You know, it sounds like ntop isn't being successful in putting the
interface into promiscuous mode, while ethereal is...
Do this....
1. Check the log for messages about the interface dropping out of promisc
mode.
Jul 9 12:23:45 tigger kernel: device eth1 left promiscuous mode
2. Check your security level
I know for a fact that at certain levels, Mandrake runs a 'promiscuous
check' every minute.
Perhaps it's resetting the interface also???
See http://www.mandrakesecure.net/en/docs/msec.php
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Tschopp, Christian
Sent: Thursday, July 10, 2003 9:01 AM
To: '[EMAIL PROTECTED]'
Subject: AW: [Ntop] Problem with high traffic
OS: ___linux_______ version: ___mandrake 9.1_______
ntop from: _________source_________ (rpm, source, ports, etc.)
Hardware: CPU: ___i86__ (i86, SPARC, etc.)
# Processors: __1___
Memory: __128___ MB
Network:
Ethernet: 3
Broadcast: 3
IP: 1
Network Interface 0 eth1
Mfg: ___________3com_________ Model: ____________________
NIC Speed: 10/100Bus: PCI
Location: LAN
Bandwidth: 100Mbps+
# Hosts (machines): ____30+______
----------------------------------------------------------------------------
---
Log extract
----------------------------------------------------------------------------
---
Problem Description
As i wrote before, ntop doesn't see anything but a few packets going through
the link. However, there is quite a huge traffic on this link.
The strange thing is, when I launch Ethereal on the same machine, ntop
starts to see all the packets going through.
When I stop the capture on Ethereal, ntop cannot see anything anymore.
I thought this could have something to do with pcap librabries, so I built
the latest version of pcap, and then the latest stable version of ntop.
I've tried to find something about this on the back traffic, but I couldn't
find someone who had the same problem.
my first post is at the bottom of this mail.
I haven't got a clue where this problem could com from... if someone could
give a hint, a solution or just something to try to work this out, it could
be very helpful.
If you think I could provide more information on this problem, just ask...
thank you for your help
Chris
ntop version.....2.2
Built on.....07/10/03 03:18:48 PM
OS.....i686-pc-linux-gnu
ntop Process Id.....13032
http Process Id.....13038
Command line
Started as..../usr/local/bin/ntop --db-file-path
/home/monitor/Tools/ntop-2.2/ntop/db --user monitor --local-subnets
10.0.0.0/255.0.0.0 --daemon --interface eth1 --sticky-hosts
Resolved to..../usr/local/bin/ntop
--db-file-path
/home/monitor/Tools/ntop-2.2/ntop/db
--user
monitor
--local-subnets
10.0.0.0/255.0.0.0
--daemon
--interface
eth1
--sticky-hosts
Command line parameters are:
-a | --access-log-path.....(default) (nil)
-b | --disable-decoders.....(default) No
-c | --sticky-hosts.....Yes
-d | --daemon.....Yes
-e | --max-table-rows.....(default) 128
-f | --traffic-dump-file.....(default) (nil)
-g | --track-local-hosts.....(default) Track all hosts
-o | --no-mac.....(default) Trust MAC Addresses
-i | --interface (effective).....eth1
-k | --filter-expression-in-extra-frame.....(default) No
-l | --pcap-log.....(default) (nil)
-m | --local-subnets (effective).....10.0.0.0/8
-n | --numeric-ip-addresses.....(default) No
-p | --protocols.....(default) internal list
-q | --create-suspicious-packets.....(default) Disabled
-r | --refresh-time.....(default) 120
-s | --no-promiscuous.....(default) No
-t | --trace-level.....(default) 3
-u | --user.....monitor (uid=501, gid=501)
-w | --http-server.....(default) Active, all interfaces, port 3000
-z | --disable-sessions.....(default) No
-B | --filter-expression.....(default) none
-D | --domain.....none
-E | --enable-external-tools.....(default) No
-F | --flow-spec.....(default) none
-K | --enable-debug.....(default) No
-L | --use-syslog.....daemon
-M | --no-interface-merge (effective).....(default) (Merging Interfaces)
Yes
-O | --pcap-file-path.....(default) /usr/local/var/ntop
-P | --db-file-path...../home/monitor/Tools/ntop-2.2/ntop/db
-U | --mapper.....(default) (nil)
-W | --https-server.....Uninitialized
--throughput-chart-type.....(default) Area
--ignore-sigpipe.....(default) No
--ssl-watchdog.....(default) No
--dynamic-purge-limits.....(default) No
--reuse-rrd-graphics.....(default) No
--p3p-cp.....(default) none
--p3p-uri.....(default) none
--disable-stopcap.....(default) No
Note: (effective) means that this is the value after ntop has processed
the parameter.
(default) means this is the default value, usually (but not always) set by
a #define in globals-defines.h.
Run time/Internal
External tool: lsof.....(no -E parameter): Disabled
Web server URL.....http://any:3000
SSL Web server (https://).....Not Active
GDBM version.....This is GDBM version 1.8.0, as of May 19, 1999.
OpenSSL Version.....OpenSSL 0.9.7a Feb 19 2003
zlib version.....1.1.4
Protocol Decoders.....Enabled
Fragment Handling.....Enabled
Tracking only local hosts.....No
# IP Protocols Being Monitored.....18
# Protocol slots.....926
# IP Ports Being Monitored.....58
# Ports slots.....116
# Handled SIGPIPE Errors.....0
# Handled HTTP Requests.....134
Devices (Network Interfaces).....1
Domain name (short).....
IP to country flag table (entries).....47455
Total Hash Collisions (Vendor/Special) (lookup).....0
Local Networks.....10.0.0.0/255.0.0.0 [all devices]
0.0.0.0/255.255.255.255 [device eth1]
Memory allocation - data segment
arena limit, getrlimit(RLIMIT_DATA, ...).....-1
Allocated blocks (ordblks).....68
Allocated (arena).....4804956
Used (uordblks).....4577172
Free (fordblks).....227784
Memory allocation - mmapped
Allocated blocks (hblks).....7
Allocated bytes (hblkhd).....5804032
Memory Usage
IPX/SAP Hash Size (bytes).....1897
IP to country flag table (bytes).....1454304 (1.4 MB)
Bytes per entry.....30.6
Current memory usage.....10608988
Base memory usage.....8331612
Hosts stored (active+cache).....49 = (3 + 46)
(very) Approximate memory per host.....45.4KB
Host Memory Cache
Limit.....#define MAX_HOSTS_CACHE_LEN 512
Current Size.....46
Maximum Size.....48
# Entries Reused.....57
MAC/IPX Hash tables
IPX/SAP Hash Size (entries).....179
IPX/SAP Hash Collisions (load).....0
IPX/SAP Hash Collisions (use).....0
Packet queue
Queued to Process.....0
Maximum queue.....0
Host/Session counts - global
Purge idle hosts.....Enabled
Purged hosts.....103
Maximum hosts to purge per cycle.....512
DEFAULT_MAXIMUM_HOSTS_PURGE_PER_CYCLE.....512
Terminated Sessions.....0
Host/Session counts - Device 0 (eth1)
Actual Hash Size.....32
Stored hosts.....3 [9 %]
Sessions.....0
Max Num. Sessions.....0
Address Resolution
DNS sniffed:
DNS Packets sniffed.....0
less 'requests'.....0
less 'failed'.....0
less 'reverse dns' (in-addr.arpa).....0
DNS Packets processed.....0
Stored in cache (includes aliases).....0
IP to name - ipaddr2str():
Total calls.....31
....OK.....7
....Total not found.....24
........Not found in cache.....24
........Too old in cache.....0
