, id 41602, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 1450) >>> piglet.local.3000 > ktneely-laptop.local.57829: Flags [FP.], cksum >>> 0x891c (i >>> ncorrect -> 0x4ba4), seq 1662:3060, ack 358, win 235, options >>> [nop,nop,TS val 12 >>> 7083723 ecr 938422982], length 1398 >>> 14:48:36.086741 IP (tos 0x0, ttl 64, id 42124, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 52) >>> ktneely-laptop.local.57830 > piglet.local.3000: Flags [.], cksum >>> 0x7892 (cor >>> rect), seq 1, ack 1, win 8235, options [nop,nop,TS val 938423097 ecr >>> 127083693], >>> length 0 >>> 14:48:36.225476 IP (tos 0x0, ttl 64, id 41214, offset 0, flags [DF], >>> proto TCP ( >>> 6), length 52) >>> ktneely-laptop.local.57829 > piglet.local.3000: Flags [.], cksum >>> 0x08ee (cor >>> rect), seq 358, ack 214, win 8222, options [nop,nop,TS val 938423244 ecr >>> 1270837 >>> 23], length 0 >>> 14:48:36.267069 IP (tos 0x0, ttl 64, id 4835, offset 0, flags [DF], >>> proto TCP (6 >>> ), length 52) >>> ktneely-laptop.local.57829 > piglet.local.3000: Flags [.], cksum >>> 0xfe1b (cor >>> rect), seq 358, ack 3061, win 8104, options [nop,nop,TS val 938423285 >>> ecr 127083 >>> 723], length 0 >>> 14:48:36.267104 IP (tos 0x0, ttl 64, id 5568, offset 0, flags [DF], >>> proto TCP (6 >>> ), length 52) >>> piglet.local.3000 > ktneely-laptop.local.57829: Flags [.], cksum >>> 0x1701 (correct), seq 3061, ack 359, win 235, options [nop,nop,TS val >>> 127084077 ecr 938424426], length 0 >>> 14:48:41.084582 IP (tos 0x0, ttl 64, id 38586, offset 0, flags [DF], >>> proto TCP (6), length 52) >>> ktneely-laptop.local.57830 > piglet.local.3000: Flags [F.], cksum >>> 0x651a (correct), seq 1, ack 1, win 8235, options [nop,nop,TS val 938428080 >>> ecr 127083693], length 0 >>> 14:48:41.084673 IP (tos 0x0, ttl 64, id 24258, offset 0, flags [DF], >>> proto TCP (6), length 120) >>> piglet.local.3000 > ktneely-laptop.local.57830: Flags [P.], cksum >>> 0x83ea (incorrect -> 0x47a2), seq 1:69, ack 2, win 227, options [nop,nop,TS >>> val 127084995 ecr 938428080], length 68 >>> 14:48:41.084723 IP (tos 0x0, ttl 64, id 24259, offset 0, flags [DF], >>> proto TCP (6), length 100) >>> piglet.local.3000 > ktneely-laptop.local.57830: Flags [FP.], cksum >>> 0x83d6 (incorrect -> 0xbc73), seq 69:117, ack 2, win 227, options >>> [nop,nop,TS val 127084995 ecr 938428080], length 48 >>> 14:48:41.377999 IP (tos 0x0, ttl 64, id 20584, offset 0, flags [DF], >>> proto TCP (6), length 52) >>> ktneely-laptop.local.57830 > piglet.local.3000: Flags [.], cksum >>> 0x5ea3 (correct), seq 2, ack 69, win 8231, options [nop,nop,TS val >>> 938428369 ecr 127084995], length 0 >>> 14:48:41.378042 IP (tos 0x0, ttl 64, id 4240, offset 0, flags [DF], >>> proto TCP (6), length 52) >>> ktneely-laptop.local.57830 > piglet.local.3000: Flags [.], cksum >>> 0x5e75 (correct), seq 2, ack 118, win 8228, options [nop,nop,TS val >>> 938428369 ecr 127084995], length 0 >>> >>> >>> >>> >>> >>> On 07/24/2014 09:06 AM, Spider s wrote: >>> >>> Hello again, more easy for debug. >>> >>> Yo can use redis client and monitor, and check if password was send. >>> >>> Do this on shell >>> : >>> redis-cli >>> >>> monitor >>> >>> >>> Now go to the web and try login. >>> >>> You must see any similar to this: >>> >>> >>> 1406217237.542554 "LPOP" "dns.toresolve" >>> 1406217237.642430 "LPOP" "dns.toresolve" >>> 1406217238.542795 "LPOP" "dns.toresolve" >>> 1406217238.642616 "LPOP" "dns.toresolve" >>> 1406217238.697366 "GET" "user.admin.password" >>> >>> Now you can check if password was send to redis. >>> >>> >>> If not try reset complete database, if is corrupt you need flush. >>> >>> >>> >>> (from Shell) >>> >>> redis-cli FLUSHDB >>> redis-cli FLUSHALL >>> >>> >>> Remove redis-cli if you are into redis-cli. >>> >>> With this you lost all users from DB. >>> Let me know when you solve it. >>> Regards. >>> >>> >>> On Thu, Jul 24, 2014 at 5:41 PM, Spider s <[email protected]> >>> wrote: >>> >>>> Hello, kevin try this: >>>> >>>> >>>> tcpdump -i venet0:0 -vv -XX port 3000 >>>> >>>> Port 3000 if use default port. >>>> >>>> >>>> With this you can see all packets send to port 3000, and check if we >>>> send the password, or is a redis error. >>>> >>>> >>>> xx.xxx.xxx.xxx > vps.com.3000: Flags [P.], cksum 0xc8a1 (correct), seq >>>> 1:449, ack 1, win 4380, length 448 >>>> 0x0000: 0000 ffff 0000 0000 0000 0000 0000 0800 >>>> ................ >>>> 0x0010: 4500 01e8 4808 4000 6e06 87dd 5981 3cec [email protected] >>>> .<. >>>> 0x0020: 17ef 8cce 0a5e 0bb8 79df bce4 a162 b986 >>>> .....^..y....b.. >>>> 0x0030: 5018 111c c8a1 0000 504f 5354 202f 6175 >>>> P.......POST./au >>>> 0x0040: 7468 6f72 697a 652e 6874 6d6c 2048 5454 >>>> thorize.html.HTT >>>> 0x0050: 502f 312e 310d 0a41 6363 6570 743a 2074 >>>> P/1.1..Accept:.t >>>> 0x0060: 6578 742f 6874 6d6c 2c20 6170 706c 6963 >>>> ext/html,.applic >>>> 0x0070: 6174 696f 6e2f 7868 746d 6c2b 786d 6c2c >>>> ation/xhtml+xml, >>>> 0x0080: 202a 2f2a 0d0a 5265 6665 7265 723a 2068 >>>> .*/*..Referer:.h >>>> 0x0090: 7474 703a 2f2f 3233 2e32 3339 2e31 3430 >>>> ttp://23.239.140 >>>> 0x00a0: 2e32 3036 3a33 3030 302f 6c6f 6769 6e2e >>>> .206:3000/login. >>>> 0x00b0: 6874 6d6c 0d0a 4163 6365 7074 2d4c 616e >>>> html..Accept-Lan >>>> 0x00c0: 6775 6167 653a 2065 732d 4553 0d0a 5573 >>>> guage:.es-ES..Us >>>> 0x00d0: 6572 2d41 6765 6e74 3a20 4d6f 7a69 6c6c >>>> er-Agent:.Mozill >>>> 0x00e0: 612f 352e 3020 2857 696e 646f 7773 204e >>>> a/5.0.(Windows.N >>>> 0x00f0: 5420 362e 313b 2057 4f57 3634 3b20 5472 >>>> T.6.1;.WOW64;.Tr >>>> 0x0100: 6964 656e 742f 372e 303b 2072 763a 3131 >>>> ident/7.0;.rv:11 >>>> 0x0110: 2e30 2920 6c69 6b65 2047 6563 6b6f 0d0a >>>> .0).like.Gecko.. >>>> 0x0120: 436f 6e74 656e 742d 5479 7065 3a20 6170 >>>> Content-Type:.ap >>>> 0x0130: 706c 6963 6174 696f 6e2f 782d 7777 772d >>>> plication/x-www- >>>> 0x0140: 666f 726d 2d75 726c 656e 636f 6465 640d >>>> form-urlencoded. >>>> 0x0150: 0a41 6363 6570 742d 456e 636f 6469 6e67 >>>> .Accept-Encoding >>>> 0x0160: 3a20 677a 6970 2c20 6465 666c 6174 650d >>>> :.gzip,.deflate. >>>> 0x0170: 0a48 6f73 743a 2032 332e 3233 392e 3134 >>>> .Host:.23.239.14 >>>> 0x0180: 302e 3230 363a 3330 3030 0d0a 436f 6e74 >>>> 0.206:3000..Cont >>>> 0x019 >>>> >>> >> [The entire original message is not included.] >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
