Than you very much, M. Burton ! That was a good help, my promiscuous mode was inverted. Ntop was putting the mode "off" when starting, and putting it "on" when stoping. So I just changed it once manually with ifconfig, and then everything was allright :) I don't know if this is the good way to solve it, neither do I know which program did mess the thing up, but now it's ok...
Thank you again... Christian > -----Urspr�ngliche Nachricht----- > Von: Burton M. Strauss III [SMTP:[EMAIL PROTECTED] > Gesendet am: Donnerstag, 10. Juli 2003 18:15 > An: [EMAIL PROTECTED] > Betreff: [Ntop] PR_H8KTDT Problem with high traffic > > You know, it sounds like ntop isn't being successful in putting the > interface into promiscuous mode, while ethereal is... > > Do this.... > > 1. Check the log for messages about the interface dropping out of promisc > mode. > > Jul 9 12:23:45 tigger kernel: device eth1 left promiscuous mode > > 2. Check your security level > > I know for a fact that at certain levels, Mandrake runs a 'promiscuous > check' every minute. > > Perhaps it's resetting the interface also??? > > See http://www.mandrakesecure.net/en/docs/msec.php > > -----Burton > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Tschopp, Christian > Sent: Thursday, July 10, 2003 9:01 AM > To: '[EMAIL PROTECTED]' > Subject: AW: [Ntop] Problem with high traffic > > > > OS: ___linux_______ version: ___mandrake 9.1_______ > > ntop from: _________source_________ (rpm, source, ports, etc.) > > Hardware: CPU: ___i86__ (i86, SPARC, etc.) > # Processors: __1___ > Memory: __128___ MB > Network: > Ethernet: 3 > Broadcast: 3 > IP: 1 > > Network Interface 0 eth1 > Mfg: ___________3com_________ Model: ____________________ > NIC Speed: 10/100Bus: PCI > Location: LAN > Bandwidth: 100Mbps+ > # Hosts (machines): ____30+______ > > -------------------------------------------------------------------------- > -- > --- > Log extract > > > > > > -------------------------------------------------------------------------- > -- > --- > Problem Description > > > As i wrote before, ntop doesn't see anything but a few packets going > through > the link. However, there is quite a huge traffic on this link. > The strange thing is, when I launch Ethereal on the same machine, ntop > starts to see all the packets going through. > When I stop the capture on Ethereal, ntop cannot see anything anymore. > I thought this could have something to do with pcap librabries, so I built > the latest version of pcap, and then the latest stable version of ntop. > I've tried to find something about this on the back traffic, but I > couldn't > find someone who had the same problem. > > my first post is at the bottom of this mail. > I haven't got a clue where this problem could com from... if someone could > give a hint, a solution or just something to try to work this out, it > could > be very helpful. > If you think I could provide more information on this problem, just ask... > > thank you for your help > > Chris > > > > > > > ntop version.....2.2 > Built on.....07/10/03 