Console logs are useless - too much else happens. The version check is a separate thread, async because it can take a while to respond. Still, you can try turning it off...
When it seems to be hanging, you might try attaching w/ strace. You'll need to figure the thread->pid process and use -p on each of them. Don't do this remotely - all the telnet/ssh packets swamp any other effect. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Terrence Martin Sent: Thursday, February 24, 2005 2:09 PM To: [email protected] Subject: Re: [Ntop] ntop will not capture packets when options used First, I found the archives link. I also noted that someone else posted a similar problem, but no resolution. Here is some more information. Here is the console output when running ntop without options from the command line. Thu Feb 24 12:14:00 2005 Initializing gdbm databases Thu Feb 24 12:14:00 2005 ntop will be started as user nobody Thu Feb 24 12:14:00 2005 ntop v.3.1 (Dag Apt RPM Repository) MT Thu Feb 24 12:14:00 2005 Configured on Feb 23 2005 18:02:38, built on Feb 23 2005 18:05:22. Thu Feb 24 12:14:00 2005 Copyright 1998-2004 by Luca Deri <[EMAIL PROTECTED]> Thu Feb 24 12:14:00 2005 Get the freshest ntop from http://www.ntop.org/ Thu Feb 24 12:14:00 2005 Initializing ntop Thu Feb 24 12:14:00 2005 Checking eth0 for additional devices Thu Feb 24 12:14:00 2005 Resetting traffic statistics for device eth0 Thu Feb 24 12:14:00 2005 DLT: Device 0 [eth0] is 1, mtu 1514, header 14 Thu Feb 24 12:14:00 2005 Initializing gdbm databases Thu Feb 24 12:14:00 2005 VENDOR: Loading MAC address table. Thu Feb 24 12:14:00 2005 VENDOR: Checking for MAC address table file Thu Feb 24 12:14:00 2005 VENDOR: File '/etc/ntop/specialMAC.txt.gz' does not need to be reloaded Thu Feb 24 12:14:00 2005 VENDOR: ntop continues ok Thu Feb 24 12:14:00 2005 VENDOR: Checking for MAC address table file Thu Feb 24 12:14:00 2005 VENDOR: File '/etc/ntop/oui.txt.gz' does not need to be reloaded Thu Feb 24 12:14:00 2005 VENDOR: ntop continues ok Thu Feb 24 12:14:00 2005 Fingeprint: Loading signature file. Thu Feb 24 12:14:01 2005 Fingeprint: ...loaded 1697 records Thu Feb 24 12:14:01 2005 ASN: Checking for Autonomous System Number table file Thu Feb 24 12:14:01 2005 **WARNING** ASN: Unable to open file 'AS-list.txt' Thu 24 Feb 2005 12:14:01 PM PST I18N: Default language (from ntop host) is 'en_US' Thu 24 Feb 2005 12:14:01 PM PST I18N: This instance of ntop supports 0 additional language(s) Thu 24 Feb 2005 12:14:01 PM PST IP2CC: Checking for IP address <-> Country Code mapping file Thu 24 Feb 2005 12:14:01 PM PST IP2CC: Loading file '/etc/ntop/p2c.opt.table.gz' Thu 24 Feb 2005 12:14:04 PM PST IP2CC: ...found 52395 lines Thu 24 Feb 2005 12:14:04 PM PST GDVERCHK: Guessing at libgd version Thu 24 Feb 2005 12:14:04 PM PST GDVERCHK: ... as 1.8.4 Thu 24 Feb 2005 12:14:04 PM PST Initializing external applications Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Packet processor thread running... Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Started thread (16386) for network packet analyser Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Fingerprint scan thread running... Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Started thread (32771) for fingerprinting Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Idle host scan thread running... Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Started thread (49156) for idle hosts detection Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Address resolution thread running... Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Started thread (65541) for DNS address resolution Thu 24 Feb 2005 12:14:04 PM PST Calling plugin start functions (if any) Thu 24 Feb 2005 12:14:04 PM PST CHKVER: Checking current ntop version at version.ntop.org/version.xml Thu 24 Feb 2005 12:14:04 PM PST INITWEB: Initializing web server Thu 24 Feb 2005 12:14:04 PM PST INITWEB: Initializing tcp/ip socket connections for web server Thu 24 Feb 2005 12:14:04 PM PST INITWEB: Initialized socket, port 3000, address (any) Thu 24 Feb 2005 12:14:04 PM PST INITWEB: Waiting for HTTP connections on port 3000 Thu 24 Feb 2005 12:14:04 PM PST INITWEB: Starting web server Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: web connections thread (15659) started... Thu 24 Feb 2005 12:14:04 PM PST Note: SIGPIPE handler set (ignore) Thu 24 Feb 2005 12:14:04 PM PST WEB: ntop's web server is now processing requests Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Started thread (98311) for web server Thu 24 Feb 2005 12:14:04 PM PST Listening on [eth0] Thu 24 Feb 2005 12:14:04 PM PST Loading Plugins Thu 24 Feb 2005 12:14:04 PM PST Searching for plugins in /usr/lib/ntop/plugins Thu 24 Feb 2005 12:14:04 PM PST LASTSEEN: Welcome to LastSeenWatchPlugin. (C) 1999 by Andrea Marangoni Thu 24 Feb 2005 12:14:04 PM PST ICMP: Welcome to icmpWatchPlugin. (C) 1999-2004 by Luca Deri Thu 24 Feb 2005 12:14:04 PM PST NETFLOW: Welcome to NetFlow.(C) 2002-04 by Luca Deri Thu 24 Feb 2005 12:14:04 PM PST PDA: Welcome to PDAPlugin. (C) 2001-2004 by L.Deri and W.Brock Thu 24 Feb 2005 12:14:04 PM PST RRD: Welcome to rrdPlugin. (C) 2002-04 by Luca Deri. Thu 24 Feb 2005 12:14:04 PM PST SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri Thu 24 Feb 2005 12:14:04 PM PST SNMP: Welcome to snmpPlugin. (C) 2004 by F.Fusco and G.Giardina Thu 24 Feb 2005 12:14:04 PM PST XML: Welcome to xmldump plugin. (C) 2003-2004 by Burton Strauss Thu 24 Feb 2005 12:14:04 PM PST Calling plugin start functions (if any) Thu 24 Feb 2005 12:14:04 PM PST RRD: Welcome to the RRD plugin Thu 24 Feb 2005 12:14:04 PM PST RRD: Mask for new directories is 0700 Thu 24 Feb 2005 12:14:04 PM PST RRD: Mask for new files is 0066 Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: rrd thread (0) started Thu 24 Feb 2005 12:14:04 PM PST RRD: Started thread (114696) for data collection. Thu 24 Feb 2005 12:14:04 PM PST Now running as requested user 'nobody' (99:99) Thu 24 Feb 2005 12:14:04 PM PST INIT: Created pid file (/var/ntop/ntop.pid) Thu 24 Feb 2005 12:14:04 PM PST Note: Reporting device initally set to 0 [eth0] (merged) Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: pcapDispatch(eth0) thread running... Thu 24 Feb 2005 12:14:04 PM PST THREADMGMT: Started thread (131081) for network packet sniffing on eth0 Thu 24 Feb 2005 12:14:06 PM PST CHKVER: Version file is from 'version.ntop.org' Thu 24 Feb 2005 12:14:06 PM PST CHKVER: as of date is '2004-12-01T17:00:00' Thu 24 Feb 2005 12:14:06 PM PST CHKVER: This version of ntop is the CURRENT stable version Thu 24 Feb 2005 12:14:16 PM PST NOTE: -L | --use-syslog=facility not specified, child processes will log to the default (24). Here is the output with ntop -d. Thu Feb 24 12:16:55 2005 Initializing gdbm databases Thu Feb 24 12:16:55 2005 ntop will