Queued - dequeueAddress():
Total Queued.....24
Not queued (duplicate).....0
Maximum Queued.....4
Current Queue.....0
Resolved - resolveAddress():
Addresses to resolve.....24
....less 'Error: No cache database'.....0
....less 'Found in ntop cache'.....0
Gives: # gethost (DNS lookup) calls.....24
DNS lookup calls:
DNS resolution attempts.....24
....Success: Resolved.....24
....Failed.....0
........HOST_NOT_FOUND.....0
........NO_DATA.....0
........NO_RECOVERY.....0
........TRY_AGAIN (don't store).....0
........Other error (don't store).....0
DNS lookups stored in cache.....24
Host addresses kept numeric.....0
Vendor Lookup Table
Input lines read.....131
Records added total.....121
.....includes special records.....59
getVendorInfo() calls.....0
getSpecialVendorInfo() calls.....102
Found 48bit (xx:xx:xx:xx:xx:xx) match.....0
Found 24bit (xx:xx:xx) match.....43
Found multicast bit set.....4
Found LAA (Locally assigned address) bit set.....0
Thread counts
Active.....5
Dequeue.....1
Children (active).....71
Reject duration (seconds).....300
It is now.....Thu Jul 10 15:52:15 2003
Directory (search) order
Data Files......<br>/usr/local/share/ntop<br>
Config Files......<br>/usr/local/etc/ntop<br>/etc<br>
Plugins....../plugins<br>/usr/local/lib/ntop/plugins<br>
Compile Time: ./configure
./configure parameters.....
Built on (Host).....i686-pc-linux-gnu
Built for (Target).....i686-pc-linux-gnu
compiler (cflags).....gcc -DLINUX -g -O2 -Wshadow -Wpointer-arith
-Wmissing-prototypes -Wmissing-declarations -Wnested-externs -fPIC
-DHAVE_CONFIG_H
include path.....-I/home/monitor/Tools/ntop-2.2/gdchart0.94c/zlib-1.1.4
-I/home/monitor/Tools/ntop-2.2/gdchart0.94c
-I/home/monitor/Tools/ntop-2.2/gdchart0.94c/gd-1.8.3
-I/home/monitor/Tools/ntop-2.2/gdchart0.94c/gd-1.8.3/libpng-1.2.4
system libraries.....-lglib -lpthread -lresolv -lnsl -lm -lssl -lcrypto
-lpcap -lgdbm -ldl -lcrypt -lc
-L/home/monitor/Tools/ntop-2.2/gdchart0.94c/zlib-1.1.4 -lz
-L/home/monitor/Tools/ntop-2.2/gdchart0.94c -lgdchart
-L/home/monitor/Tools/ntop-2.2/gdchart0.94c/gd-1.8.3 -lgd
-L/home/monitor/Tools/ntop-2.2/gdchart0.94c/gd-1.8.3/libpng-1.2.4 -lpng
install path...../usr/local
GNU C (gcc) version.....3.2.2 (Mandrake Linux 9.1 3.2.2-3mdk) (3.2.2)
Internationalization (i18n)
i18n enabled.....No
Compile Time: Debug settings in globals-defines.h
DEBUG.....no
ADDRESS_DEBUG.....no
DNS_DEBUG.....no
DNS_SNIFF_DEBUG.....no
FTP_DEBUG.....no
GDBM_DEBUG.....no
