I have some trouble running ntop on my debian 3.0r1 machine. To get a statistic for each device separately, I use the option "-M" but if I'm doing this, the program exits after a short time (aproximately 20 to 40 seconds) otherwise it runs well. I attached the output of ntop as an text file.
Furthermore the program doesn't store the "counted" traffic after a shutdown (although i started it without the option "-M").
Thanks, Mark
PS: This is an excellent programm, congradulations!
srv01:/tmp# ntop -cNMq -S 1 -A 2 -i ppp0,ippp0,eth0 -u ntop 1> ntop.log >ntop.log 2>ntop.log Wait please: ntop is coming up... 27/Jan/2003 16:07:09 Initializing IP services... 27/Jan/2003 16:07:09 Initializing GDBM... 27/Jan/2003 16:07:09 Initializing network devices... 27/Jan/2003 16:07:09 ntop v.2.0.0 MT [i686-pc-linux-gnu] (04/12/02 11:48:31 AM build) 27/Jan/2003 16:07:09 Listening on [ppp0,ippp0,eth0] 27/Jan/2003 16:07:09 Copyright 1998-2001 by Luca Deri <[EMAIL PROTECTED]> 27/Jan/2003 16:07:09 Get the freshest ntop from http://www.ntop.org/ 27/Jan/2003 16:07:09 Initializing... 27/Jan/2003 16:07:09 Loading plugins (if any)... 27/Jan/2003 16:07:09 Searching plugins in /usr/lib/ntop/ntop/plugins 27/Jan/2003 16:07:09 Welcome to LastSeenWatchPlugin. (C) 1999 by Andrea Marangoni. 27/Jan/2003 16:07:09 Welcome to icmpWatchPlugin. (C) 1999 by Luca Deri. 27/Jan/2003 16:07:09 Welcome to nfsWatchPlugin. (C) 1999 by Luca Deri. 27/Jan/2003 16:07:09 Resetting traffic statistics... 27/Jan/2003 16:07:09 Started thread (1026) for network packet analyser. 27/Jan/2003 16:07:09 Started thread (2051) for host traffic statistics. 27/Jan/2003 16:07:09 Started thread (3076) for throughput update. 27/Jan/2003 16:07:09 Started thread (4101) for idle hosts detection. 27/Jan/2003 16:07:09 Started thread (5126) for idle TCP sessions detection. 27/Jan/2003 16:07:09 Started thread (6151) for DNS address resolution. 27/Jan/2003 16:07:09 Started thread (7176) for address purge. 27/Jan/2003 16:07:09 Initializing plugins (if any)... 27/Jan/2003 16:07:09 Waiting for HTTP connections on port 3000... 27/Jan/2003 16:07:09 Sniffying... 27/Jan/2003 16:07:09 Started thread (9226) for network packet sniffing on ppp0. **27/Jan/2003 16:07:09 Two MAC addresses found for the same IP address 213.54.39.5: [D5:36:27:05:90:AA/D5:36:27:05:A4:F6] (spoofing detected?) ****27/Jan/2003 16:07:09 Extending hash: [old=32, new=48] **27/Jan/2003 16:07:09 Started thread (10251) for network packet sniffing on ippp0. **27/Jan/2003 16:07:09 Started thread (11276) for network packet sniffing on eth0. ****27/Jan/2003 16:07:09 Extending TCP hash [new size: 64] 27/Jan/2003 16:07:09 Extending hash: [old=48, new=72] ************27/Jan/2003 16:07:10 Extending hash: [old=72, new=108] 27/Jan/2003 16:07:10 Extending TCP hash [new size: 128] ****27/Jan/2003 16:07:10 Extending hash: [old=108, new=162] *************27/Jan/2003 16:07:12 Extending hash: [old=162, new=242] 27/Jan/2003 16:07:12 Extending TCP hash [new size: 256] **********27/Jan/2003 16:07:13 Extending hash: [old=242, new=362] *************27/Jan/2003 16:07:15 Extending TCP hash [new size: 512] ******27/Jan/2003 16:07:16 Extending hash: [old=362, new=542] **********27/Jan/2003 16:07:18 Detected ICMP msg [type=UNREACH/code=1] ->p213.54.39.5.tisdip.tiscali.de ***************************27/Jan/2003 16:07:21 Extending hash: [old=542, new=812] *27/Jan/2003 16:07:23 Detected ICMP msg [type=UNREACH/code=1] ->p213.54.39.5.tisdip.tiscali.de ************27/Jan/2003 16:07:24 Extending TCP hash [new size: 1024] 27/Jan/2003 16:07:24 WARNING: unknown protocol (no HTTP) detected (trojan?) at