03:18:48 PM > OS.....i686-pc-linux-gnu > ntop Process Id.....13032 > http Process Id.....13038 > > > Command line > > Started as..../usr/local/bin/ntop --db-file-path > /home/monitor/Tools/ntop-2.2/ntop/db --user monitor --local-subnets > 10.0.0.0/255.0.0.0 --daemon --interface eth1 --sticky-hosts > > Resolved to..../usr/local/bin/ntop > --db-file-path > /home/monitor/Tools/ntop-2.2/ntop/db > --user > monitor > --local-subnets > 10.0.0.0/255.0.0.0 > --daemon > --interface > eth1 > --sticky-hosts > > > Command line parameters are: > > -a | --access-log-path.....(default) (nil) > -b | --disable-decoders.....(default) No > -c | --sticky-hosts.....Yes > -d | --daemon.....Yes > -e | --max-table-rows.....(default) 128 > -f | --traffic-dump-file.....(default) (nil) > -g | --track-local-hosts.....(default) Track all hosts > -o | --no-mac.....(default) Trust MAC Addresses > -i | --interface (effective).....eth1 > -k | --filter-expression-in-extra-frame.....(default) No > -l | --pcap-log.....(default) (nil) > -m | --local-subnets (effective).....10.0.0.0/8 > -n | --numeric-ip-addresses.....(default) No > -p | --protocols.....(default) internal list > -q | --create-suspicious-packets.....(default) Disabled > -r | --refresh-time.....(default) 120 > -s | --no-promiscuous.....(default) No > -t | --trace-level.....(default) 3 > -u | --user.....monitor (uid=501, gid=501) > -w | --http-server.....(default) Active, all interfaces, port 3000 > -z | --disable-sessions.....(default) No > -B | --filter-expression.....(default) none > -D | --domain.....none > -E | --enable-external-tools.....(default) No > -F | --flow-spec.....(default) none > -K | --enable-debug.....(default) No > -L | --use-syslog.....daemon > -M | --no-interface-merge (effective).....(default) (Merging > Interfaces) > Yes > -O | --pcap-file-path.....(default) /usr/local/var/ntop > -P | --db-file-path...../home/monitor/Tools/ntop-2.2/ntop/db > -U | --mapper.....(default) (nil) > -W | --https-server.....Uninitialized > --throughput-chart-type.....(default) Area > --ignore-sigpipe.....(default) No > --ssl-watchdog.....(default) No > --dynamic-purge-limits.....(default) No > --reuse-rrd-graphics.....(default) No > --p3p-cp.....(default) none > --p3p-uri.....(default) none > --disable-stopcap.....(default) No > > > Note: (effective) means that this is the value after ntop has > processed > the parameter. > (default) means this is the default value, usually (but not always) set > by > a #define in globals-defines.h. > > > > Run time/Internal > > External tool: lsof.....(no -E parameter): Disabled > Web server URL.....http://any:3000 > SSL Web server (https://).....Not Active > GDBM version.....This is GDBM version 1.8.0, as of May 19, 1999. > OpenSSL Version.....OpenSSL 0.9.7a Feb 19 2003 > zlib version.....1.1.4 > Protocol Decoders.....Enabled > Fragment Handling.....Enabled > Tracking only local hosts.....No > # IP Protocols Being Monitored.....18 > # Protocol slots.....926 > # IP Ports Being Monitored.....58 > # Ports slots.....116 > # Handled SIGPIPE Errors.....0 > # Handled HTTP Requests.....134 > Devices (Network Interfaces).....1 > Domain name (short)..... > IP to country flag table (entries).....47455 > Total Hash Collisions (Vendor/Special) (lookup).....0 > Local Networks.....10.0.0.0/255.0.0.0 [all devices] > 0.0.0.0/255.255.255.255 [device eth1] > > > Memory allocation - data segment > > arena limit, getrlimit(RLIMIT_DATA, ...).....