HASH_DEBUG.....no
HOST_FREE_DEBUG.....no
HTTP_DEBUG.....no
IDLE_PURGE_DEBUG.....no
MEMORY_DEBUG.....no
NETFLOW_DEBUG.....no
SEMAPHORE_DEBUG.....no
SESSION_TRACE_DEBUG.....no
SSLWATCHDOG_DEBUG.....no
STORAGE_DEBUG.....no
UNKNOWN_PACKET_DEBUG.....no
Compile Time: globals-define.h
PARM_PRINT_ALL_SESSIONS.....no
PARM_PRINT_RETRANSMISSION_DATA.....no
PARM_FORK_CHILD_PROCESS.....yes (normal)
CGI Scripts.....globals-defines.h: #define PARM_USE_CGI
Alternate row colors.....globals-defines.h: /* #define PARM_USE_COLOR */
Buggy gethostbyaddr() - use alternate implementation.....globals-defines.h:
/* #define PARM_USE_HOST */
MAKE_ASYNC_ADDRESS_RESOLUTION.....yes
MAKE_WITH_SSLWATCHDOG.....yes
MAKE_WITH_SSLWATCHDOG_RUNTIME (derived).....yes
Bad IP Address table size.....globals-defines.h: #define
MAX_NUM_BAD_IP_ADDRESSES 3
Minimum refresh interval (seconds).....#define
PARM_MIN_WEBPAGE_AUTOREFRESH_TIME 15
Maximum # of Protocols to show in graphs.....#define MAX_NUM_PROTOS 64
Maximum # of routers (Local Subnet Routers report).....#define
MAX_NUM_ROUTERS 512
Maximum # of network interface devices.....#define MAX_NUM_DEVICES 32
Maximum # of processes for lsof report.....#define
MAX_NUM_PROCESSES_READLSOFINFO 1024
Maximum network size (hosts per interface).....#define MAX_SUBNET_HOSTS 1024
Allocated # of passive FTP sessions.....#define
MAX_PASSIVE_FTP_SESSION_TRACKER 384
Inactive passive FTP session timeout (seconds).....#define
PARM_PASSIVE_SESSION_MINIMUM_IDLE 60
Compile Time: Hash Table Sizes
Initial size.....#define CONST_HASH_INITIAL_SIZE 32
After 1st extend.....#define CONST_HASH_MINIMUM_SIZE 512
Intermediate increase factor.....#define CONST_HASH_INCREASE_FACTOR 2
Factor growth until.....#define CONST_HASH_FACTOR_MAXIMUM 4096
Then grow (linearly) by.....#define CONST_HASH_TERMINAL_INCREASE 4096
Compile Time: globals-define.h
Chart Format.....globals-report.h: #define CHART_FORMAT ".png"
Compile Time: config.h
CFG_ETHER_HEADER_HAS_EA.....no
CFG_MULTITHREADED.....yes
HAVE_ALARM.....yes
HAVE_ALLOCA.....yes
HAVE_ALLOCA_H.....yes
HAVE_ARPA_NAMESER_H.....yes
HAVE_BACKTRACE.....yes
HAVE_BZERO.....yes
HAVE_CTIME_R.....yes
HAVE_CURSES_H.....no
HAVE_DLFCN_H.....yes
HAVE_DL_H.....no
HAVE_DOPRNT.....no
HAVE_ENDPWENT.....yes
HAVE_ERRNO_H.....yes
HAVE_FACILITYNAMES.....yes
HAVE_FCNTL_H.....yes
HAVE_FORK.....yes
HAVE_GDBM_H.....yes
HAVE_GDCPIE_H.....yes
HAVE_GD_H.....yes
HAVE_GDOME_H.....no
HAVE_GETHOSTBYADDR.....yes
HAVE_GETHOSTBYADDR_R.....yes
