Basically you're right - the code is in report.c, function (line 70)ff...
The header is printed ~ line 230, and the body of the report follows.
Down around 402 is this code, to dump the protocols being monitored:
for(i=0; inumIpProtosToMonitor; i++) {
totalIPTraffic
]On Behalf Of KORN
Andras
Sent: Tuesday, January 01, 2002 11:57 AM
To: [EMAIL PROTECTED]
Subject: Re: [Ntop] More info on previously reported traffic mis-assignment
bug
On Mon, Dec 31, 2001 at 03:19:12PM -0600, Burton M. Strauss III wrote:
Hi,
Why bother re-inventing the wheel?
[...] regarding Li
Re your switch issue...
When you say connected to a switch, what do you mean?
Think about how a switch operates...
A switch receives a packet on an interface.
It analyzes the packet (MAC address) and determines which port the
destination is on.
The packet is copied to that port (and
As I'm busy researching the network behaviour of such peer-to-peer
applications and I think there are two options to make ntop monitor such
protocols:
* Write a plug-in to handle the protocol. However AFAIK a plug-in cannot
access the content of reassembled TCP transmissions, which is needed for
Don't turn on netflow? :-)
Looks like a common problem - quoting from Cisco's documentation:
Cisco IOS Router-Based NetFlow Aggregation
Customers can expect a large volume of export data from NetFlow when it is
enabled on many interfaces on high-end routers that switch many flows per
unit time
1) Move the code in main.c:
/* Patch courtesy of Burton M. Strauss III [EMAIL PROTECTED] */
if(protoSpecs != NULL) {
if(protoSpecs[0] != '\0')
handleProtocols(protoSpecs);
free(protoSpecs);
}
up before the call to postCommandLineArgumentsInitialization(lastTime);
Or pull
That is, those of you who are having NTop shutdown without explanation and
you're sure you have enough memory.
Some of you are seeing Ntop fail and swear you aren't memory constrained
(I'd really ask you to try shutting down un-necessary daemons, at least to
show it isn't memory). The failure
You will get that if:
1. You don't have enough memory - but that's a very narrow range of
available memory where it fails
2. The database directory doesn't exist
3. You don't have access to the database file.
Make sure that dnsCache.db exists and that you can read/write to it.
-Burton
This is a summary of problems with Ntop 2.0 that I am aware of, and have
done at least some preliminary investigation of.
Disclaimer: This is all what I think I know and have seen from reading code
and running Ntop for a short while. If I'm wrong, let me know. Please!
For many of them, I've
Two ways...
one, you can select specific interface(s) to monitor with the -i option
two, you can use a bnf filter expression (see the tcpdump man page)
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
lightbit
Sent: Wednesday, January 16,
Check void initLibpcap(char* rulesFile, int numDevices) {} in initialize.c
for the call to pcap_lookupnet()...
There is also something that goes on in initDevices(), but I'm not really
sure why it does that. I *thought* pcap_lookupnet() would retrieve it
all... I'm guessing they just took
1. Check the version that comes with Ntop's Windows demo
I've used that version on 98SE and 2K, never tried XP.
I don't know that it's been tested on XP. You may be in for trouble...
Remember that libpcap 0.6.2 predates the XP release...
You may have to get the source and
This is a really stupid question, or an incredibly astute one...
What are the chances you have the old v1.3 off the PowerTools CD installed
in one place and the new 2.0 that you've compiled from scratch in another.
And that your manual run and the one in /etc/rc.d/init.d/ntop are pointing
at
?
Thanks,
Jen-Lung
- Original Message -
From: Burton M. Strauss III [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, January 17, 2002 7:29 AM
Subject: RE: [Ntop] Can't run ntop on Windows ME
1. DOS memory, which is what you're showing, isn't meaningful. However,
yes, 128MB should
(Excerpted from a 07Jan2001 post to ntop and ntop-dev)
We don't mind helping people, but you do have to give the rest of the people
monitoring this mailing list some basic information.
I've given notice that I will not reply to ANY NTop has a bug messages
unless you provide some reasonable
Network
Private LAN
30 machines
Help me please,
Watch the graphic, please.
Slds,
José Luis
- Original Message -
From: Burton M. Strauss III [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, January 18, 2002 4:05 PM
Subject: RE: [Ntop] No graphics
(Excerpted
That *should* be ok... on my system,
/usr/share/ntop has the .db files:
LsWatch.db
addressCache.db
dnsCache.db
full_protocol.list
hostsInfo.db
html
logger.db
ntop.access.log
ntop_pw.db
plugins
protocol.list
/usr/share/ntop/html has
Off hand no... If the chart generation fails, you usually get the X graphic
from your browser.
