I followed Kurt's advice and my failing ntop install has been running for almost 14 hours without a glitch.
R.C. Martinez IT Systems Administration and Support Quanta Computers - Nashville 1621 Heil Quaker Blvd La Vergne, TN 37086 voice: 615.501.7500 ext 152 fax: 615.501.7540 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, December 21, 2007 2:32 AM To: [email protected] Subject: [SPAM]Ntop Digest, Vol 43, Issue 20 Send Ntop mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://listgateway.unipi.it/mailman/listinfo/ntop or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Ntop digest..." Today's Topics: 1. RE: RE: Ntop Digest, Vol 43, Issue 17 (Gary Gatten) 2. Re: RE: Ntop Digest, Vol 43, Issue 17 (Kurt Buff) 3. NTOP 3.2.2 win32 not resolving local IP (Lannie Schafroth) 4. RE: NTOP 3.2.2 win32 not resolving local IP (Gary Gatten) 5. RE: RE: Ntop Digest, Vol 43, Issue 17 (Tim Boyer) ---------------------------------------------------------------------- Message: 1 Date: Thu, 20 Dec 2007 11:14:15 -0600 From: "Gary Gatten" <[EMAIL PROTECTED]> Subject: RE: [Ntop] RE: Ntop Digest, Vol 43, Issue 17 To: <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" Is Snort using libpcap also? I'm not sure about multiple apps trying to put the interfaces in promiscuous mode and if they would all play together nicely. Maybe kill snort and see what happens? I think best practices would prefer your IDS on dedicated hardware anyway. G -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Boyer Sent: Wednesday, December 19, 2007 8:02 PM To: [email protected] Subject: RE: [Ntop] RE: Ntop Digest, Vol 43, Issue 17 > Tim Boyer wrote: > > > On Dec 19, 2007 11:31 AM, Tim Boyer <[EMAIL PROTECTED]> wrote: > > > > > > > > > > When I had that problem, I stopped ntop, blew away all of the > > > > > RRD directories and all of the .db files except for > > > > > ntop_pw.db and prefsCache.db. > > > > > > > > > > Since then, it's been running fine - well over a month now. > > > > > > > > > > I suspect that the actual culprit was dnsCache.db, based on > > > > > previous conversations on this list, but can't confirm that. > > > > > > > > > > > > > > > Kurt > > > > > > > > Did all that. ntop didn't last a minute. > > > > > > Rebuild the box? Break out the debugger? > > > > Yeah, that's the next step. Except everything's working fine > > - except for > > ntop. I hate to rebuild just for that, much as I want ntop. > > What else are you running on the box? > > Kurt It's a RHEL5 system, acting as my internal router, so it's got four nics, and it's running snort, squid, and zenoss. -- tim -- _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> ------------------------------ Message: 2 Date: Thu, 20 Dec 2007 09:41:51 -0800 From: "Kurt Buff" <[EMAIL PROTECTED]> Subject: Re: [Ntop] RE: Ntop Digest, Vol 43, Issue 17 To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 This was my thought also. Of course, this makes it more difficult to put ntop/IDS/etc. at strategic points in the network. On Dec 20, 2007 9:14 AM, Gary Gatten <[EMAIL PROTECTED]> wrote: > Is Snort using libpcap also? I'm not sure about multiple apps trying to > put the interfaces in promiscuous mode and if they would all play > together nicely. Maybe kill snort and see what happens? I think best > practices would prefer your IDS on dedicated hardware anyway. > > G > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Tim Boyer > Sent: Wednesday, December 19, 2007 8:02 PM > To: [email protected] > Subject: RE: [Ntop] RE: Ntop Digest, Vol 43, Issue 17 > > > > Tim Boyer wrote: > > > > On Dec 19, 2007 11:31 AM, Tim Boyer <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > When I had that problem, I stopped ntop, blew away all of the > > > > > > RRD directories and all of the .db files except for > > > > > > ntop_pw.db and prefsCache.db. > > > > > > > > > > > > Since then, it's been running fine - well over a month now. > > > > > > > > > > > > I suspect that the actual culprit was dnsCache.db, based on > > > > > > previous conversations on this list, but can't confirm that. > > > > > > > > > > > > > > > > > > Kurt > > > > > > > > > > Did all that. ntop didn't last a minute. > > > > > > > > Rebuild the box? Break out the debugger? > > > > > > Yeah, that's the next step. Except everything's working fine > > > - except for > > > ntop. I hate to rebuild just for that, much as I want ntop. > > > > What else are you running on the box? > > > > Kurt > > It's a RHEL5 system, acting as my internal router, so it's got four > nics, > and it's running snort, squid, and zenoss. > > -- tim -- > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > <font size="1"> > <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in > 0in 1.0pt 0in'> > </div> > "This email is intended to be reviewed by only the intended recipient > and may contain information that is privileged and/or confidential. > If you are not the intended recipient, you are hereby notified that > any review, use, dissemination, disclosure or copying of this email > and its attachments, if any, is strictly prohibited. If you have > received this email in error, please immediately notify the sender by > return email and delete this email from your system." > </font> > > _______________________________________________ > > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > ------------------------------ Message: 3 Date: Thu, 20 Dec 2007 15:43:26 -0600 From: "Lannie Schafroth" <[EMAIL PROTECTED]> Subject: [Ntop] NTOP 3.2.2 win32 not resolving local IP To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" I have compiled NTOP 3.2.2 using MingW with a guide I found on the net. It works much better then the OPENEXTRA version I had before. The only thing it is not doing is resolving local IP addresses to names. All Windows based machines register with DNS and WINS. I have a few MAC OS X machines that register with DNS but I cannot get all my MAC systems to do it since they go across several VLANS