Hello,
We cannot capture anything with ntop. libpcap and tcpdump is fine. Please see
the details below. I have tried redhat 7 rpms (on 7.1 powertools cd), normal
tars and I have compiled all versions by hand. Compilation does not give any
errors or anything missing however nothing gets logged. Same story with all
ntop versions. I have tried all imaginable compile options with no success.
Our system is Redhat 7.1 with 2.4.2 kernel tuned for enterprise operations.
Correct interface is being used in ntop and libpcap works just fine.
Any ideas what I am doing wrong?
Thanks,
Kury Maria Dartanyan
-------------
# tcpdump
User level filter, protocol ALL, TURBO mode (575 frames), datagram packet
socket
tcpdump: listening on all devices
<snip>
44 packets received by filter
292 packets dropped by kernel
575 packets are not read yet
-------------
-------------
# ./ntop
Wait please: ntop is coming up...
31/May/2001:18:33:50 SSL is present but https is disabled: use -W <https
port>
for enabling it
31/May/2001:18:33:50 ntop v.2.0.0 MT (SSL) [i686-pc-linux] (05/31/01 06:28:27
PM build)
31/May/2001:18:33:50 Listening on [eth0]
31/May/2001:18:33:50 Copyright 1998-2001 by Luca Deri <deri@ntop.org>
31/May/2001:18:33:50 Get the freshest ntop from http://www.ntop.org/
31/May/2001:18:33:50 Initialising...
31/May/2001:18:33:50 Loading plugins (if any)...
31/May/2001:18:33:50 Searching plugins in ./plugins
31/May/2001:18:33:50 Welcome to icmpWatchPlugin. (C) 1999 by Luca Deri.
31/May/2001:18:33:50 Welcome to LastSeenWatchPlugin. (C) 1999 by Andrea
Marangoni.
31/May/2001:18:33:50 Welcome to nfsWatchPlugin. (C) 1999 by Luca Deri.
31/May/2001:18:33:50 Welcome to ntopRmon. (C) 2000 by Luca Deri.
31/May/2001:18:33:50 WARNING: plugin disabled [missing NET-SNMP]
31/May/2001:18:33:50 Welcome to WAPPlugin. (C) 2000 by Luca Deri.
31/May/2001:18:33:50
31/May/2001:18:33:50 Welcome to Pep (Perl embedded Plugin) (c) 2000 R.
Carbone
<rocco@ntop.org>.
31/May/2001:18:33:50
31/May/2001:18:33:50 WARNING: For security reasons it is STRONGLY recommended
to
31/May/2001:18:33:50 WARNING: run ntop as unprivileged user by using the -u
option!
31/May/2001:18:33:50 Resetting traffic statistics...
31/May/2001:18:33:50 Started thread (1026) for lsof support.
31/May/2001:18:33:50 Started thread (2051) for network packet analyser.
31/May/2001:18:33:50 Started thread (3076) for host traffic statistics.
31/May/2001:18:33:50 Started thread (4101) for throughput update.
31/May/2001:18:33:50 Started thread (5126) for idle hosts detection.
31/May/2001:18:33:50 Started thread (6151) for DNS address resolution.
31/May/2001:18:33:50 Initialising plugins (if any)...
31/May/2001:18:33:50 Waiting for HTTP connections on port 3000...
31/May/2001:18:33:50 Sniffying...
31/May/2001:18:33:50 Started thread (8201) for network packet sniffing on
eth0.
31/May/2001:18:34:14 Unloading plugins (if any)...
31/May/2001:18:34:14
31/May/2001:18:34:14 Thanks for having used PeP....
31/May/2001:18:34:14
31/May/2001:18:34:14 Thanks for using wapWatch...
31/May/2001:18:34:14 Done.
31/May/2001:18:34:14 Thanks for using nfsWatchPlugin...
31/May/2001:18:34:14 Done.
31/May/2001:18:34:14 Thanks for using LsWatch...
31/May/2001:18:34:14 Done.
31/May/2001:18:34:14 Thanks for using icmpWatch...
31/May/2001:18:34:14 Done.
0 packets received by filter on eth0
0 packets dropped by kernel
0 packets dropped by ntop
31/May/2001:18:34:14 Waiting until threads terminate...
31/May/2001:18:34:14 Terminating Web connections...
-------------
Here is an output from ifconfig (promisc turned on):
cipcb0 Link encap:IPIP Tunnel HWaddr
POINTOPOINT NOTRAILERS NOARP MTU:1442 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
dummy0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
eth0 Link encap:Ethernet HWaddr 00:D0:B7:BD:D2:84
inet addr:10.10.10.1 Bcast:10.10.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:48501465 errors:0 dropped:0 overruns:0 frame:0
TX packets:54711768 errors:0 dropped:0 overruns:6 carrier:0
collisions:0 txqueuelen:100
Interrupt:12 Base address:0xc400
eth0:1 Link encap:Ethernet HWaddr 00:D0:B7:BD:D2:84
inet addr:10.10.10.2 Bcast:10.10.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
Interrupt:12 Base address:0xc400
<snip>
----------------
_________________________________________________________
Don't Miss Your Favorite TV Programs with Maktoob TV Guide, http://maktoob.tv-now.net
We cannot capture anything with ntop. libpcap and tcpdump is fine. Please see
the details below. I have tried redhat 7 rpms (on 7.1 powertools cd), normal
tars and I have compiled all versions by hand. Compilation does not give any
errors or anything missing however nothing gets logged. Same story with all
ntop versions. I have tried all imaginable compile options with no success.