HAVE_GETHOSTBYNAME.....yes
HAVE_GETHOSTNAME.....yes
HAVE_GETIPNODEBYADDR.....no
HAVE_GETPASS.....yes
HAVE_GETTIMEOFDAY.....yes
HAVE_GLIBCONFIG_H.....no
HAVE_GLIB_H.....no
HAVE_IF_H.....no
HAVE_IN6_ADDR.....yes
HAVE_INT16_T.....yes
HAVE_INT32_T.....yes
HAVE_INT64_T.....yes
HAVE_INT8_T.....yes
HAVE_INTTYPES_H.....yes
HAVE_LANGINFO_H.....yes
HAVE_LIBC.....yes
HAVE_LIBCRYPT.....yes
HAVE_LIBCRYPTO.....yes
HAVE_LIBDL.....yes
HAVE_LIBDLD.....no
HAVE_LIBGD.....yes
HAVE_LIBGDBM.....yes
HAVE_LIBGDOME.....no
HAVE_LIBGLIB.....yes
HAVE_LIBM.....yes
HAVE_LIBNSL.....yes
HAVE_LIBPCAP.....yes
HAVE_LIBPNG.....yes
HAVE_LIBPOSIX4.....no
HAVE_LIBPTHREAD.....yes
HAVE_LIBPTHREADS.....no
HAVE_LIBRESOLV.....yes
HAVE_LIBRT.....no
HAVE_LIBSOCKET.....no
HAVE_LIBSSL.....yes
HAVE_LIBWRAP.....no
HAVE_LIBXML2.....no
HAVE_LIBZ.....yes
HAVE_LIMITS_H.....yes
HAVE_LOCALE_H.....yes
HAVE_LOCALTIME_R.....yes
HAVE_LONG_DOUBLE.....yes
HAVE_MATH_H.....yes
HAVE_MEMCHR.....yes
HAVE_MEMORY_H.....yes
HAVE_MEMSET.....yes
HAVE_NCURSES_H.....no
HAVE_NDIR_H.....no
HAVE_NETDB_H.....yes
HAVE_OPENSSL.....yes
HAVE_OPENSSL_CRYPTO_H.....yes
HAVE_OPENSSL_ERR_H.....yes
HAVE_OPENSSL_PEM_H.....yes
HAVE_OPENSSL_RSA_H.....yes
HAVE_OPENSSL_SSL_H.....yes
HAVE_OPENSSL_X509_H.....yes
HAVE_PCAP_FREECODE.....yes
HAVE_PCAP_H.....yes
HAVE_PCAP_OPEN_DEAD.....yes
HAVE_PNG_H.....yes
HAVE_PTHREAD_H.....yes
HAVE_PUTENV.....yes
HAVE_PWD_H.....yes
HAVE_READLINE.....no
HAVE_READLINE_READLINE_H.....no
HAVE_RE_COMP.....yes
HAVE_REGCOMP.....yes
HAVE_REGEX.....yes
HAVE_RRD.....yes
HAVE_RRD_H.....yes
HAVE_SCHED_H.....yes
HAVE_SCHED_YIELD.....yes
HAVE_SECURITY_PAM_APPL_H.....no
HAVE_SELECT.....yes
HAVE_SEMAPHORE_H.....yes
HAVE_SETJMP_H.....yes
HAVE_SHADOW_H.....yes
HAVE_SIGNAL_H.....yes
HAVE_SNPRINTF.....yes
HAVE_SOCKET.....yes
HAVE_SQRT.....yes
HAVE_STDARG_H.....yes
HAVE_STDIO_H.....yes
HAVE_STDLIB_H.....yes
HAVE_STRCASECMP.....yes
HAVE_STRCHR.....yes
HAVE_STRCSPN.....yes
HAVE_STRDUP.....yes
HAVE_STRERROR.....yes
HAVE_STRFTIME.....yes
HAVE_STRING_H.....yes
HAVE_STRINGS_H.....yes
HAVE_STRNCASECMP.....yes
HAVE_STRPBRK.....yes
HAVE_STRRCHR.....yes
HAVE_STRSPN.....yes
HAVE_STRSTR.....yes
HAVE_STRTOK_R.....yes
HAVE_STRTOUL.....yes
HAVE_SYS_DIR_H.....no
HAVE_SYS_IOCTL_H.....yes
HAVE_SYS_LDR_H.....no
HAVE_SYS_NDIR_H.....no
HAVE_SYS_RESOURCE_H.....yes
HAVE_SYS_SCHED_H.....no
HAVE_SYS_SOCKIO_H.....no
HAVE_SYS_TIME_H.....yes
HAVE_SYS_TYPES_H.....yes
HAVE_SYS_UN_H.....yes
HAVE_TCPD_H.....no
HAVE_TM_ZONE.....yes