-1 > Allocated blocks (ordblks).....68 > Allocated (arena).....4804956 > Used (uordblks).....4577172 > Free (fordblks).....227784 > > > Memory allocation - mmapped > > Allocated blocks (hblks).....7 > Allocated bytes (hblkhd).....5804032 > > > Memory Usage > > IPX/SAP Hash Size (bytes).....1897 > IP to country flag table (bytes).....1454304 (1.4 MB) > Bytes per entry.....30.6 > Current memory usage.....10608988 > Base memory usage.....8331612 > Hosts stored (active+cache).....49 = (3 + 46) > (very) Approximate memory per host.....45.4KB > > > Host Memory Cache > > Limit.....#define MAX_HOSTS_CACHE_LEN 512 > Current Size.....46 > Maximum Size.....48 > # Entries Reused.....57 > > > MAC/IPX Hash tables > > IPX/SAP Hash Size (entries).....179 > IPX/SAP Hash Collisions (load).....0 > IPX/SAP Hash Collisions (use).....0 > > > Packet queue > > Queued to Process.....0 > Maximum queue.....0 > > > Host/Session counts - global > > Purge idle hosts.....Enabled > Purged hosts.....103 > Maximum hosts to purge per cycle.....512 > DEFAULT_MAXIMUM_HOSTS_PURGE_PER_CYCLE.....512 > Terminated Sessions.....0 > > Host/Session counts - Device 0 (eth1) > Actual Hash Size.....32 > Stored hosts.....3 [9 %] > Sessions.....0 > Max Num. Sessions.....0 > > > Address Resolution > > DNS sniffed: > > DNS Packets sniffed.....0 > less 'requests'.....0 > less 'failed'.....0 > less 'reverse dns' (in-addr.arpa).....0 > DNS Packets processed.....0 > Stored in cache (includes aliases).....0 > > > IP to name - ipaddr2str(): > > Total calls.....31 > ....OK.....7 > ....Total not found.....24 > ........Not found in cache.....24 > ........Too old in cache.....0 > > > Queued - dequeueAddress(): > > Total Queued.....24 > Not queued (duplicate).....0 > Maximum Queued.....4 > Current Queue.....0 > > > Resolved - resolveAddress(): > > Addresses to resolve.....24 > ....less 'Error: No cache database'.....0 > ....less 'Found in ntop cache'.....0 > Gives: # gethost (DNS lookup) calls.....24 > > > DNS lookup calls: > > DNS resolution attempts.....24 > ....Success: Resolved.....24 > ....Failed.....0 > ........HOST_NOT_FOUND.....0 > ........NO_DATA.....0 > ........NO_RECOVERY.....0 > ........TRY_AGAIN (don't store).....0 > ........Other error (don't store).....0 > DNS lookups stored in cache.....24 > Host addresses kept numeric.....0 > > > Vendor Lookup Table > > Input lines read.....131 > Records added total.....121 > .....includes special records.....59 > getVendorInfo() calls.....0 > getSpecialVendorInfo() calls.....102 > Found 48bit (xx:xx:xx:xx:xx:xx) match.....0 > Found 24bit (xx:xx:xx) match.....43 > Found multicast bit set.....4 > Found LAA (Locally assigned address) bit set.....0 > > > Thread counts > > Active.....5 > Dequeue.....1 > Children (active).....71 > > Reject duration (seconds).....300 > It is now.....Thu Jul 10 15:52:15 2003 > Directory (search) order > > Data Files......