n t o p v e r s i o n '3.0 SourceForge .tgz' p r o b l e m r e p o r t
From: Peter
EMail: [EMAIL PROTECTED]
Date: Fri Jun 25 07:32:28 2004
Problem Report Id: PR_8ANDMCX
----------------------------------------------------------------------------
Summary
OS(uname): sysname(Linux) release(2.6.6-2-686) version(#1 Wed Jun 16 01:25:38 PDT
2004) machine(i686)
ntop from: debian (rpm, source, ports, etc.)
Hardware: CPU: 1700 Celeron (i86, SPARC, etc.)
# Processors: 1
Memory: 256 MB
dont know where to get this from:
Packets
Received: 178274
Processed: 178274 (immediately)
Queued: 0
Lost: 0 (queue full)
Queue: Current: 0 Maximum: 0
Network:
Merged packet counts:
Received: 178274
Ethernet: 178274
Broadcast: 250
Multicast: 1
IP: 177956
Network Interface 0 eth0
Received (pcap): 729
Dropped (pcap): 0
Mfg: ____________________ Model: ____________________
NIC Speed: 10/100/1000/Other Bus: PCI ISA USB Firewire Other
Location: Public Internet / LAN / WAN
Bandwidth: Dialup DSL/CableModem fT1 T1 10Mbps T3 100Mbps+
# Hosts (machines): __________
----------------------------------------------------------------------------
Log extract
with this command:
grep ntop /var/log/messages | head -n 15
there comes nothing output
----------------------------------------------------------------------------
Problem Description
ntop is only counting the half traffic!
----------------------------------------------------------------------------
ntop Configuration
ntop version
3.0 SourceForge .tgz
Configured on
May 17 2004 11:23:10
Built on
May 17 2004 11:24:36
OS
i686-pc-linux-gnu
This version of ntop is
the CURRENT stable version
Next version recheck is
Fri Jul 9 19:36:28 2004
ntop Process Id
2178
http Process Id
2178
Command line
Started as
/usr/sbin/ntop -d -L -u ntop -P
/var/lib/ntop -a
/var/lib/ntop/access.log -i eth0 -O
/var/log/ntop/
Resolved to
/usr/sbin/ntop -d -L -u ntop -P
/var/lib/ntop -a
/var/lib/ntop/access.log -i eth0 -O
/var/log/ntop
-a | --access-log-file
/var/lib/ntop/access.log
-b | --disable-decoders
(default) No
-c | --sticky-hosts
(default) No
-d | --daemon
Yes
-e | --max-table-rows
(default) 128
-f | --traffic-dump-file
(default) (nil)
-g | --track-local-hosts
(default) Track all hosts
-o | --no-mac
(default) Trust MAC Addresses
-i | --interface (effective)
eth
-j | --create-other-packets
(default) Disabled
-k |
--filter-expression-in-extra-frame
(default) No
-l | --pcap-log
(default) (nil)
-m | --local-subnets (effective)
(default) (nil)
-n | --numeric-ip-addresses
(default) No
-p | --protocols
(default) internal list
-q | --create-suspicious-packets
(default) Disabled
-r | --refresh-time
(default) 120
-s | --no-promiscuous
(default) No
-t | --trace-level
(default) 3
-u | --user
ntop (uid=102, gid=102)
-w | --http-server
(default) Active, all interfaces,
port 3000
-z | --disable-sessions
(default) No
-B | --filter-expression
(default) none
-D | --domain
none
-F | --flow-spec
(default) none
-K | --enable-debug
(default) No
-L | --use-syslog
daemon
-M | --no-interface-merge
(effective)
(default) (Merging Interfaces) Yes
-N | --wwn-map
(default) (nil)
-O | --pcap-file-path
/var/log/ntop
-P | --db-file-path
(default) /var/lib/ntop
-Q | --spool-file-path
(default) /var/lib/ntop
-U | --mapper
(default) (nil)
-W | --https-server
Uninitialized
--disable-schedYield
(default) No
--disable-instantsessionpurge
(default) No
--disable-mutexextrainfo
(default) No
--disable-stopcap
(default) No
--fc-only
(default) No
--no-fc
(default) No
--no-invalid-lun
(default) No
--p3p-cp
(default) none
--p3p-uri
(default) none
--set-pcap-nonblocking
(default) No
--ssl-watchdog
(default) No
--w3c
(default) No
NOTE: The --w3c flag makes the
generated html MORE compatible with
the w3c recommendations, but it in
no way addresses all of the
compatibility and markup issues. We
would like to make ntop more
compatible, but some basic issues of
looking decent on real-world
browsers mean it will never be 100%.
If you find any issues, please
report them to ntop-dev.
Note: (effective) means that this is
the value after ntop has processed
the parameter.
(default) means this is the default
value, usually (but not always) set
by a #define in globals-defines.h.