HAVE_TZNAME.....no
HAVE_U_INT16_T.....yes
HAVE_U_INT32_T.....yes
HAVE_U_INT64_T.....yes
HAVE_UINT64_T.....no
HAVE_U_INT8_T.....yes
HAVE_UNAME.....yes
HAVE_UNISTD_H.....yes
HAVE_VFORK.....yes
HAVE_VFORK_H.....no
HAVE_VPRINTF.....yes
HAVE_WORKING_FORK.....yes
HAVE_WORKING_VFORK.....yes
HAVE_ZLIB_H.....yes
MAKE_MICRO_NTOP.....no
MAKE_WITH_FTPDATA_ASSUMED.....no
MAKE_WITH_GDCHART.....yes
MAKE_WITH_I18N.....no
MAKE_WITH_IGNORE_SIGPIPE.....no
MAKE_WITH_LARGERRDPOP.....no
MAKE_WITH_SSLV3_SUPPORT.....no
MAKE_WITH_SSLWATCHDOG_COMPILETIME.....no
MAKE_WITH_ZLIB.....yes
__PROTOTYPES.....yes
PROTOTYPES.....yes
SETVBUF_REVERSED.....no
TIME_WITH_SYS_TIME.....yes
TM_IN_SYS_TIME.....no
CFG_CONFIGFILE_DIR - config file directory...../usr/local/etc/ntop
CFG_DATAFILE_DIR - data file directory...../usr/local/share/ntop
CFG_DBFILE_DIR - database file directory...../usr/local/var/ntop
CFG_PLUGIN_DIR - plugin file directory...../usr/local/lib/ntop/plugins
CFG_RUN_DIR - run file directory...../usr/local/var/ntop
CFG_NEED_GETDOMAINNAME (getdomainname(2) function).....yes
CFG_xxxxxx_ENDIAN (Hardware Endian).....little
Compile Time: globals-defines.h
EMSGSIZE.....90
ETHERMTU.....1500
LEN_CMDLINE_BUFFER.....4096
LEN_FGETS_BUFFER.....512
LEN_GENERAL_WORK_BUFFER.....1024
LEN_MEDIUM_WORK_BUFFER.....64
LEN_SMALL_WORK_BUFFER.....16
LEN_TIME_STAMP_BUFFER.....2
MAKE_NTOP_PACKETSZ_DECLARATIONS.....no
MAKE_RMON_SUPPORT.....yes
MAKE_WITH_FORK_COPYONWRITE.....yes
MAKE_WITH_HTTPSIGTRAP.....no
MAKE_WITH_RRDSIGTRAP.....no
MAKE_WITH_SCHED_YIELD.....yes
MAKE_WITH_SEMAPHORES.....yes
MAKE_WITH_SYSLOG.....yes
MAKE_WITH_XMLDUMP.....no
MAX_ADDRESSES.....35
MAX_ALIASES.....35
MAX_ASSIGNED_IP_PORTS.....1024
MAXCDNAME.....255
MAX_DEVICE_NAME_LEN.....64
MAXDNAME.....1025
MAX_HASHDUMP_ENTRY.....65535
MAXHOSTNAMELEN.....64
MAX_HOSTS_CACHE_LEN.....512
MAX_IP_PORT.....65534
MAX_IPXSAP_NAME_HASH.....179
MAXLABEL.....63
MAX_LANGUAGES_REQUESTED.....4
MAX_LANGUAGES_SUPPORTED.....8
MAX_LASTSEEN_TABLE_SIZE.....4096
MAX_LEN_VENDOR_NAME.....64
MAX_NFS_NAME_HASH.....12288
MAX_NODE_TYPES.....8
MAX_NUM_BAD_IP_ADDRESSES.....3
MAX_NUM_CONTACTED_PEERS.....8
MAX_NUM_DEQUEUE_THREADS.....yes
MAX_NUM_DEVICES.....32
MAX_NUM_DHCP_MSG.....8
MAX_NUM_FIN.....4
MAX_NUM_IGNOREDFLOWS.....32
MAX_NUM_NETWORKS.....32
MAX_NUM_PROBES.....16
MAX_NUM_PROCESSES_READLSOFINFO.....1024
MAX_NUM_PROTOS.....64
MAX_NUM_PROTOS_SCREENS.....5
MAX_NUM_ROUTERS.....512
MAX_NUM_STORED_FLAGS.....4
MAX_PASSIVE_FTP_SESSION_TRACKER.....384