In addition to what's below, please post the HTML source. Right click in
the frame near the missing graphic, select View Source and then cutpaste
that file.
(Excerpted Slightly updated from a
Sure... look at the style.css file in the html directory.
(I think it works, but haven't tried it myself. Please be sure and report
back to the list your success or failure)
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Robin
Atwood
Norton
Network Administrator
WareNet
[EMAIL PROTECTED]
(949) 417 - 2300 x 2360
(888) 927 - 3329 (Fax)
WebSite Development, Web Hosting, Connectivity, Colocation
aim: deveyn
-Original Message-
From: Burton M. Strauss III [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 17, 2002 2:44 PM
HTTP_REQUEST_TIMEOUT is set in http.c:
static int readHTTPheader(char* theRequestedURL,
int theRequestedURLLen,
char *thePw, int thePwLen) {
...
/* select returns immediately */
wait_time.tv_sec = 10; wait_time.tv_usec = 0;
How about the file called ntop_pw.db
typically in /usr/share/ntop
Delete it and it's recreated automatically on the next run
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Rinaldi J. Montessi
Sent: Saturday, January 19, 2002 9:20 PM
To:
1. You should ALWAYS change default passwords of any administrative tool.
Period.
2. You can easily patch Ntop to remove the display. I'll send that to Luca.
Look for a --no-admin-password-hint flag
3. At least it now asks for confirmation (you're welcome, btw, :-))
-Burton
Sounds like the images were not copied. Look in .../html/statsicons. Those
are not related to gdchart - that's what produces the pie charts, etc. If
the install fails, those last few copies may not have been done - often due
to a missing man directory - check the list archive for Guillaume's
I'm pretty sure I posted about this problem a couple of days back, haven't
had time to dig into it. It's bombing at address.c ~ 850, usually on long
(multiple ips) DNS (like www.yahoo.com, etc.) I think the buffer is too
small. But I don't have a resolution.
You can try running under gdb and
...
J
-Original Message-
From: Burton M. Strauss III [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 28, 2002 4:27 PM
To: [EMAIL PROTECTED]
Subject: RE: [Ntop] seg fault?
I'm pretty sure I posted about this problem a couple of days back, haven't
had time to dig into it. It's bombing
You've neglected to give us ANY information about your setup.
Guess: It looks like you don't have a full/proper install of gdbm or didn't
run configure.
1. Make sure you have gdbm installed properly. Ntop looks for two files:
test -r $GDBM_ROOT/libgdbm.a
test -r $GDBM_ROOT/gdbm.h
2.
Unclear what you mean by modify. If you're talking about the reported
data, not that I know of. I guess you could - while Ntop was shutdown -
edit the .db file - but you would have to pull out the format from Ntop's
code...
-Burton
-Original Message-
From: [EMAIL PROTECTED]
:
Wednesday, January 30, 2002 5:06 AMTo:
[EMAIL PROTECTED]Subject: Re: [Ntop] building
problem"Burton M. Strauss III" wrote:
You've neglected to give us ANY information about
your setup.Hey don't get mad man, I supposed the output of make
would be enough.. seems not.
Doubt it...
I suspect the file doesn't exist - check the code, Ntop's processing is to
try and open the file. If it can't open it, it treats it as a list of
protocol names, for which /root/... is not valid.
If it does exist, make sure you have read access to the file (although I'm
pretty sure
Download and build the latest source. (Check the archives for the history
of the -M bug)
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Switenky, Shawn
Sent: Wednesday, January 30, 2002 3:11 PM
To: [EMAIL PROTECTED]
Subject: [Ntop] Newly
, January 31, 2002 5:05 AM
To: [EMAIL PROTECTED]
Subject: Re: [Ntop] building problem
Burton M. Strauss III wrote:
The configure script would have failed with a pretty clear message - scroll
up about a page - if you had run it without gdbm installed. Instructions on
how to install are in docs/BUILD
Chris Picton has the same problem - when I was tracing it before Luca's
patch, I found two distinct paths into getHostInfo(), which would come from
different devices - I think that's the problem, but haven't had time to dig
in to it.