Run time/Internal
Web server URL
http://any:3000
SSL Web server (https://)
Not Active
GDBM version
GDBM version 1.8.3. 10/15/2002
(built Sep 9 2003 00:02:26)
OpenSSL Version
OpenSSL 0.9.7d 17 Mar 2004
zlib version
1.2.1.1
gd version (guess)
1.8.x
Protocol Decoders
Enabled
Fragment Handling
Enabled
Tracking only local hosts
No
# IP Protocols Being Monitored
18
# Protocol slots
868
# IP Ports Being Monitored
56
# IP Ports slots
112
WebServer Request Queue
10
Devices (Network Interfaces)
1
Domain name (short)
(nil)
IP to country flag table (entries)
52395
Total Hash Collisions
(Vendor/Special) (lookup)
0
ntop Web Server
Item
http://
https://
# Handled
Requests
1697
-
# Successful
requests
(200)
1693
-
# Bad (We
don't want
to talk with
you)
requests
0
-
# Invalid
requests -
401 DENIED
3
-
# Invalid
requests -
403
FORBIDDEN
0
-
# Invalid
requests -
404 NOT
FOUND
0
-
Notes:
* Counts
may not
total
because
of
in-process requests.
* Each
request
to the
ntop web
server -
frameset, individual page, chart, etc. is counted separately
# Handled SIGPIPE Errors
0
Memory allocation - data segment
arena limit, getrlimit(RLIMIT_DATA,
...)
-1
Allocated blocks (ordblks)
16
Allocated (arena)
10178560
Used (uordblks)
10003856
Free (fordblks)
174704
Memory allocation - mmapped
Allocated blocks (hblks)
4
Allocated bytes (hblkhd)
2289664
Host Memory Cache
Limit
#define MAX_HOSTS_CACHE_LEN 512
Current Size
0
Maximum Size
0
# Entries Reused
0
Packets
Received
185179
Processed Immediately
185179
Queued
0
Current Queue
0
Maximum Queue
0
--set-pcap-nonblocking sleep count
0
Host/Session counts - global
Purged Hosts
144
Terminated Sessions
2,400
Host/Session counts - Device 0
(eth0)
Hash Bucket Size
3.7 KB
Actual Hash Size
16384
Stored hosts
6
Bucket List Length
[min 1][max 1][avg 1.0]
Max host lookup
0
Session Bucket Size
260
Sessions
3
Max Num. Sessions
79
Address Resolution
DNS Sniffed
DNS Packets
sniffed
480
DNS Packets
processed
1
Stored in cache
(includes aliases)
1
Queued
Total Queued
8
Not queued
(duplicate)
2
Maximum Queued
2
Current Queue
0
DNS Lookup Calls
DNS resolution
attempts
8
....Success:
Resolved
2
....Failed
6
DNS lookups stored
in cache
8
Host addresses
kept numeric
6
REMEMBER: 'DNS lookups stored in
cache' includes HOST_NOT_FOUND
replies, so that it may be larger
than the number of 'Success:
Resolved' queries.
Thread counts
Active
8
Dequeue
1
Children (active)
812
Directory (search) order
Data Files
.
/usr/share/ntop
Config Files
.
/etc/ntop
/etc
Plugins
./plugins
/usr/lib/ntop/plugins
Compile Time: ./configure
./configure parameters
CFLAGS=-DMAKE_WITH_IGNORE_SIGPIPE
--prefix=/usr --libdir=/usr/lib
--sysconfdir=/etc
--localstatedir=/var/lib
--bindir=/usr/sbin
--mandir=/usr/share/man
--enable-tcpwrap
--with-zlib-lib=/usr/lib
--with-zlib-include=/usr/include
--with-libpng-lib=/usr/lib
--with-libpng-include=/usr/include
Built on (Host)
i686-pc-linux-gnu
Built for(Target)
i686-pc-linux-gnu
compiler (cflags)
gcc -g -DMAKE_WITH_IGNORE_SIGPIPE
-I/usr/local/include -g -Wshadow
-Wpointer-arith -Wmissing-prototypes
-Wmissing-declarations
-Wnested-externs -fPIC
-DHAVE_CONFIG_H
include path
-I/usr/include
-I/home/ola/build/debian/ntop/ntop-3.0/myrrd
system libraries
-L/usr/local/lib -L/usr/lib
-L/usr/lib
-L/home/ola/build/debian/ntop/ntop-3.0/myrrd -lgdome -lxml2 -lglib -lpthread -lresolv
-lnsl -lcrypt -lc -lssl -lcrypto -lpcap -lgdbm -lgd -lpng -lz -lmyrrd
install path
/usr
GNU C (gcc) version
3.3.3 (Debian 20040401) (3.3.3)
uname data
sysname(Linux) release(2.6.6-2-686)
version(#1 Wed Jun 16 01:25:38 PDT
2004) machine(i686)
Internationalization (i18n)
i18n enabled
No
Click here for a more extensive, text version of this page, suitable for
inclusion into a bug report!
________________________________________________________________________
Report created on Fri Jun 25 09:39:15 2004 [ntop uptime: 15:09:29]
Generated by ntop v.3.0 SourceForge .tgz MT (SSL) [i686-pc-linux-gnu]
Build: May 17 2004 11:24:36. Version: the CURRENT stable version
Listening on [eth0] without a kernel (libpcap) filtering expression
Web report active on interface eth0
� 1998-2004 by Luca Deri
----------------------------------------------------------------------------
So I dont know why ntop is only counting the half:
And on http://192.168.0.99:3000/trafficStats.html
there comes a message that 92.3 % Packets are dropped!?
Is it good or bad?
Dropped (libpcap)92.3% 171,736
Dropped (ntop)0.0%0
Total Received (ntop)186,071
Total Packets Processed186,071
Unicast99.9%185,817
Broadcast0.1%253 Multicast0.0%1
Have a have a wrong configuration?
I only installed it from debian packages..
Viele Gruesse,
Peter.
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
