Re: [Ntop] ntop will not capture packets when options used

Terrence Martin Thu, 24 Feb 2005 12:09:19 -0800

First, I found the archives link. I also noted that someone else posted a similar problem, but no resolution.

Here is some more information. Here is the console output when running ntop without options from the command line.

Thu Feb 24 12:14:00 2005 Initializing gdbm databases Thu Feb 24 12:14:00 2005 ntop will be started as user nobody Thu Feb 24 12:14:00 2005 ntop v.3.1 (Dag Apt RPM Repository) MT Thu Feb 24 12:14:00 2005 Configured on Feb 23 2005 18:02:38, built on Feb 23 2005 18:05:22. Thu Feb 24 12:14:00 2005 Copyright 1998-2004 by Luca Deri <[EMAIL PROTECTED]> Thu Feb 24 12:14:00 2005 Get the freshest ntop from http://www.ntop.org/ Thu Feb 24 12:14:00 2005 Initializing ntop Thu Feb 24 12:14:00 2005 Checking eth0 for additional devices Thu Feb 24 12:14:00 2005 Resetting traffic statistics for device eth0 Thu Feb 24 12:14:00 2005 DLT: Device 0 [eth0] is 1, mtu 1514, header 14 Thu Feb 24 12:14:00 2005 Initializing gdbm databases Thu Feb 24 12:14:00 2005 VENDOR: Loading MAC address table. Thu Feb 24 12:14:00 2005 VENDOR: Checking for MAC address table file Thu Feb 24 12:14:00 2005 VENDOR: File '/etc/ntop/specialMAC.txt.gz' does not need to be reloaded Thu Feb 24 12:14:00 2005 VENDOR: ntop continues ok Thu Feb 24 12:14:00 2005 VENDOR: Checking for MAC address table file Thu Feb 24 12:14:00 2005 VENDOR: File '/etc/ntop/oui.txt.gz' does not need to be reloaded Thu Feb 24 12:14:00 2005 VENDOR: ntop continues ok Thu Feb 24 12:14:00 2005 Fingeprint: Loading signature file. Thu Feb 24 12:14:01 2005 Fingeprint: ...loaded 1697 records Thu Feb 24 12:14:01 2005 ASN: Checking for Autonomous System Number table file Thu Feb 24 12:14:01 2005 **WARNING** ASN: Unable to open file 'AS-list.txt' Thu 24 Feb 2005 12:14:01 PM PST I18N: Default language (from ntop host) is 'en_US' Thu 24 Feb 2005 12:14:01 PM PST I18N: This instance of ntop supports 0 additional language(s) Thu 24 Feb 2005 12:14:01 PM PST IP2CC: Checking for IP address <-> Country Code mapping file Thu 24 Feb 2005 12:14:01 PM PST IP2CC: Loading file '/etc/ntop/p2c.opt.table.gz' Thu 24 Feb 2005 12:14:04 PM PST IP2CC: ...found 52395 lines Thu 24 Feb 2005 12:14:04 PM PST GDVERCHK: Guessing at libgd version Thu 24 Feb 2005 12:14:04 PM PST GDVERCHK: ... as 1.8.4 Thu 24 Feb 2005 12:14:04 PM PST Initializing external applications Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Packet processor thread running... Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Started thread (16386) for network packet analyser Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Fingerprint scan thread running... Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Started thread (32771) for fingerprinting Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Idle host scan thread running... Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Started thread (49156) for idle hosts detection Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Address resolution thread running... Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Started thread (65541) for DNS address resolution Thu 24 Feb 2005 12:14:04 PM PST Calling plugin start functions (if any) Thu 24 Feb 2005 12:14:04 PM PST CHKVER: Checking current ntop version at version.ntop.org/version.xml Thu 24 Feb 2005 12:14:04 PM PST INITWEB: Initializing web server Thu 24 Feb 2005 12:14:04 PM PST INITWEB: Initializing tcp/ip socket connections for web server Thu 24 Feb 2005 12:14:04 PM PST INITWEB: Initialized socket, port 3000, address (any) Thu 24 Feb 2005 12:14:04 PM PST INITWEB: Waiting for HTTP connections on port 3000 Thu 24 Feb 2005 12:14:04 PM PST INITWEB: Starting web server Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: web connections thread (15659) started... Thu 24 Feb 2005 12:14:04 PM PST Note: SIGPIPE handler set (ignore) Thu 24 Feb 2005 12:14:04 PM PST WEB: ntop's web server is now processing requests Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Started thread (98311) for web server Thu 24 Feb 2005 12:14:04 PM PST Listening on [eth0] Thu 24 Feb 2005 12:14:04 PM PST Loading Plugins Thu 24 Feb 2005 12:14:04 PM PST Searching for plugins in /usr/lib/ntop/plugins Thu 24 Feb 2005 12:14:04 PM PST LASTSEEN: Welcome to LastSeenWatchPlugin. (C) 1999 by Andrea Marangoni Thu 24 Feb 2005 12:14:04 PM PST ICMP: Welcome to icmpWatchPlugin. (C) 1999-2004 by Luca Deri Thu 24 Feb 2005 12:14:04 PM PST NETFLOW: Welcome to NetFlow.(C) 2002-04 by Luca Deri Thu 24 Feb 2005 12:14:04 PM PST PDA: Welcome to PDAPlugin. (C) 2001-2004 by L.Deri and W.Brock Thu 24 Feb 2005 12:14:04 PM PST RRD: Welcome to rrdPlugin. (C) 2002-04 by Luca Deri. Thu 24 Feb 2005 12:14:04 PM PST SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri Thu 24 Feb 2005 12:14:04 PM PST SNMP: Welcome to snmpPlugin. (C) 2004 by F.Fusco and G.Giardina Thu 24 Feb 2005 12:14:04 PM PST XML: Welcome to xmldump plugin. (C) 2003-2004 by Burton Strauss Thu 24 Feb 2005 12:14:04 PM PST Calling plugin start functions (if any) Thu 24 Feb 2005 12:14:04 PM PST RRD: Welcome to the RRD plugin Thu 24 Feb 2005 12:14:04 PM PST RRD: Mask for new directories is 0700 Thu 24 Feb 2005 12:14:04 PM PST RRD: Mask for new files is 0066 Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: rrd thread (0) started Thu 24 Feb 2005 12:14:04 PM PST RRD: Started thread (114696) for data collection. Thu 24 Feb 2005 12:14:04 PM PST Now running as requested user 'nobody' (99:99) Thu 24 Feb 2005 12:14:04 PM PST INIT: Created pid file (/var/ntop/ntop.pid) Thu 24 Feb 2005 12:14:04 PM PST Note: Reporting device initally set to 0 [eth0] (merged) Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: pcapDispatch(eth0) thread running... Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Started thread (131081) for network packet sniffing on eth0 Thu 24 Feb 2005 12:14:06 PM PST CHKVER: Version file is from 'version.ntop.org' Thu 24 Feb 2005 12:14:06 PM PST CHKVER: as of date is '2004-12-01T17:00:00' Thu 24 Feb 2005 12:14:06 PM PST CHKVER: This version of ntop is the CURRENT stable version Thu 24 Feb 2005 12:14:16 PM PST NOTE: -L | --use-syslog=facility not specified, child processes will log to the default (24).