-Burton
-Original Message-
From: [EMAIL
(Excerpted Slightly updated from a 07Jan2001 post to ntop and ntop-dev)
We don't mind helping people, but you do have to give the rest of the people
monitoring this mailing list some basic information.
I've given notice that I will not reply to ANY NTop has a bug messages
unless you provide
Um...
did you follow the direction to run gmake?
Now type 'make' or 'gmake' (GNU make) on
*BSD and Solaris systems to build ntop 2.0.0.
Otherwise, I'm clueless - you will probably need to diff the new Makefile
you've created against an older on that worked...
BTW:
Which version(s) and
The instructions printed at the end of configure tell you to run gmake under
Solaris...
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Charles Dennett
Sent: Friday, February 01, 2002 12:23 PM
To: [EMAIL PROTECTED]
Subject: [Ntop] Make error for ntop 2.0
a way around this
by saving the original Makefile.in.
Charlie
Burton M. Strauss III wrote:
The instructions printed at the end of configure tell you to run gmake
under
Solaris...
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Charles Dennett
Sent
Yes, I've seen it, it's on my known bug list, but doesn't happen often
enough to allow me to trace it down.
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Heiko
Wundram
Sent: Friday, February 01, 2002 4:29 PM
To: [EMAIL PROTECTED]
Subject:
Title: RE: [Ntop] can't find dependencies
I'll
give you an answer and a pointer.
The
answer - links need to be maintained. Would you rather effort went to
developing the program or keeping a web page up to date?
The
pointer:
Have you looked at Border Sniffer Mode. It's new (post 2.0), and from
reading the code and a very brief note from Luca, sounds like - maybe - it's
sort of in the same area.
main.c ~ 445:
case 'j':
/*
In this mode ntop sniffs from an interface on which
the traffic has
Gang:
It looks like the 06Feb2002 snapshot has fixed (at least for me) the plugins
compile problem. From a few diff's it looks like Luca has backed off to
automake 1.4 (was 1.4-p5, although I'm running 1.5). And also made a change
in configure.in back to what was in the initial 2.0 release.
I'm pretty sure it's NOT an Ntop problem. But I'm not sure that's going to
help you.
The behavior is perfectly understandable. In promiscuous mode, Ntop sees
everything. When the card drops back to normal mode, Ntop only sees traffic
to/from that one machine. If you manually flip it back
Because you have an incomplete install, permission problems,
etc.
Ntop
serves pages from .html files if it can find them
(/usr/share/ntop/html/index.html, for example) (check http.c around line 1050-
the comment is/* Search in the local directory first...
*/).
If it
can't find the file
For those of you who have been hanging back because of problems, give this
one a try!
It's fixed most of my issues, including
- IP Protos/IP Traffic, all traffic classified as remote (i.e. doesn't show
up)
- IP Subnet Traffic Matrix doesn't appear
- -M (merge interfaces) mode being forced
I've replied privately with some info gleaned from Kagi's web site... anyone
with DEFINITIVE answers, feel free to jump in...
-Burton
usual-disclaimerI am not affiliated with Luca Deri in any way, other than
being a vocal user of Ntop who has sent in some patches. My opinions are my
own,
(Excerpted Slightly updated from a 07Jan2001 post to ntop and ntop-dev)
We don't mind helping people, but you do have to give the rest of the people
monitoring this mailing list some basic information.
I've given notice that I will not reply to ANY NTop has a bug messages
unless you provide
Fred:
Saw your note in the archive, I don't seem to be getting messages directly.
sigh... another call to the ISP's helpless line...
Anyway... see my BMS/BMS's below...
-Burton
The warning: Some of the internal changes will cause huge diff's if you
compare the code. If you need to do
(main.c around line 911) for this:
/*
Moved from initialize.c (postCommandLineArgumentsInitialization) so that
we
don't add the defaults if the user has given us at least SOMETHING to
monitor
Fix courtesy of Burton M. Strauss III [EMAIL PROTECTED
256MB should be enough. Maybe... Since you say init.d, I'm guessing it's
some flavor of UNIX. But you know, I've been fooled before...
(Excerpted Slightly updated from a 07Jan2001 post to ntop and ntop-dev)
We don't mind helping people, but you do have to give the rest of the people
Ugh... the charts not showing up is a symptom of a failure in gdchart,
either it's not found, or there isn't enough memory for it to run, or some
other abort - it dies and ntop just continues on... But with 128MB of RAM,
you should be ok unless it is a big busy network - you don't say what the
The
RedHat scripts in the rpm seem to work ok for me. I hacked on 'em for the
parameters I wanted to use, but that's normal.