Our system is Redhat 7.1 with 2.4.2 kernel tuned for enterprise operations.
Correct interface is being used in ntop and libpcap works just fine.
Any ideas what I am doing wrong?
Thanks,
Kury Maria Dartanyan
-------------
# tcpdump
User level filter, protocol ALL, TURBO mode (575 frames), datagram packet
socket
tcpdump: listening on all devices
<snip>
44 packets received by filter
292 packets dropped by kernel
575 packets are not read yet
-------------
-------------
# ./ntop
Wait please: ntop is coming up...
31/May/2001:18:33:50 SSL is present but https is disabled: use -W <https
port>
for enabling it
31/May/2001:18:33:50 ntop v.2.0.0 MT (SSL) [i686-pc-linux] (05/31/01 06:28:27
PM build)
31/May/2001:18:33:50 Listening on [eth0]
31/May/2001:18:33:50 Copyright 1998-2001 by Luca Deri <deri@ntop.org>
31/May/2001:18:33:50 Get the freshest ntop from http://www.ntop.org/
31/May/2001:18:33:50 Initialising...
31/May/2001:18:33:50 Loading plugins (if any)...
31/May/2001:18:33:50 Searching plugins in ./plugins
31/May/2001:18:33:50 Welcome to icmpWatchPlugin. (C) 1999 by Luca Deri.
31/May/2001:18:33:50 Welcome to LastSeenWatchPlugin. (C) 1999 by Andrea
Marangoni.
31/May/2001:18:33:50 Welcome to nfsWatchPlugin. (C) 1999 by Luca Deri.
31/May/2001:18:33:50 Welcome to ntopRmon. (C) 2000 by Luca Deri.
31/May/2001:18:33:50 WARNING: plugin disabled [missing NET-SNMP]
31/May/2001:18:33:50 Welcome to WAPPlugin. (C) 2000 by Luca Deri.
31/May/2001:18:33:50
31/May/2001:18:33:50 Welcome to Pep (Perl embedded Plugin) (c) 2000 R.
Carbone
<rocco@ntop.org>.
31/May/2001:18:33:50
31/May/2001:18:33:50 WARNING: For security reasons it is STRONGLY recommended
to
31/May/2001:18:33:50 WARNING: run ntop as unprivileged user by using the -u
option!
31/May/2001:18:33:50 Resetting traffic statistics...
31/May/2001:18:33:50 Started thread (1026) for lsof support.
31/May/2001:18:33:50 Started thread (2051) for network packet analyser.
31/May/2001:18:33:50 Started thread (3076) for host traffic statistics.
31/May/2001:18:33:50 Started thread (4101) for throughput update.
31/May/2001:18:33:50 Started thread (5126) for idle hosts detection.
31/May/2001:18:33:50 Started thread (6151) for DNS address resolution.
31/May/2001:18:33:50 Initialising plugins (if any)...
31/May/2001:18:33:50 Waiting for HTTP connections on port 3000...
31/May/2001:18:33:50 Sniffying...
31/May/2001:18:33:50 Started thread (8201) for network packet sniffing on
eth0.
31/May/2001:18:34:14 Unloading plugins (if any)...
31/May/2001:18:34:14
31/May/2001:18:34:14 Thanks for having used PeP....
31/May/2001:18:34:14
31/May/2001:18:34:14 Thanks for using wapWatch...
31/May/2001:18:34:14 Done.
31/May/2001:18:34:14 Thanks for using nfsWatchPlugin...
31/May/2001:18:34:14 Done.
31/May/2001:18:34:14 Thanks for using LsWatch...
31/May/2001:18:34:14 Done.
31/May/2001:18:34:14 Thanks for using icmpWatch...
31/May/2001:18:34:14 Done.
0 packets received by filter on eth0
0 packets dropped by kernel
0 packets dropped by ntop
31/May/2001:18:34:14 Waiting until threads terminate...
31/May/2001:18:34:14 Terminating Web connections...
-------------
Here is an output from ifconfig (promisc turned on):
cipcb0 Link encap:IPIP Tunnel HWaddr
POINTOPOINT NOTRAILERS NOARP MTU:1442 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
dummy0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
eth0 Link encap:Ethernet HWaddr 00:D0:B7:BD:D2:84
inet addr:10.10.10.1 Bcast:10.10.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:48501465 errors:0 dropped:0 overruns:0 frame:0
TX packets:54711768 errors:0 dropped:0 overruns:6 carrier:0
collisions:0 txqueuelen:100
Interrupt:12 Base address:0xc400
eth0:1 Link encap:Ethernet HWaddr 00:D0:B7:BD:D2:84
inet addr:10.10.10.2 Bcast:10.10.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
Interrupt:12 Base address:0xc400
<snip>
----------------
_________________________________________________________
Don't Miss Your Favorite TV Programs with Maktoob TV Guide, http://maktoob.tv-now.net