Here is the output with ntop -d.

Thu Feb 24 12:16:55 2005 Initializing gdbm databases Thu Feb 24 12:16:55 2005 ntop will be started as user nobody Thu Feb 24 12:16:55 2005 ntop v.3.1 (Dag Apt RPM Repository) MT Thu Feb 24 12:16:55 2005 Configured on Feb 23 2005 18:02:38, built on Feb 23 2005 18:05:22. Thu Feb 24 12:16:55 2005 Copyright 1998-2004 by Luca Deri <[EMAIL PROTECTED]> Thu Feb 24 12:16:55 2005 Get the freshest ntop from http://www.ntop.org/ Thu Feb 24 12:16:55 2005 Initializing ntop Thu Feb 24 12:16:55 2005 Checking eth0 for additional devices Thu Feb 24 12:16:55 2005 Resetting traffic statistics for device eth0 Thu Feb 24 12:16:55 2005 DLT: Device 0 [eth0] is 1, mtu 1514, header 14 Thu Feb 24 12:16:55 2005 Initializing gdbm databases Thu Feb 24 12:16:55 2005 VENDOR: Loading MAC address table. Thu Feb 24 12:16:55 2005 VENDOR: Checking for MAC address table file Thu Feb 24 12:16:55 2005 VENDOR: File '/etc/ntop/specialMAC.txt.gz' does not need to be reloaded Thu Feb 24 12:16:55 2005 VENDOR: ntop continues ok Thu Feb 24 12:16:55 2005 VENDOR: Checking for MAC address table file Thu Feb 24 12:16:55 2005 VENDOR: File '/etc/ntop/oui.txt.gz' does not need to be reloaded Thu Feb 24 12:16:55 2005 VENDOR: ntop continues ok Thu Feb 24 12:16:55 2005 Fingeprint: Loading signature file. Thu Feb 24 12:16:55 2005 Fingeprint: ...loaded 1697 records Thu Feb 24 12:16:55 2005 INIT: Bye bye: I'm becoming a daemon... Thu Feb 24 12:16:55 2005 INIT: Parent process is exiting (this is normal)

And from the log dump on the web interface

Thu 24 Feb 2005 12:16:55 PM PST  I18N: Default language (from ntop host) is 
'en_US'
Thu 24 Feb 2005 12:16:55 PM PST  I18N: This instance of ntop supports 0 
additional language(s)
Thu 24 Feb 2005 12:16:55 PM PST  IP2CC: Checking for IP address <-> Country 
Code mapping file
Thu 24 Feb 2005 12:16:55 PM PST  IP2CC: Loading file 
'/etc/ntop/p2c.opt.table.gz'
Thu 24 Feb 2005 12:16:58 PM PST  IP2CC: ...found 52395 lines
Thu 24 Feb 2005 12:16:58 PM PST  GDVERCHK: Guessing at libgd version
Thu 24 Feb 2005 12:16:58 PM PST  GDVERCHK: ... as 1.8.4
Thu 24 Feb 2005 12:16:58 PM PST  Initializing external applications
Thu 24 Feb 2005 12:16:58 PM PST  THREADMGMT: Packet processor thread running...
Thu 24 Feb 2005 12:16:58 PM PST  THREADMGMT: Started thread (16386) for network 
packet analyser
Thu 24 Feb 2005 12:16:58 PM PST  THREADMGMT: Fingerprint scan thread running...
Thu 24 Feb 2005 12:16:58 PM PST  THREADMGMT: Started thread (32771) for 
fingerprinting
Thu 24 Feb 2005 12:16:58 PM PST  THREADMGMT: Idle host scan thread running...
Thu 24 Feb 2005 12:16:58 PM PST  THREADMGMT: Started thread (49156) for idle 
hosts detection
Thu 24 Feb 2005 12:16:58 PM PST  THREADMGMT: Address resolution thread 
running...
Thu 24 Feb 2005 12:16:58 PM PST  THREADMGMT: Started thread (65541) for DNS 
address resolution
Thu 24 Feb 2005 12:16:58 PM PST  Calling plugin start functions (if any)
Thu 24 Feb 2005 12:16:58 PM PST  CHKVER: Checking current ntop version at 
version.ntop.org/version.xml
Thu 24 Feb 2005 12:16:58 PM PST  INITWEB: Initializing web server
Thu 24 Feb 2005 12:16:58 PM PST  INITWEB: Initializing tcp/ip socket 
connections for web server
Thu 24 Feb 2005 12:16:58 PM PST  INITWEB: Initialized socket, port 3000, 
address (any)
Thu 24 Feb 2005 12:16:58 PM PST  INITWEB: Waiting for HTTP connections on port 
3000
Thu 24 Feb 2005 12:16:58 PM PST  INITWEB: Starting web server
Thu 24 Feb 2005 12:16:58 PM PST  THREADMGMT: web connections thread (15685) 
started...