If it
dies, I guess the best would be a cron, every n-minutes, that checked if ntop
was running and restarted it if not.
Some
of the versions have stability
It's hard to tell - you don't say which version of ntop you are running,
where you got it from, etc.. And, if it's a prebuilt RPM package, what date
is the source.
There have been problems with the -M flag, although I haven't (yet?) seen
any current reports from people using the most current
I sat on this for a couple of days, pondering...
1) I had traffic classification problems, but that went away with the
12Feb2002 snapshot. Everything now looks right to my jaded eye. Up until
then, a lot of traffic was being classified as remote and not reported.
2) Token ring... I wonder if
The asm directory (note that case is important) should be in /usr/include/
Did you install the appropriate development libraries, including the linux
kernel headers??
[bstrauss@tigger html]$ rpm -q -f /usr/include/asm/sigcontext.h
kernel-headers-2.4.9-21
-Burton
-Original
look in the docs/BUILD-NTOP.txt file
Don't bother with 1.1... grab the latest source and try that!
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jane
Sun
Sent: Wednesday, February 13, 2002 8:00 PM
To: '[EMAIL PROTECTED]'
Subject: [Ntop]
(Excerpted Slightly updated from a 07Jan2001 post to ntop and ntop-dev)
Please give us more information...
Specifically:
Hardware
Type # of processors
Amount of memory
# network interfaces and types (vendor, bus, etc.)
Software
NTop version, source and any applied
Yes
-m tells ntop what is local, not what to monitor.
You need to use the -B option and create a filter. Off the top of my head,
something like this:
-B src or dst host aaa.bbb.ccc.ddd
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Axel
1) There was a bug related to -M always being on/off - it's been fixed.
2) There are a number of changes in the hashing tables, etc. Please try a
more recent snapshot.
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Domski, Samuel
Sent:
In my 04Feb2002 message about changes to ntop, I mentioned the zombie:
7. Some code that looks like it's work on the BSD zombie problem... grep for
usedFork... then again...
Have you tried one of the more recent snapshots? Feed back on whether it's
fixed would be useful...
-Burton
Um... Read the man page?
You have two choices.
One is to run a single instance and use the -M flag
Two is to run multiple instances, each monitoring separate nics
Make sure you are using a recent snapshot, as there were problems with -M in
the 2.0 released version.
-Burton
-Original
-recursive] Error 1
gmake[1]: Leaving directory `/tmp/ntop-current/ntop'
gmake: *** [all-recursive-am] Error 2
Any ideas how I can fix this and continue testing ?
At 07:26 AM 2/15/2002 -0600, Burton M. Strauss III wrote:
In my 04Feb2002 message about changes to ntop, I mentioned the zombie:
7. Some code
-am] Error 2
Any ideas how I can fix this and continue testing ?
At 07:26 AM 2/15/2002 -0600, Burton M. Strauss III wrote:
In my 04Feb2002 message about changes to ntop, I mentioned the zombie:
7. Some code that looks like it's work on the BSD zombie problem... grep
for
usedFork... then again
The 1st error can be ignored - file doesn't exist, so it can't rm it...
Anyway, in ntop after the 2.0 release (you don't tell us which version of
the source you are using...), those missing routines were refactored out of
pbuf.c into protocols.c, which I don't see in the list of .o files. I'm
What you see is what there is... you can look at http://www.ntop.org and
http://snapshot.ntop.org and in the docs/ directory.
Writing documentation would be a wonderful way to contribute to the ntop
project!
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL
Two solutions - Igor's:
mkdir /usr/.../man/man1/intop
will get you past the problem, however the intop.1 file will be in
.../man1/intop/intop.1 and won't be found by man. That's pretty minor.
You could also try regenerating the files with
./autogen.sh -1
(downloading the new automake isn't
Yes it is - and if you read the message traffic, you would have seen the
same report. But without the info, I would waste a lot of MY time on
irrelevant issues.
The key is the traffic mirroring.