MAX_PER_DEVICE_HASH_LIST.....65535
MAX_SESSIONS_CACHE_LEN.....512
MAX_SSL_CONNECTIONS.....32
NAME_MAX.....255
NETDB_SUCCESS.....0
NS_CMPRSFLGS.....192
NS_MAXCDNAME.....255
PACKETSZ.....512
PARM_ENABLE_EXPERIMENTAL.....no
PARM_FORK_CHILD_PROCESS.....yes
PARM_MIN_WEBPAGE_AUTOREFRESH_TIME.....15
PARM_PASSIVE_SESSION_MINIMUM_IDLE.....60
PARM_PIPE_READ_TIMEOUT.....15
PARM_SESSION_PURGE_MINIMUM_IDLE.....600
PARM_SHOW_NTOP_HEARTBEAT.....no
PARM_SSLWATCHDOG_WAITWOKE_LIMIT.....5
PARM_USE_CGI.....yes
PARM_USE_COLOR.....no
PARM_USE_HOST.....no
PARM_USE_MACHASH_INVERT.....yes
PARM_USE_SESSIONS_CACHE.....no
PARM_WEDONTWANTTOTALKWITHYOU_INTERVAL.....300
SLL_HDR_LEN.....16
THREAD_MODE.....MT (SSL)
> -----Urspr�ngliche Nachricht-----
> Von: Burton M. Strauss III [SMTP:[EMAIL PROTECTED]
> Gesendet am: Donnerstag, 10. Juli 2003 13:57
> An: [EMAIL PROTECTED]
> Betreff: RE: [Ntop] Problem with high traffic
>
> Not a clue, you don't give us much information, now do you?
>
> We STRONGLY suggest you use the automatically generated "Problem
> Report"
> form that since it contains much of the necessary information.
>
> We STRONGLY suggest you read the back traffic on the ntop-dev and ntop
> lists, as there have been discussions about dropping packets, system
> performance, etc. in the past.
>
> -----Burton
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Tschopp, Christian
> Sent: Thursday, July 10, 2003 3:04 AM
> To: '[EMAIL PROTECTED]'
> Subject: [Ntop] Problem with high traffic
>
>
> Hello,
> Excuse me for my poor english...
>
> So far, I had never had any problem with ntop.
> but this morning, I've changed the link I analyse to a much more loaded
> link.
> Now, Ntop is not able to analyse any of the packets that go through.
>
> I know that I'm running ntop on a station that does not have much
> horsepower, but is it possible that it drops *all* the packets ??
> In Ethereal, everything is fine, I can see all the traffic. I've checked
> the
> filters in Ntop, there is no one set...
>
> I can also say that on this link, there is only a few present hosts, but
> much data transfer.
>
> Is there something I can try ? Someone had the same problem ?
> thank you for your help.
>
> Chris
>
>
>
> I start Ntop with :
>
> ntop \
> --db-file-path /home/monitor/Tools/ntop-2.2/ntop/db \
> --user monitor \
> --local-subnets 10.0.0.0/255.0.0.0 \
> --daemon \
> --interface eth1 \
> --sticky-hosts
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