<br>/usr/local/share/ntop<br> > Config Files......<br>/usr/local/etc/ntop<br>/etc<br> > Plugins....../plugins<br>/usr/local/lib/ntop/plugins<br> > > > Compile Time: ./configure > > ./configure parameters..... > Built on (Host).....i686-pc-linux-gnu > Built for (Target).....i686-pc-linux-gnu > compiler (cflags).....gcc -DLINUX -g -O2 -Wshadow -Wpointer-arith > -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -fPIC > -DHAVE_CONFIG_H > include path.....-I/home/monitor/Tools/ntop-2.2/gdchart0.94c/zlib-1.1.4 > -I/home/monitor/Tools/ntop-2.2/gdchart0.94c > -I/home/monitor/Tools/ntop-2.2/gdchart0.94c/gd-1.8.3 > -I/home/monitor/Tools/ntop-2.2/gdchart0.94c/gd-1.8.3/libpng-1.2.4 > system libraries.....-lglib -lpthread -lresolv -lnsl -lm -lssl -lcrypto > -lpcap -lgdbm -ldl -lcrypt -lc > -L/home/monitor/Tools/ntop-2.2/gdchart0.94c/zlib-1.1.4 -lz > -L/home/monitor/Tools/ntop-2.2/gdchart0.94c -lgdchart > -L/home/monitor/Tools/ntop-2.2/gdchart0.94c/gd-1.8.3 -lgd > -L/home/monitor/Tools/ntop-2.2/gdchart0.94c/gd-1.8.3/libpng-1.2.4 -lpng > install path...../usr/local > GNU C (gcc) version.....3.2.2 (Mandrake Linux 9.1 3.2.2-3mdk) (3.2.2) > > > Internationalization (i18n) > > i18n enabled.....No > > > Compile Time: Debug settings in globals-defines.h > > DEBUG.....no > ADDRESS_DEBUG.....no > DNS_DEBUG.....no > DNS_SNIFF_DEBUG.....no > FTP_DEBUG.....no > GDBM_DEBUG.....no > HASH_DEBUG.....no > HOST_FREE_DEBUG.....no > HTTP_DEBUG.....no > IDLE_PURGE_DEBUG.....no > MEMORY_DEBUG.....no > NETFLOW_DEBUG.....no > SEMAPHORE_DEBUG.....no > SESSION_TRACE_DEBUG.....no > SSLWATCHDOG_DEBUG.....no > STORAGE_DEBUG.....no > UNKNOWN_PACKET_DEBUG.....no > > > Compile Time: globals-define.h > > PARM_PRINT_ALL_SESSIONS.....no > PARM_PRINT_RETRANSMISSION_DATA.....no > PARM_FORK_CHILD_PROCESS.....yes (normal) > CGI Scripts.....globals-defines.h: #define PARM_USE_CGI > Alternate row colors.....globals-defines.h: /* #define PARM_USE_COLOR */ > Buggy gethostbyaddr() - use alternate > implementation.....globals-defines.h: > /* #define PARM_USE_HOST */ > MAKE_ASYNC_ADDRESS_RESOLUTION.....yes > MAKE_WITH_SSLWATCHDOG.....yes > MAKE_WITH_SSLWATCHDOG_RUNTIME (derived).....yes > Bad IP Address table size.....globals-defines.h: #define > MAX_NUM_BAD_IP_ADDRESSES 3 > Minimum refresh interval (seconds).....#define > PARM_MIN_WEBPAGE_AUTOREFRESH_TIME 15 > Maximum # of Protocols to show in graphs.....#define MAX_NUM_PROTOS 64 > Maximum # of routers (Local Subnet Routers report).....#define > MAX_NUM_ROUTERS 512 > Maximum # of network interface devices.....#define MAX_NUM_DEVICES 32 > Maximum # of processes for lsof report.....#define > MAX_NUM_PROCESSES_READLSOFINFO 1024 > Maximum network size (hosts per interface).....#define MAX_SUBNET_HOSTS > 1024 > Allocated # of passive FTP sessions.....