hello,
I've been running ntop for a few weeks now...and it rarely
runs more than a few hours, if that.
06/Mar/2002 16:52:50 [pbuf.c:1818] WARNING: TCP session
[gateway.example.com:56068]<->[xxx.xxx.xxx.101:80] reset by gateway.example.com
without completing 3-way handshake
06/Mar/2002 16:52:51 [pbuf.c:1936] WARNING: host [xxx.xxx.xxx.70:80] performed FIN
scan of host [:2062]
06/Mar/2002 16:52:51 [pbuf.c:1936] WARNING: host [xxx.xxx.xxx.102:80] performed FIN
scan of host [:2062]
06/Mar/2002 16:52:52 [pbuf.c:1936] WARNING: host [xxx.xxx.xxx.70:80] performed FIN
scan of host [:2065]
06/Mar/2002 16:52:52 [pbuf.c:1936] WARNING: host [xxx.xxx.xxx.103:80] performed FIN
scan of host [:2065]
06/Mar/2002 16:52:52 [pbuf.c:1818] WARNING: TCP session
[cvx19-bradley.dialup.earthlink.net:3219]<->[xxx.xxx.xxx.104:80] reset by
cvx19-bradley.dialup.earthlink.net without
completing 3-way handshake
06/Mar/2002 16:52:53 [pbuf.c:1288] WARNING: unknown protocol (no HTTP) detected
(trojan?) at port 80 :2066->xxx.xxx.xxx.70:80 [no tcp, reset]
06/Mar/2002 16:52:53 [pbuf.c:1818] WARNING: TCP session [:2066]<->[xxx.xxx.xxx.70:80]
reset by without completing 3-way handshake
06/Mar/2002 16:52:53 [pbuf.c:1288] WARNING: unknown protocol (no HTTP) detected
(trojan?) at port 80 :2066->xxx.xxx.xxx.104:80 [no tcp, reset]
06/Mar/2002 16:52:53 [pbuf.c:1818] WARNING: TCP session [:2066]<->[xxx.xxx.xxx.104:80]
reset by without completing 3-way handshake
06/Mar/2002 16:52:54 [pbuf.c:1288] WARNING: unknown protocol (no HTTP) detected
(trojan?) at port 80 :2068->xxx.xxx.xxx.70:80 [no tcp, reset]
06/Mar/2002 16:52:54 [pbuf.c:1818] WARNING: TCP session [:2068]<->[xxx.xxx.xxx.70:80]
reset by without completing 3-way handshake
06/Mar/2002 16:52:54 [pbuf.c:1288] WARNING: unknown protocol (no HTTP) detected
(trojan?) at port 80 :2068->xxx.xxx.xxx.101:80 [no tcp, reset]
06/Mar/2002 16:52:54 [pbuf.c:1818] WARNING: TCP session [:2068]<->[xxx.xxx.xxx.101:80]
reset by without completing 3-way handshake
06/Mar/2002 16:52:54 [pbuf.c:1288] WARNING: unknown protocol (no HTTP) detected
(trojan?) at port 80 :2069->xxx.xxx.xxx.70:80 [no tcp, reset]
06/Mar/2002 16:52:54 [pbuf.c:1818] WARNING: TCP session [:2069]<->[xxx.xxx.xxx.70:80]
reset by without completing 3-way handshake
06/Mar/2002 16:52:54 [pbuf.c:1288] WARNING: unknown protocol (no HTTP) detected
(trojan?) at port 80 :2069->xxx.xxx.xxx.103:80 [no tcp, reset]
06/Mar/2002 16:52:54 [pbuf.c:1818] WARNING: TCP session [:2069]<->[xxx.xxx.xxx.103:80]
reset by without completing 3-way handshake
06/Mar/2002 16:52:54 [pbuf.c:1936] WARNING: host [xxx.xxx.xxx.70:80] performed FIN
scan of host [:2070]
06/Mar/2002 16:52:54 [pbuf.c:1936] WARNING: host [xxx.xxx.xxx.101:80] performed FIN
scan of host [:2070]
06/Mar/2002 16:52:55 [pbuf.c:1288] WARNING: unknown protocol (no HTTP) detected
(trojan?) at port 80 208.10.124.129:1173->xxx.xxx.xxx.70:80
06/Mar/2002 16:52:55 [pbuf.c:3361] Detected ICMP msg [type=TIMXCEED/code=0]
216.126.94.81->xxx.xxx.xxx.59
06/Mar/2002 16:52:55 [pbuf.c:3418] Host [xxx.xxx.xxx.58] sent UDP data to a closed
port of host [xxx.xxx.xxx.80:33856] (scan attempt?)
06/Mar/2002 16:52:55 [pbuf.c:3418] Host [xxx.xxx.xxx.58] sent UDP data to a closed
port of host [xxx.xxx.xxx.80:33856] (scan attempt?)
06/Mar/2002 16:52:55 [pbuf.c:3418] Host [xxx.xxx.xxx.58] sent UDP data to a closed
port of host [xxx.xxx.xxx.80:33856] (scan attempt?)
06/Mar/2002 16:52:55 [pbuf.c:3418] Host [xxx.xxx.xxx.58] sent UDP data to a closed
port of host [xxx.xxx.xxx.80:33856] (scan attempt?)
06/Mar/2002 16:52:55 [pbuf.c:3418] Host [xxx.xxx.xxx.58] sent UDP data to a closed
port of host [xxx.xxx.xxx.80:33856] (scan attempt?)
Segmentation fault
Is there a method/flag that I should be using to help track the problem down?
The box is a Mandrake Linux release 8.1 (Vitamin) for i586.
I'd could "strace" it with the "-K" flag set. Any suggestions?
from the "configuration link":
OS i686-pc-linux-gnu
ntop version 2.0.0
Built on 03/06/02 03:12:18 PM
Started as /usr/local/bin/ntop -i eth0 -D xxx.com -E -q -S2 -t5 -A2
GDBM version This is GDBM version 1.8.0, as of May 19, 1999.
OpenSSL Support OpenSSL 0.9.6b 9 Jul 2001
SSL Port Not Active
Multithreaded Yes
GD Chart Present
Chart Format .png
UCD/NET SNMP Absent
TCP Wrappers Absent
Async. Addr. Resolution Yes
lsof Support Yes
nmap Support Yes
# Handled HTTP Requests 3
Actual Hash Size 362
Top Hash Size 362
# Queued Pkts to Process 0
# Max Queued Pkts 0
# Stored Hash Hosts 278 [76 %]
# Purged Hash Hosts 0
# TCP Sessions 1190
# Terminated TCP Sessions 0
# Queued Addresses 159
# Addresses Resolved with DNS 29
# Addresses Kept Numeric 2
# Addresses Found in Cache 0
# Dropped Addresses 0
# Active Threads 10
# Monitored Processes 17
thanks alot...great program!
todd
ps: I would be using the current cvs snapshot, but I could get "sessioningn" to work,
at all.
pss: I also found a bug in the "make install" process:
make[3]: Entering directory `/home/todd/ntop-current/ntop'
/bin/sh ./mkinstalldirs /usr/local/man/man1
/usr/bin/install -c -m 644 ./intop/intop.1 /usr/local/man/man1/intop/intop.1
/usr/bin/install: cannot create regular file `/usr/local/man/man1/intop/intop.1': No
such file or directory
make[3]: *** [install-man1] Error 1
I had to make the directory myself and that fixed it...mkdir /usr/local/man/man1/intop/
--
"This UI has been brought to you by the letters 'S' and 'K', and the runlevel 3."
- Greg Andrews
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop
