I reproduce the issue.I will try to set up a traffic generator to repeat the problem on unsensitive data...
Regards, Le 17/11/2014 13:43, Luca Deri a écrit :
This is the problem of open-source. It's often a one way street Luca On 11/17/2014 01:26 PM, Jérôme BERTHIER wrote:Hi, Sorry but I won't apply a so large capture because sensitive data could be disclosed. Unfortunately, I can't even manage a test platform. At this point, I don't know how to go forward on this case. Ken seems to have the same issue. Might he generate a pcap file as expected ? Regards, Le 16/11/2014 21:34, Luca Deri a écrit :Jérôme, I need a pcap file that I can use to reproduce the bug. So 0. redis-cli flushall 1. tcpdump -s -w bug.pcap -i ethX 2. ntopng -i ethX wait until the problem is reproduced kill tcpdump gzip bug.pcap send me bug.pcap.gz Thanks LucaOn 14 Nov 2014, at 15:25, Jérôme BERTHIER <[email protected]> wrote: Hi Luca First, I would say that ntop is very impressive. You have done a great job ! thanks you About wrong names, It seems that ntopng agregates IP addresses regarding on the main name of the service. For example, we're hosting a Zimbra service on zimbra.inria.fr. At the hosts list, I can see that all nodes of this service (service VIP, message box servers, web front servers...) are tagged with the name zimbra.inria.fr. ntopng does not use their fqdn to tag them. I'm going to send you more infos in private. About pcap file, what would you like in capture ? Regards, Le 13/11/2014 15:54, Luca Deri a écrit :Jerome can you please provide me a set of steps and a pcap file I can use to reproduce the bug? LucaOn 13 Nov 2014, at 00:29, Jérôme BERTHIER <[email protected]> wrote: Le 11/11/2014 22:19, Ken Mandelberg a écrit :I'm running 1.2.2 (r8577) built today 11/11/2014 from the svn on Debian, When I look at the hosts lists, some of the hosts on the local come up with a totally wrong name, not even in our domain. Some others just come up as their IP although the reverses are perfectly available. Others yet are correct. Any ideas? _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntopHi, I have the same issue. When I look at the hosts list, a same local fqdn is abnormally reused for a lot of differents IP. Looks like a corrupted cache ? I'm running 1.2.2 (8516) on CentOS 7 from the stable repo. Regards, -- Jérôme BERTHIER _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-- Jérôme BERTHIER DSI - SESI - Reseau Inria Bordeaux - Sud-Ouest 05 24 57 40 50 _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
smime.p7s
Description: Signature cryptographique S/MIME
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