#define > MAX_PASSIVE_FTP_SESSION_TRACKER 384 > Inactive passive FTP session timeout (seconds).....#define > PARM_PASSIVE_SESSION_MINIMUM_IDLE 60 > > > Compile Time: Hash Table Sizes > > Initial size.....#define CONST_HASH_INITIAL_SIZE 32 > After 1st extend.....#define CONST_HASH_MINIMUM_SIZE 512 > Intermediate increase factor.....#define CONST_HASH_INCREASE_FACTOR 2 > Factor growth until.....#define CONST_HASH_FACTOR_MAXIMUM 4096 > Then grow (linearly) by.....#define CONST_HASH_TERMINAL_INCREASE 4096 > > > Compile Time: globals-define.h > > Chart Format.....globals-report.h: #define CHART_FORMAT ".png" > > > Compile Time: config.h > > CFG_ETHER_HEADER_HAS_EA.....no > CFG_MULTITHREADED.....yes > HAVE_ALARM.....yes > HAVE_ALLOCA.....yes > HAVE_ALLOCA_H.....yes > HAVE_ARPA_NAMESER_H.....yes > HAVE_BACKTRACE.....yes > HAVE_BZERO.....yes > HAVE_CTIME_R.....yes > HAVE_CURSES_H.....no > HAVE_DLFCN_H.....yes > HAVE_DL_H.....no > HAVE_DOPRNT.....no > HAVE_ENDPWENT.....yes > HAVE_ERRNO_H.....yes > HAVE_FACILITYNAMES.....yes > HAVE_FCNTL_H.....yes > HAVE_FORK.....yes > HAVE_GDBM_H.....yes > HAVE_GDCPIE_H.....yes > HAVE_GD_H.....yes > HAVE_GDOME_H.....no > HAVE_GETHOSTBYADDR.....yes > HAVE_GETHOSTBYADDR_R.....yes > HAVE_GETHOSTBYNAME.....yes > HAVE_GETHOSTNAME.....yes > HAVE_GETIPNODEBYADDR.....no > HAVE_GETPASS.....yes > HAVE_GETTIMEOFDAY.....yes > HAVE_GLIBCONFIG_H.....no > HAVE_GLIB_H.....no > HAVE_IF_H.....no > HAVE_IN6_ADDR.....yes > HAVE_INT16_T.....yes > HAVE_INT32_T.....yes > HAVE_INT64_T.....yes > HAVE_INT8_T.....yes > HAVE_INTTYPES_H.....yes > HAVE_LANGINFO_H.....yes > HAVE_LIBC.....yes > HAVE_LIBCRYPT.....yes > HAVE_LIBCRYPTO.....yes > HAVE_LIBDL.....yes > HAVE_LIBDLD.....no > HAVE_LIBGD.....yes > HAVE_LIBGDBM.....yes > HAVE_LIBGDOME.....no > HAVE_LIBGLIB.....yes > HAVE_LIBM.....yes > HAVE_LIBNSL.....yes > HAVE_LIBPCAP.....yes > HAVE_LIBPNG.....yes > HAVE_LIBPOSIX4.....no > HAVE_LIBPTHREAD.....yes > HAVE_LIBPTHREADS.....no > HAVE_LIBRESOLV.....yes > HAVE_LIBRT.....no > HAVE_LIBSOCKET.....no > HAVE_LIBSSL.....yes > HAVE_LIBWRAP.....no > HAVE_LIBXML2.....no > HAVE_LIBZ.....yes > HAVE_LIMITS_H.....yes > HAVE_LOCALE_H.....yes > HAVE_LOCALTIME_R.....yes > HAVE_LONG_DOUBLE.....yes > HAVE_MATH_H.....yes > HAVE_MEMCHR.....yes > HAVE_MEMORY_H.....yes > HAVE_MEMSET.....yes > HAVE_NCURSES_H.....no > HAVE_NDIR_H.....no > HAVE_NETDB_H.....yes > HAVE_OPENSSL.....yes > HAVE_OPENSSL_CRYPTO_H.....yes > HAVE_OPENSSL_ERR_H.....yes > HAVE_OPENSSL_PEM_H.....yes > HAVE_OPENSSL_RSA_H.....yes > HAVE_OPENSSL_SSL_H.....yes > HAVE_OPENSSL_X509_H.....yes > HAVE_PCAP_FREECODE.....yes > HAVE_PCAP_H.....yes > HAVE_PCAP_OPEN_DEAD.....yes > HAVE_PNG_H.....yes > HAVE_PTHREAD_H.....yes > HAVE_PUTENV.....yes > HAVE_PWD_H.....yes > HAVE_READLINE.....no > HAVE_READLINE_READLINE_H.....no > HAVE_RE_COMP.....yes > HAVE_REGCOMP.....yes > HAVE_REGEX.....yes > HAVE_RRD.....yes > HAVE_RRD_H.....yes > HAVE_SCHED_H.....yes > HAVE_SCHED_YIELD.....yes > HAVE_SECURITY_PAM_APPL_H.....no > HAVE_SELECT.....yes > HAVE_SEMAPHORE_H.....yes > HAVE_SETJMP_H.....yes > HAVE_SHADOW_H.....yes > HAVE_SIGNAL_H.....yes > HAVE_SNPRINTF.....yes > HAVE_SOCKET.....yes > HAVE_SQRT.....yes > HAVE_STDARG_H.....yes > HAVE_STDIO_H.....yes > HAVE_STDLIB_H.....yes > HAVE_STRCASECMP.....yes > HAVE_STRCHR.....yes > HAVE_STRCSPN.....yes > HAVE_STRDUP.....yes > HAVE_STRERROR.....yes > HAVE_STRFTIME.....yes > HAVE_STRING_H.....yes > HAVE_STRINGS_H.....yes > HAVE_STRNCASECMP.....yes > HAVE_STRPBRK.....yes > HAVE_STRRCHR.....yes > HAVE_STRSPN.....yes > HAVE_STRSTR.....yes > HAVE_STRTOK_R.....yes > HAVE_STRTOUL.....yes > HAVE_SYS_DIR_H.....no > HAVE_SYS_IOCTL_H.....yes > HAVE_SYS_LDR_H.....no > HAVE_SYS_NDIR_H.....no > HAVE_SYS_RESOURCE_H.....yes > HAVE_SYS_SCHED_H.....no > HAVE_SYS_SOCKIO_H.....no > HAVE_SYS_TIME_H.....yes > HAVE_SYS_TYPES_H.....yes > HAVE_SYS_UN_H.....yes > HAVE_TCPD_H.....no > HAVE_TM_ZONE.....yes > HAVE_TZNAME.....no > HAVE_U_INT16_T.....yes > HAVE_U_INT32_T.....yes > HAVE_U_INT64_T.....yes > HAVE_UINT64_T.....no > HAVE_U_INT8_T.....yes > HAVE_UNAME.....yes > HAVE_UNISTD_H.....yes > HAVE_VFORK.....yes > HAVE_VFORK_H.....no > HAVE_VPRINTF.....yes > HAVE_WORKING_FORK.....yes > HAVE_WORKING_VFORK.....yes > HAVE_ZLIB_H.....yes > MAKE_MICRO_NTOP.....no > MAKE_WITH_FTPDATA_ASSUMED.....no > MAKE_WITH_GDCHART.....yes > MAKE_WITH_I18N.....no > MAKE_WITH_IGNORE_SIGPIPE.....no > MAKE_WITH_LARGERRDPOP.....no > MAKE_WITH_SSLV3_SUPPORT.....no > MAKE_WITH_SSLWATCHDOG_COMPILETIME.....no > MAKE_WITH_ZLIB.....yes > __PROTOTYPES.....yes > PROTOTYPES.....yes > SETVBUF_REVERSED.....no > TIME_WITH_SYS_TIME.....yes > TM_IN_SYS_TIME.....no > CFG_CONFIGFILE_DIR - config file directory...../usr/local/etc/ntop > CFG_DATAFILE_DIR - data file directory...../usr/local/share/ntop > CFG_DBFILE_DIR - database file directory...../usr/local/var/ntop > CFG_PLUGIN_DIR - plugin file directory...../usr/local/lib/ntop/plugins > CFG_RUN_DIR - run file directory...../usr/local/var/ntop > CFG_NEED_GETDOMAINNAME (getdomainname(2) function).....yes > CFG_xxxxxx_ENDIAN (Hardware Endian).....little > > > Compile Time: globals-defines.h > > EMSGSIZE.....90 > ETHERMTU.....1500 > LEN_CMDLINE_BUFFER.....4096 > LEN_FGETS_BUFFER.....512 > LEN_GENERAL_WORK_BUFFER.....1024 > LEN_MEDIUM_WORK_BUFFER.....64 > LEN_SMALL_WORK_BUFFER.....16 > LEN_TIME_STAMP_BUFFER.....2 > MAKE_NTOP_PACKETSZ_DECLARATIONS.....no > MAKE_RMON_SUPPORT.....yes > MAKE_WITH_FORK_COPYONWRITE.....yes > MAKE_WITH_HTTPSIGTRAP.....no > MAKE_WITH_RRDSIGTRAP.....no > MAKE_WITH_SCHED_YIELD.....yes > MAKE_WITH_SEMAPHORES.....yes > MAKE_WITH_SYSLOG.....yes > MAKE_WITH_XMLDUMP.....no > MAX_ADDRESSES.....35 > MAX_ALIASES.....35 > MAX_ASSIGNED_IP_PORTS.....1024 > MAXCDNAME.....255 > MAX_DEVICE_NAME_LEN.....64 > MAXDNAME.....1025 > MAX_HASHDUMP_ENTRY.....65535 > MAXHOSTNAMELEN.....64 > MAX_HOSTS_CACHE_LEN.....512 > MAX_IP_PORT.....65534 > MAX_IPXSAP_NAME_HASH.....179 > MAXLABEL.....63 > MAX_LANGUAGES_REQUESTED.....4 > MAX_LANGUAGES_SUPPORTED.....8 > MAX_LASTSEEN_TABLE_SIZE.....4096 > MAX_LEN_VENDOR_NAME.....64 > MAX_NFS_NAME_HASH.....12288 > MAX_NODE_TYPES.....8 > MAX_NUM_BAD_IP_ADDRESSES.....3 > MAX_NUM_CONTACTED_PEERS.....8 > MAX_NUM_DEQUEUE_THREADS.....yes > MAX_NUM_DEVICES.....32 > MAX_NUM_DHCP_MSG.....8 > MAX_NUM_FIN.....4 > MAX_NUM_IGNOREDFLOWS.....32 > MAX_NUM_NETWORKS.....32 > MAX_NUM_PROBES.....16 > MAX_NUM_PROCESSES_READLSOFINFO.....1024 > MAX_NUM_PROTOS.....64 > MAX_NUM_PROTOS_SCREENS.....5 > MAX_NUM_ROUTERS.....512 > MAX_NUM_STORED_FLAGS.....4 > MAX_PASSIVE_FTP_SESSION_TRACKER.....384 > MAX_PER_DEVICE_HASH_LIST.....65535 > MAX_SESSIONS_CACHE_LEN.....512 > MAX_SSL_CONNECTIONS.....32 > NAME_MAX.....255 > NETDB_SUCCESS.....0 > NS_CMPRSFLGS.....192 > NS_MAXCDNAME.....255 > PACKETSZ.....512 > PARM_ENABLE_EXPERIMENTAL.....no > PARM_FORK_CHILD_PROCESS.....yes > PARM_MIN_WEBPAGE_AUTOREFRESH_TIME.....15 > PARM_PASSIVE_SESSION_MINIMUM_IDLE.....60 > PARM_PIPE_READ_TIMEOUT.....15 > PARM_SESSION_PURGE_MINIMUM_IDLE.....600 > PARM_SHOW_NTOP_HEARTBEAT.....no > PARM_SSLWATCHDOG_WAITWOKE_LIMIT.....5 > PARM_USE_CGI.....yes > PARM_USE_COLOR.....no > PARM_USE_HOST.....no > PARM_USE_MACHASH_INVERT.....yes > PARM_USE_SESSIONS_CACHE.....no > PARM_WEDONTWANTTOTALKWITHYOU_INTERVAL.....300 > SLL_HDR_LEN.....16 > THREAD_MODE.....MT (SSL) > > > > > > -----Urspr�ngliche Nachricht----- > > Von: Burton M. Strauss III [SMTP:[EMAIL PROTECTED] > > Gesendet am: Donnerstag, 10. Juli 2003 13:57 > > An: [EMAIL PROTECTED] > > Betreff: RE: [Ntop] Problem with high traffic > > > > Not a clue, you don't give us much information, now do you? > > > > We STRONGLY suggest you use the automatically generated "Problem > > Report" > > form that since it contains much of the necessary information. > > > > We STRONGLY suggest you read the back traffic on the ntop-dev and > ntop > > lists, as there have been discussions about dropping packets, system > > performance, etc. in the past. > > > > -----Burton > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > > Tschopp, Christian > > Sent: Thursday, July 10, 2003 3:04 AM > > To: '[EMAIL PROTECTED]' > > Subject: [Ntop] Problem with high traffic > > > > > > Hello, > > Excuse me for my poor english... > > > > So far, I had never had any problem with ntop. > > but this morning, I've changed the link I analyse to a much more loaded > > link. > > Now, Ntop is not able to analyse any of the packets that go through. > > > > I know that I'm running ntop on a station that does not have much > > horsepower, but is it possible that it drops *all* the packets ?? > > In Ethereal, everything is fine, I can see all the traffic. I've checked > > the > > filters in Ntop, there is no one set... > > > > I can also say that on this link, there is only a few present hosts, but > > much data transfer. > > > > Is there something I can try ? Someone had the same problem ? > > thank you for your help. > > > > Chris > > > > > > > > I start Ntop with : > > > > ntop \ > > --db-file-path /home/monitor/Tools/ntop-2.2/ntop/db \ > > --user monitor \ > > --local-subnets 10.0.0.0/255.0.0.0 \ > > --daemon \ > > --interface eth1 \ > > --sticky-hosts > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