be started as user nobody Thu Feb 24 12:16:55 2005 ntop v.3.1 (Dag Apt RPM Repository) MT Thu Feb 24 12:16:55 2005 Configured on Feb 23 2005 18:02:38, built on Feb 23 2005 18:05:22. Thu Feb 24 12:16:55 2005 Copyright 1998-2004 by Luca Deri <[EMAIL PROTECTED]> Thu Feb 24 12:16:55 2005 Get the freshest ntop from http://www.ntop.org/ Thu Feb 24 12:16:55 2005 Initializing ntop Thu Feb 24 12:16:55 2005 Checking eth0 for additional devices Thu Feb 24 12:16:55 2005 Resetting traffic statistics for device eth0 Thu Feb 24 12:16:55 2005 DLT: Device 0 [eth0] is 1, mtu 1514, header 14 Thu Feb 24 12:16:55 2005 Initializing gdbm databases Thu Feb 24 12:16:55 2005 VENDOR: Loading MAC address table. Thu Feb 24 12:16:55 2005 VENDOR: Checking for MAC address table file Thu Feb 24 12:16:55 2005 VENDOR: File '/etc/ntop/specialMAC.txt.gz' does not need to be reloaded Thu Feb 24 12:16:55 2005 VENDOR: ntop continues ok Thu Feb 24 12:16:55 2005 VENDOR: Checking for MAC address table file Thu Feb 24 12:16:55 2005 VENDOR: File '/etc/ntop/oui.txt.gz' does not need to be reloaded Thu Feb 24 12:16:55 2005 VENDOR: ntop continues ok Thu Feb 24 12:16:55 2005 Fingeprint: Loading signature file. Thu Feb 24 12:16:55 2005 Fingeprint: ...loaded 1697 records Thu Feb 24 12:16:55 2005 INIT: Bye bye: I'm becoming a daemon... Thu Feb 24 12:16:55 2005 INIT: Parent process is exiting (this is normal) And from the log dump on the web interface Thu 24 Feb 2005 12:16:55 PM PST I18N: Default language (from ntop host) is 'en_US' Thu 24 Feb 2005 12:16:55 PM PST I18N: This instance of ntop supports 0 additional language(s) Thu 24 Feb 2005 12:16:55 PM PST IP2CC: Checking for IP address <-> Country Code mapping file Thu 24 Feb 2005 12:16:55 PM PST IP2CC: Loading file '/etc/ntop/p2c.opt.table.gz' Thu 24 Feb 2005 12:16:58 PM PST IP2CC: ...found 52395 lines Thu 24 Feb 2005 12:16:58 PM PST GDVERCHK: Guessing at libgd version Thu 24 Feb 2005 12:16:58 PM PST GDVERCHK: ... as 1.8.4 Thu 24 Feb 2005 12:16:58 PM PST Initializing external applications Thu 24 Feb 2005 12:16:58 PM PST THREADMGMT: Packet processor thread running... Thu 24 Feb 2005 12:16:58 PM PST THREADMGMT: Started thread (16386) for network packet analyser Thu 24 Feb 2005 12:16:58 PM PST THREADMGMT: Fingerprint scan thread running... Thu 24 Feb 2005 12:16:58 PM PST THREADMGMT: Started thread (32771) for fingerprinting Thu 24 Feb 2005 12:16:58 PM PST THREADMGMT: Idle host scan thread running... Thu 24 Feb 2005 12:16:58 PM PST THREADMGMT: Started thread (49156) for idle hosts detection Thu 24 Feb 2005 12:16:58 PM PST THREADMGMT: Address resolution thread running... Thu 24 Feb 2005 12:16:58 PM PST THREADMGMT: Started thread (65541) for DNS address resolution Thu 24 Feb 2005 12:16:58 PM PST Calling plugin start functions (if any) Thu 24 Feb 2005 12:16:58 PM PST CHKVER: Checking current ntop version at version.ntop.org/version.xml Thu 24 Feb 2005 12:16:58 PM PST INITWEB: Initializing web server Thu 24 Feb 2005 12:16:58 PM PST INITWEB: Initializing tcp/ip socket connections for web server Thu 24 Feb 2005 12:16:58 PM PST INITWEB: Initialized socket, port 3000, address (any) Thu 24 Feb 2005 12:16:58 PM PST INITWEB: Waiting for HTTP connections on port 3000 Thu 24 Feb 2005 12:16:58 PM PST INITWEB: Starting web server Thu 24 Feb 2005 12:16:58 PM PST THREADMGMT: web connections thread (15685) started... Thu 24 Feb 2005 12:16:58 PM PST THREADMGMT: Started