Thu 24 Feb 2005 12:16:58 PM PST  THREADMGMT: Started thread (98311) for web 
server
Thu 24 Feb 2005 12:16:58 PM PST  Note: SIGPIPE handler set (ignore)
Thu 24 Feb 2005 12:16:58 PM PST  Listening on [eth0]
Thu 24 Feb 2005 12:16:58 PM PST  WEB: ntop's web server is now processing 
requests
Thu 24 Feb 2005 12:16:58 PM PST  Loading Plugins
Thu 24 Feb 2005 12:16:58 PM PST  Searching for plugins in /usr/lib/ntop/plugins
Thu 24 Feb 2005 12:16:58 PM PST  LASTSEEN: Welcome to LastSeenWatchPlugin. (C) 
1999 by Andrea Marangoni
Thu 24 Feb 2005 12:16:58 PM PST  ICMP: Welcome to icmpWatchPlugin. (C) 
1999-2004 by Luca Deri
Thu 24 Feb 2005 12:16:58 PM PST  NETFLOW: Welcome to NetFlow.(C) 2002-04 by 
Luca Deri
Thu 24 Feb 2005 12:16:58 PM PST  PDA: Welcome to PDAPlugin. (C) 2001-2004 by 
L.Deri and W.Brock
Thu 24 Feb 2005 12:16:58 PM PST  RRD: Welcome to rrdPlugin. (C) 2002-04 by Luca 
Deri.
Thu 24 Feb 2005 12:16:58 PM PST  SFLOW: Welcome to sFlow.(C) 2002-04 by Luca 
Deri
Thu 24 Feb 2005 12:16:58 PM PST  SNMP: Welcome to snmpPlugin. (C) 2004 by 
F.Fusco and G.Giardina
Thu 24 Feb 2005 12:16:58 PM PST  XML: Welcome to xmldump plugin. (C) 2003-2004 
by Burton Strauss
Thu 24 Feb 2005 12:16:58 PM PST  Calling plugin start functions (if any)
Thu 24 Feb 2005 12:16:58 PM PST  RRD: Welcome to the RRD plugin
Thu 24 Feb 2005 12:16:58 PM PST  RRD: Mask for new directories is 0700
Thu 24 Feb 2005 12:16:58 PM PST  RRD: Mask for new files is 0066
Thu 24 Feb 2005 12:16:58 PM PST  THREADMGMT: rrd thread (0) started
Thu 24 Feb 2005 12:16:58 PM PST  RRD: Started thread (114696) for data 
collection.
Thu 24 Feb 2005 12:16:58 PM PST  Now running as requested user 'nobody' (99:99)
Thu 24 Feb 2005 12:16:58 PM PST  INIT: Created pid file (/var/ntop/ntop.pid)
Thu 24 Feb 2005 12:16:58 PM PST  Note: Reporting device initally set to 0 
[eth0] (merged)
Thu 24 Feb 2005 12:16:58 PM PST  THREADMGMT: pcapDispatch(eth0) thread 
running...
Thu 24 Feb 2005 12:16:58 PM PST  THREADMGMT: Started thread (131081) for 
network packet sniffing on eth0
Thu 24 Feb 2005 12:16:59 PM PST  CHKVER: Version file is from 'version.ntop.org'

When run with -d I get no captured packets. I notice that the checkver does not seem to finish in the ntop -d. Could it be hanging there? ntop does put the interface in promisc mode whether it is ntop plain or ntop -d.

Terrence


Terrence Martin wrote:

Hi,
I am running ntop 3.1 on a RHEL3 (Whitebox) system. I have installed using pre-compiled binaries from Dag Wiers site, as well as rebuilding the RPM myself and installing that. I have not tried the tar ball. Kernel 2.4.21-15.0.3.EL The underlying hardware is a Via EPIA M6000 with a added tulip based ethernet card

The problem I am having is that ntop only seems to properly capture packets if I do not give it any command line options.

If I run ntop plain as root it starts up and listens to the default port 3000. I connect and get graphs for all the current data. If I run ntop with a switch the interface still comes up but the interface reports no packets captured.
eg. ntop -d or ntop -d -L or using /etc/ntop.conf
Does anyone know what might be causing this issue?
The other thing I noticed is that when I hit crtl-c to stop the plain command line ntop I often got a segfault when it closed. Not sure if that is normal.
Also is there an archive for this list?
Thanks for any suggestions,
Terrence
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop


_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: [Ntop] ntop will not capture packets when options used

Reply via email to