port 80 :58216->:80 [�>] **********************************************************27/Jan/2003 16:07:31 Index error idx=679 @ [pbuf.c:1079] 27/Jan/2003 16:07:31 Index error idx=480 @ [pbuf.c:1080] 27/Jan/2003 16:07:31 WARNING: both Ethernet and IP addresses are NULL 27/Jan/2003 16:07:31 WARNING: both Ethernet and IP addresses are NULL 27/Jan/2003 16:07:31 Extending hash: [old=812, new=1218] 27/Jan/2003 16:07:32 Index error idx=935 @ [pbuf.c:1079] 27/Jan/2003 16:07:32 Index error idx=74 @ [pbuf.c:1080] 27/Jan/2003 16:07:32 WARNING: both Ethernet and IP addresses are NULL 27/Jan/2003 16:07:32 WARNING: both Ethernet and IP addresses are NULL *************************************27/Jan/2003 16:07:45 Detected ICMP msg [type=UNREACH/code=1] ->p213.54.39.5.tisdip.tiscali.de 27/Jan/2003 16:07:45 Host [p213.54.39.5.tisdip.tiscali.de] sent UDP data to a closed port of host [:13990] (scan attempt?) 27/Jan/2003 16:07:46 Host [p213.54.39.5.tisdip.tiscali.de] sent UDP data to a closed port of host [:13990] (scan attempt?) ******27/Jan/2003 16:07:47 Host [p213.54.39.5.tisdip.tiscali.de] sent TCP data to a closed port of host [:6411] (scan attempt?) ***27/Jan/2003 16:07:48 Extending TCP hash [new size: 2048] ****27/Jan/2003 16:07:48 Extending hash: [old=1218, new=1826] 27/Jan/2003 16:07:49 Detected ICMP msg [type=UNREACH/code=13] ->p213.54.39.5.tisdip.tiscali.de 27/Jan/2003 16:07:49 Host [p213.54.39.5.tisdip.tiscali.de] sent ICMP Administratively Prohibited packet to host [] (Firewalking scan attempt?) ****27/Jan/2003 16:07:49 Index error idx=1130 @ [pbuf.c:2600] 27/Jan/2003 16:07:49 Index error idx=454 @ [pbuf.c:2654] 27/Jan/2003 16:07:49 Index error idx=212 @ [pbuf.c:2655] 27/Jan/2003 16:07:49 Index error idx=454 @ [pbuf.c:847] 27/Jan/2003 16:07:49 Index error idx=212 @ [pbuf.c:848] 27/Jan/2003 16:07:49 Sanity check failed (3) [Low memory?] 27/Jan/2003 16:07:49 WARNING: both Ethernet and IP addresses are NULL 27/Jan/2003 16:07:49 WARNING: both Ethernet and IP addresses are NULL ******************27/Jan/2003 16:07:58 Detected ICMP msg [type=TIMXCEED/code=0] ->p213.54.39.5.tisdip.tiscali.de 27/Jan/2003 16:08:00 Extending TCP hash [new size: 64] 27/Jan/2003 16:08:00 WARNING: Index 454 out of range [0..32] @ pbuf.c:1873 27/Jan/2003 16:08:00 WARNING: both Ethernet and IP addresses are NULL 27/Jan/2003 16:08:00 WARNING: both Ethernet and IP addresses are NULL ***27/Jan/2003 16:08:02 Detected ICMP msg [type=TIMXCEED/code=0] ->p213.54.39.5.tisdip.tiscali.de 27/Jan/2003 16:08:02 Extending TCP hash [new size: 128] 27/Jan/2003 16:08:02 WARNING: unknown protocol (no HTTP) detected (trojan?) at port 80 :58408->:80 [�>] 27/Jan/2003 16:08:02 Index error idx=454 @ [pbuf.c:2246] 27/Jan/2003 16:08:02 Index error idx=46 @ [pbuf.c:2247] 27/Jan/2003 16:08:02 Sanity check failed (4) [Low memory?] 27/Jan/2003 16:08:02 WARNING: both Ethernet and IP addresses are NULL 27/Jan/2003 16:08:02 WARNING: both Ethernet and IP addresses are NULL 27/Jan/2003 16:08:03 Index error idx=437 @ [pbuf.c:1079] 27/Jan/2003 16:08:03 Index error idx=109 @ [pbuf.c:1080] 27/Jan/2003 16:08:03 WARNING: both Ethernet and IP addresses are NULL 27/Jan/2003 16:08:03 WARNING: both Ethernet and IP addresses are NULL 27/Jan/2003 16:08:04 Index error idx=454 @ [pbuf.c:1079] 27/Jan/2003 16:08:04 Index error idx=775 @ [pbuf.c:1080] 27/Jan/2003 16:08:04 WARNING: both Ethernet and IP addresses are NULL 27/Jan/2003 16:08:04 WARNING: both Ethernet and IP addresses are NULL 27/Jan/2003 16:08:04 Extending hash: [old=32, new=48] 27/Jan/2003 16:08:04 Index 437 out of range (0...48) [hash.c:363] Segmentation fault srv01:/tmp#
