Mailing List Archive

You have to specify a protocol filter.

Try ./ntop ip


>>> ntop@maktoob.com 01/06/2001 12:51:23 >>>
Hello,
We cannot capture anything with ntop. libpcap and tcpdump is fine. Please see
<snip>
# ./ntop
Wait please: ntop is coming up...

Are you using the libpcap that came with RH? If so, try removing the
rpm and compiling the latest libpcap yourself. Version is 0.6.2. I've
had similiar problems on SuSE that were fixed this way, even though
tcpdump/libpcap worked fine.

Also, try invoking it this way:

ntop -i eth0 -w 3000 -m 10.10.10.0/24 <- your LOCAL subnet

I also see you have the interface aliased. Wonder if that is causing
problems for ntop.....

Good luck,

Colin

What I did on Redhat 7.1 :
Deinstalled package libpcap 0.4-29.
Get new libpcap 0.6-2 .

Good Luck

-----Original Message-----
From: ntop-admin@unipi.it [mailto:ntop-admin@unipi.it]On Behalf Of Marry
Carpenter
Sent: Friday, June 01, 2001 12:51 AM
To: ntop@unipi.it
Subject: [Ntop] Can't caputure anything


Hello,
We cannot capture anything with ntop. libpcap and tcpdump is fine. Please
see
the details below. I have tried redhat 7 rpms (on 7.1 powertools cd), normal
tars and I have compiled all versions by hand. Compilation does not give any
errors or anything missing however nothing gets logged. Same story with all
ntop versions. I have tried all imaginable compile options with no success.

Our system is Redhat 7.1 with 2.4.2 kernel tuned for enterprise operations.
Correct interface is being used in ntop and libpcap works just fine.

Any ideas what I am doing wrong?
Thanks,
Kury Maria Dartanyan

-------------
# tcpdump
User level filter, protocol ALL, TURBO mode (575 frames), datagram packet
socket
tcpdump: listening on all devices
<snip>
44 packets received by filter
292 packets dropped by kernel
575 packets are not read yet
-------------

-------------
# ./ntop
Wait please: ntop is coming up...
31/May/2001:18:33:50 SSL is present but https is disabled: use -W <https
port>
for enabling it
31/May/2001:18:33:50 ntop v.2.0.0 MT (SSL) [i686-pc-linux] (05/31/01
06:28:27
PM build)
31/May/2001:18:33:50 Listening on [eth0]
31/May/2001:18:33:50 Copyright 1998-2001 by Luca Deri <deri@ntop.org>
31/May/2001:18:33:50 Get the freshest ntop from http://www.ntop.org/
31/May/2001:18:33:50 Initialising...
31/May/2001:18:33:50 Loading plugins (if any)...
31/May/2001:18:33:50 Searching plugins in ./plugins
31/May/2001:18:33:50 Welcome to icmpWatchPlugin. (C) 1999 by Luca Deri.
31/May/2001:18:33:50 Welcome to LastSeenWatchPlugin. (C) 1999 by Andrea
Marangoni.
31/May/2001:18:33:50 Welcome to nfsWatchPlugin. (C) 1999 by Luca Deri.
31/May/2001:18:33:50 Welcome to ntopRmon. (C) 2000 by Luca Deri.
31/May/2001:18:33:50 WARNING: plugin disabled [missing NET-SNMP]
31/May/2001:18:33:50 Welcome to WAPPlugin. (C) 2000 by Luca Deri.
31/May/2001:18:33:50
31/May/2001:18:33:50 Welcome to Pep (Perl embedded Plugin) (c) 2000 R.
Carbone
<rocco@ntop.org>.
31/May/2001:18:33:50
31/May/2001:18:33:50 WARNING: For security reasons it is STRONGLY
recommended
to
31/May/2001:18:33:50 WARNING: run ntop as unprivileged user by using the -u
option!
31/May/2001:18:33:50 Resetting traffic statistics...
31/May/2001:18:33:50 Started thread (1026) for lsof support.
31/May/2001:18:33:50 Started thread (2051) for network packet analyser.
31/May/2001:18:33:50 Started thread (3076) for host traffic statistics.
31/May/2001:18:33:50 Started thread (4101) for throughput update.
31/May/2001:18:33:50 Started thread (5126) for idle hosts detection.
31/May/2001:18:33:50 Started thread (6151) for DNS address resolution.
31/May/2001:18:33:50 Initialising plugins (if any)...
31/May/2001:18:33:50 Waiting for HTTP connections on port 3000...
31/May/2001:18:33:50 Sniffying...
31/May/2001:18:33:50 Started thread (8201) for network packet sniffing on
eth0.
31/May/2001:18:34:14 Unloading plugins (if any)...
31/May/2001:18:34:14
31/May/2001:18:34:14 Thanks for having used PeP....
31/May/2001:18:34:14
31/May/2001:18:34:14 Thanks for using wapWatch...
31/May/2001:18:34:14 Done.
31/May/2001:18:34:14 Thanks for using nfsWatchPlugin...
31/May/2001:18:34:14 Done.
31/May/2001:18:34:14 Thanks for using LsWatch...
31/May/2001:18:34:14 Done.
31/May/2001:18:34:14 Thanks for using icmpWatch...
31/May/2001:18:34:14 Done.
0 packets received by filter on eth0
0 packets dropped by kernel
0 packets dropped by ntop
31/May/2001:18:34:14 Waiting until threads terminate...
31/May/2001:18:34:14 Terminating Web connections...
-------------

Here is an output from ifconfig (promisc turned on):

cipcb0 Link encap:IPIP Tunnel HWaddr
POINTOPOINT NOTRAILERS NOARP MTU:1442 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100

dummy0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0

eth0 Link encap:Ethernet HWaddr 00:D0:B7:BD:D2:84
inet addr:10.10.10.1 Bcast:10.10.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:48501465 errors:0 dropped:0 overruns:0 frame:0
TX packets:54711768 errors:0 dropped:0 overruns:6 carrier:0
collisions:0 txqueuelen:100
Interrupt:12 Base address:0xc400

eth0:1 Link encap:Ethernet HWaddr 00:D0:B7:BD:D2:84
inet addr:10.10.10.2 Bcast:10.10.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
Interrupt:12 Base address:0xc400
<snip>
----------------

_________________________________________________________
Don't Miss Your Favorite TV Programs with Maktoob TV Guide,
http://maktoob.tv-now.net


_______________________________________________
Ntop mailing list
Ntop@unipi.it
http://listmanager.unipi.it/mailman/listinfo/ntop