You need to use a more recent version and use the '--border-sniffer-mode' or
'-j' option. This was
Once it fails, it won't install other files you need. Or the gdbm error
could be that you forgot to stop the prior instance of ntop. Third
possibility, the userid you are running under doesn't have rights to the
existing files (I've had that when I manually ran as root, then tried to run
a 2nd
In the version I have (I keep the 2.0 released as a reference), EMSGNUM is:
ntop.h: 526 #ifndef EMSGSIZE
ntop.h: 527 #define EMSGSIZE97 /* Inappropriate message
buffer length */
ntop.h: 528 #endif /* EMSGSIZE */
That's in turn wrapped in an
Replied in-line
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Igor
Schein
Sent: Saturday, February 16, 2002 9:14 AM
To: [EMAIL PROTECTED]
Subject: Re: [Ntop] a couple of questions
snip /
Thanks a lot for the useful tips. Now, I compiled
snip /
For your information i have re-installed ncurses 5.2, because when i launch
the
configure i have a problem. after this i have re-launch all the sequence
./autogen.sh -1
./configure
make
make install
BMSGlad it helped. Running autogen is always safe and is a really good
idea, because
1) I don't think it's really that bad - I've only seen two or three messages
a month...
2) The only way to fix it would be to make this a moderated list and that
isn't going to happen. Luca and his gang don't have the time, and with my
snippy little 'tude, you don't want ME doing it, do you???
Title: -release
How
about checking the mail list archives or reading replies to messages you've
already sent?
I've
posted three possible solutions in the FAQs athttp://snapshot.ntop.org.
-Burton
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On
1.
Throw away the v1.3 source RPM. It's old, different and nobody is
interested in offering any support for it.
2. The
RPM version - you don't say where you got it or what version it is... You
also don't give us information about your system. What OS, what version,
etc. As to rpms of
: [Ntop]
Urgent QueryAchually i am using Linux 7.1 redhat.
achually i have installed everything. Is there not any way so that i
can start those services(which are not working) from the present installation
schemes.
"Burton M. Strauss III" wrote:
1. Throw away the v
(Answering Bharat's question to the
list)
Multiple users allow you to control who can alter
ntop's performance and/or view specific information. If you look on the
"Admin" tab, you will see that you can create additional users and also control
which URLs can be executed by whom.
For
The relevant code is in pbuf.c, from line 1975ff. It's been a long time
since I last played with IPX at a low level, so I'll have to read it
offline... (Netware 2.15 and 3.11)
-Burton
If you want to give it a gander, it starts:
if((myGlobals.device[deviceId].datalink != DLT_PPP)
The intop problem has been discussed many times, and there is a solution
(two in fact) at http://snapshot.ntop.org/ in the FAQs.
As a 3rd solution, the makefile has been updated, but you may not have rerun
./autogen.sh -1 to recreate the generated files...
-Burton
-Original
ntop uses the libpcap library. Any syntax that libpcap (think tcpdump) will
accept, ntop will accept.
Just because ntop can select the packets, doesn't mean that ntop knows how
to interpret them or anything about the protocol - there are 1000s. Hence
the other bucket...
If you understand gre,
(I
just tested this)
If you
look at the right side of the screen for creating controlled URLs ( Admin | URLs
| Add URL) you will see the * of a wild card. So,proto should
match protoThis and protoThat. And a blank URL should (and does) match
everything. (In fact, it's there in the note at
Some
points...
1.
Email to the list, not privately to me. That way EVERYONE can benefit from
the discussion.
2. If
you ask another question, start a new email with a relevant subject line.
That way people can see what the question was in the
archives.
3.
Read the list
4. DO
NOT BE
1st thought: Yeah... it's not an ntop problem :-)
gd are in the gdchart or gd libraries that ntop uses. eval.c is - wait
one - I can't find it... odd!
Unfortunately, there isn't a lot of error testing or return codes in those
libraries. I'm guessing that ntop is passing it bad data and
EtiquetteI cannot email
to the list because Our network administrator has blocked the mailing list.
So in that way i am unable to get the feedback,for that reason i am
mailing you.
"Burton M. Strauss III" wrote:
Some points...1. Email to
the list, not privately to me. T
he related files which
are required for ntop,Along with it tell me the installation procedure also
because during installation we have to
create the directories manually
like /usr/local/var.
"Burton M. Strauss III" wrote:
1. Throw away the v1.3 source
RPM.
You are missing a required library. From the name, I'm guessing it's the
yacc package...
However, I can't seem to find any references to yylex in the source
The question was asked once before
(http://listmanager.unipi.it/pipermail/ntop/2001-June/000209.html), but no
reply ever surfaced.
I
I think you have to go back to the packager. As far as I know, it's not
coming out of http://www.ntop.org... Places like rpmfind.net have email
addresses for the packager... I would hope that any place you're installing
binaries from would have similar information!