thread (98311) for web server Thu 24 Feb 2005 12:16:58 PM PST Note: SIGPIPE handler set (ignore) Thu 24 Feb 2005 12:16:58 PM PST Listening on [eth0] Thu 24 Feb 2005 12:16:58 PM PST WEB: ntop's web server is now processing requests Thu 24 Feb 2005 12:16:58 PM PST Loading Plugins Thu 24 Feb 2005 12:16:58 PM PST Searching for plugins in /usr/lib/ntop/plugins Thu 24 Feb 2005 12:16:58 PM PST LASTSEEN: Welcome to LastSeenWatchPlugin. (C) 1999 by Andrea Marangoni Thu 24 Feb 2005 12:16:58 PM PST ICMP: Welcome to icmpWatchPlugin. (C) 1999-2004 by Luca Deri Thu 24 Feb 2005 12:16:58 PM PST NETFLOW: Welcome to NetFlow.(C) 2002-04 by Luca Deri Thu 24 Feb 2005 12:16:58 PM PST PDA: Welcome to PDAPlugin. (C) 2001-2004 by L.Deri and W.Brock Thu 24 Feb 2005 12:16:58 PM PST RRD: Welcome to rrdPlugin. (C) 2002-04 by Luca Deri. Thu 24 Feb 2005 12:16:58 PM PST SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri Thu 24 Feb 2005 12:16:58 PM PST SNMP: Welcome to snmpPlugin. (C) 2004 by F.Fusco and G.Giardina Thu 24 Feb 2005 12:16:58 PM PST XML: Welcome to xmldump plugin. (C) 2003-2004 by Burton Strauss Thu 24 Feb 2005 12:16:58 PM PST Calling plugin start functions (if any) Thu 24 Feb 2005 12:16:58 PM PST RRD: Welcome to the RRD plugin Thu 24 Feb 2005 12:16:58 PM PST RRD: Mask for new directories is 0700 Thu 24 Feb 2005 12:16:58 PM PST RRD: Mask for new files is 0066 Thu 24 Feb 2005 12:16:58 PM PST THREADMGMT: rrd thread (0) started Thu 24 Feb 2005 12:16:58 PM PST RRD: Started thread (114696) for data collection. Thu 24 Feb 2005 12:16:58 PM PST Now running as requested user 'nobody' (99:99) Thu 24 Feb 2005 12:16:58 PM PST INIT: Created pid file (/var/ntop/ntop.pid) Thu 24 Feb 2005 12:16:58 PM PST Note: Reporting device initally set to 0 [eth0] (merged) Thu 24 Feb 2005 12:16:58 PM PST THREADMGMT: pcapDispatch(eth0) thread running... Thu 24 Feb 2005 12:16:58 PM PST THREADMGMT: Started thread (131081) for network packet sniffing on eth0 Thu 24 Feb 2005 12:16:59 PM PST CHKVER: Version file is from 'version.ntop.org' When run with -d I get no captured packets. I notice that the checkver does not seem to finish in the ntop -d. Could it be hanging there? ntop does put the interface in promisc mode whether it is ntop plain or ntop -d. Terrence Terrence Martin wrote: > Hi, > > I am running ntop 3.1 on a RHEL3 (Whitebox) system. > I have installed using pre-compiled binaries from Dag Wiers site, as > well as rebuilding the RPM myself and installing that. I have not > tried the tar ball. > Kernel 2.4.21-15.0.3.EL > The underlying hardware is a Via EPIA M6000 with a added tulip based > ethernet card > > The problem I am having is that ntop only seems to properly capture > packets if I do not give it any command line options. > > If I run ntop plain as root it starts up and listens to the default > port 3000. I connect and get graphs for all the current data. If I run > ntop with a switch the interface still comes up but the interface > reports no packets captured. > > eg. ntop -d or ntop -d -L or using /etc/ntop.conf > > Does anyone know what might be causing this issue? > > The other thing I noticed is that when I hit crtl-c to stop the plain > command line ntop I often got a segfault when it closed. Not sure if > that is normal. > > Also is there an archive for this list? > > Thanks for any suggestions, > > Terrence > > > > > > > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