and the static DHCP mapping on my DNS 2k3 server wont assign them an IP if they move from one VLAN to another. (thats another subject - MAC computers register with DNS via DHCP) I have the MAC machines in WINS until I can get the DHCP and VLAN stuff working. I can do a NSLOOKUP from a MAC or a PC using my DNS server and it works. This means the WINS lookup is working. NTOP shows all names that are PTR records in DNS but do not show any that reside in WINS. I have the WINS lookups feature enabled in my DNS server. Is there a way to make NTOP resolve these names? Lannie Schafroth Technology Coordinator Winterset Community Schools -------------- next part -------------- An HTML attachment was scrubbed... URL: http://listgateway.unipi.it/pipermail/ntop/attachments/20071220/a20ca722/attachment-0001.htm ------------------------------ Message: 4 Date: Thu, 20 Dec 2007 15:58:15 -0600 From: "Gary Gatten" <[EMAIL PROTECTED]> Subject: RE: [Ntop] NTOP 3.2.2 win32 not resolving local IP To: <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" Did you read the FAQ on name res? Some good info in there on how it does DNS snooping and stuff. If the names resolve via DNS query - then nTop should be able to resolve them. AFAIK nTop will not do WINS / Netbios lookups. G ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lannie Schafroth Sent: Thursday, December 20, 2007 3:43 PM To: [email protected] Subject: [Ntop] NTOP 3.2.2 win32 not resolving local IP I have compiled NTOP 3.2.2 using MingW with a guide I found on the net. It works much better then the OPENEXTRA version I had before. The only thing it is not doing is resolving local IP addresses to names. All Windows based machines register with DNS and WINS. I have a few MAC OS X machines that register with DNS but I cannot get all my MAC systems to do it since they go across several VLANS and the static DHCP mapping on my DNS 2k3 server wont assign them an IP if they move from one VLAN to another. (thats another subject - MAC computers register with DNS via DHCP) I have the MAC machines in WINS until I can get the DHCP and VLAN stuff working. I can do a NSLOOKUP from a MAC or a PC using my DNS server and it works. This means the WINS lookup is working. NTOP shows all names that are PTR records in DNS but do not show any that reside in WINS. I have the WINS lookups feature enabled in my DNS server. Is there a way to make NTOP resolve these names? Lannie Schafroth Technology Coordinator Winterset Community Schools <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://listgateway.unipi.it/pipermail/ntop/attachments/20071220/b4d1af88/attachment-0001.htm ------------------------------ Message: 5 Date: Thu, 20 Dec 2007 20:31:36 -0500 From: "Tim Boyer" <[EMAIL PROTECTED]> Subject: RE: [Ntop] RE: Ntop Digest, Vol 43, Issue 17 To: <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" Killed off snort; started ntop - didn't last 30 seconds. Tried it again, and it's been up for more than 15 minutes, but it just died. The third time, it died before I could even do a ps. > > This was my thought also. > > Of course, this makes it more difficult to put ntop/IDS/etc. at > strategic points in the network. > > On Dec 20, 2007 9:14 AM, Gary Gatten <[EMAIL PROTECTED]> wrote: > > Is Snort using libpcap also? I'm not sure about multiple > apps trying to > > put the interfaces in promiscuous mode and if they would all play > > together nicely. Maybe kill snort and see what happens? I > think best > > practices would prefer your IDS on dedicated hardware anyway. > > > > G > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of > > Tim Boyer > > Sent: Wednesday, December 19, 2007 8:02 PM > > To: [email protected] > > Subject: RE: [Ntop] RE: Ntop Digest, Vol 43, Issue 17 > > > > > > > Tim Boyer wrote: > > > > > On Dec 19, 2007 11:31 AM, Tim Boyer > <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > When I had that problem, I stopped ntop, blew > away all of the > > > > > > > RRD directories and all of the .db files except for > > > > > > > ntop_pw.db and prefsCache.db. > > > > > > > > > > > > > > Since then, it's been running fine - well over a > month now. > > > > > > > > > > > > > > I suspect that the actual culprit was > dnsCache.db, based on > > > > > > > previous conversations on this list, but can't > confirm that. > > > > > > > > > > > > > > > > > > > > > Kurt > > > > > > > > > > > > Did all that. ntop didn't last a minute. > > > > > > > > > > Rebuild the box? Break out the debugger? > > > > > > > > Yeah, that's the next step. Except everything's working fine > > > > - except for > > > > ntop. I hate to rebuild just for that, much as I want ntop. > > > > > > What else are you running on the box? > > > > > > Kurt > > > > It's a RHEL5 system, acting as my internal router, so it's got four > > nics, > > and it's running snort, squid, and zenoss. > > > > -- tim -- > > > > _______________________________________________ > > Ntop mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > > > > > > > <font size="1"> > > <div style='border:none;border-bottom:double windowtext > 2.25pt;padding:0in 0in 1.0pt 0in'> > > </div> > > "This email is intended to be reviewed by only the intended > recipient > > and may contain information that is privileged and/or confidential. > > If you are not the intended recipient, you are hereby notified that > > any review, use, dissemination, disclosure or copying of this email > > and its attachments, if any, is strictly prohibited. If you have > > received this email in error, please immediately notify > the sender by > > return email and delete this email from your system." > > </font> > > > > _______________________________________________ > > > > Ntop mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop ------------------------------ _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop End of Ntop Digest, Vol 43, Issue 20 ************************************ _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