Me? I would do a slocate
Yes. You are confused...
What is stored is the information about a host, not all of the counts, etc.
about a device (network interface).
And it's retrieved ONLY when traffic is seen from that host after the
restart.
So if you go into the host details (e.g. the 192.168.1.1.html page) you
Look in sql.c and mysql.c - for the traceEvent function - not to be picky or
anything - no, not me - but shouldn't that #ifndef DEBUG be #ifdef
DEBUG...for example:
void notifyTCPSession(IPSession *session, int actualDeviceId) {
HostTraffic *server, *client;
char dt1[32], dt2[32];
struct
If you
have to mod the make files, you should 1st rerun ./autogen.sh -1 to recreate
everything, or mode the .am and .in files...
You
did follow the instructions in docs/BUILD-NTOP.txt, didn't
you
Why do you "have to" mod them? I've run w. autoconf 1.4, 1.4p5
(RedHat) and 1.5...
If
No there isn't an RPM...
ventDOES ANYBODY BOTHER TO READ THE MAILING LIST OR DO THEY JUST POST
BLINDLY/vent
Check my message traffic with Bharat - I've only posted instructions 3 or 4
times in the last three days...
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL
Yes you would have to recompile to enable mySQL support - there is a ton of
ifdef code...
If I'm reading it right on a quick glance (database/mySQLscript.pl) is just
using the Perl ODBC interface to connect between ntop and mySQL...
Note that there is another choice, one that doesn't actively
Two basic choices that I'm aware of - I don't know if any other ones have
been tried - certainly the makefiles have no traces of it.
They are both gcc, but have different execution environments...
MinGW - Minimalist GNU For Windows at http://www.mingw.org/
MinGW is a collection of header files
I don't know about the internals of tcpdump.
I am guessing that it's talking TCP retransmits, which it would be able to
detect by the ACK flags and sequence #s?
I don't recall any code in ntop to specifically break those out - look at
processPacket() {in pbuf.c at the end) - that's where it's
}). It
always prints 0 Retran. packets. [0%] I looked in pbuf.c and there
doesn't seem to be any attempt to detect retransmitted packets. If this is
indeed supposed to be a count of retransmitted packets then it might be
misleading. Is it?
thanks
dilan
- Original Message -
From: Burton M
Nope... with v2, ntop is the collector and web server - the web page *is*
the output. Sniffying is the last output one would expect to see unless
the trace flag is set.
Basically - but understandably -your expectation is wrong...
unfortunately, the overview page on http://www.ntop.org is
...
-Original Message-From: Burton M. Strauss III
[mailto:[EMAIL PROTECTED]]Sent: Thursday, February 21, 2002
3:53 PMTo: [EMAIL PROTECTED]Cc:
[EMAIL PROTECTED]Subject: RE: [Ntop] ntop on
VT100
Nope... with v2, ntop is the collector and web server - the web page
*is* the output
(Translated via babelfish): It will be sure a moment in which mine already
modest Q.I. is come down under the levels of guard but to the page
www.ntop.org/download.html (where they are joint yearning of istallare ntop
on MacOS X) every via me seems preclusa: - link the HTTP is not active -
Daily
I think it's pseudo-english. When you do a google search on sniffying, it
asks Did you mean to search for: sniffing
You know what a (packet) sniffer is, right? So where a native techo-speaker
of english might say sniffing..., somebody added a stray Y..
Why? because we like you (Sorry, that's
Check the FAQs on http://snapshot.ntop.org
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, February 22, 2002 9:35 AM
To: [EMAIL PROTECTED]
Subject: [Ntop] help!
On Fri, 22 Feb 2002 [EMAIL PROTECTED] wrote:
Hello,
, but out of
curiousity, what version of gdbm are you running?
Rick Farina
Miami University
Systems Analysis Major
Burton M. Strauss III wrote:
In your web page, you have this...
I think it has something to do with gdbm. Let's try to tell ntop where
to
find gdbm.
Okay, first I make distclean.
Now
as I start clicking around the
web interface, it crashes.
Thanks again.
On Fri, Feb 22, 2002 at 11:29:58AM -0600, Burton M. Strauss III wrote:
Oh man... I've never read a Solaris core file (I had DBAs to do that FOR
me
grin /)... And IPv6 - you left that little gem out of the 1st message
Or: I
1 - 100 of 2192 matches
Mail list logo