[Ntop-dev] n t o p v e r s i o n '2.2' p r o b l e m r e p o r t

Micha Holzmann Mon, 25 Aug 2003 11:31:01 +0000

n t o p v e r s i o n '2.2' p r o b l e m r e p o r t

From: Micha Holzmann

EMail: [EMAIL PROTECTED]

Date: 2003-08-25 10:35:51 GMT

-------------------------------------------------------------------------------
Summary

OS: GNU/Linux version: Debian Woody 3.0

ntop from: source (debian/rules build; debian/rules binary)

Hardware:  CPU:           Celeron 1300 MHz
           # Processors:  1
           Memory:        392 MB
Network:
     Network Interface  0  eth0
     Ethernet:         481
     IP:               481
          Mfg: RealTek  Model: 8139
          NIC Speed: 100                Bus: PCI
          Location:  LAN
          Bandwidth: 100Mbps+
          # Hosts (machines): 2

     Network Interface  1  ppp0
     Ethernet:          25
     IP:                25
          Mfg: German Telekom  Model:
          NIC Speed: 100  Bus: PCI
          Location:  Public Internet
          Bandwidth: Dialup  DSL
          # Hosts (machines): 1

-------------------------------------------------------------------------------
Log extract
view attached ntop.log.zip


-------------------------------------------------------------------------------
Problem Description
ntop dies without any error notification. Suddenly it is gone. I do not find
the reason. I must restart

-------------------------------------------------------------------------------

ntop version.....2.2
Built on.....08/20/03 09:51:36 PM
OS.....i686-pc-linux-gnu
ntop Process Id.....6345
http Process Id.....6406

Command line

Started as..../usr/sbin/ntop -d -L -u ntop -w 192.168.1.254:3000 -W 192.168.1.254:3001 -p /etc/ntop/protocol.list -P /var/lib/ntop -a /var/lib/ntop/access.log -i eth0,ppp0 -t 5 -O /var/log/ntop/ -M

Resolved to..../usr/sbin/ntop
            -d
            -L
            -u
            ntop
            -w
            192.168.1.254
            -W
            192.168.1.254
            -p
            /etc/ntop/protocol.list
            -P
            /var/lib/ntop
            -a
            /var/lib/ntop/access.log
            -i
            eth0,ppp0
            -t
            5
            -O
            /var/log/ntop/
            -M

Command line parameters are:

-a | --access-log-path...../var/lib/ntop/access.log
-b | --disable-decoders.....(default)   No
-c | --sticky-hosts.....(default)   No
-d | --daemon.....Yes
-e | --max-table-rows.....(default)   128
-f | --traffic-dump-file.....(default)   (nil)
-g | --track-local-hosts.....(default)   Track all hosts
-o | --no-mac.....(default)   Trust MAC Addresses
-i | --interface   (effective).....eth0, ppp0
-k | --filter-expression-in-extra-frame.....(default)   No
-l | --pcap-log.....(default)   (nil)
-m | --local-subnets   (effective).....
-n | --numeric-ip-addresses.....(default)   No
-p | --protocols...../etc/ntop/protocol.list
-q | --create-suspicious-packets.....(default)   Disabled
-r | --refresh-time.....(default)   120
-s | --no-promiscuous.....(default)   No
-t | --trace-level.....5
-u | --user.....ntop (uid=108, gid=108)
-w | --http-server.....Active, address 192.168.1.254, port 3000
-z | --disable-sessions.....(default)   No
-B | --filter-expression.....(default)   none
-D | --domain.....pf.mhnet.de
-E | --enable-external-tools.....(default)   No
-F | --flow-spec.....(default)   none
-K | --enable-debug.....(default)   No
-L | --use-syslog.....daemon
-M | --no-interface-merge   (effective).....(parameter -M set, Interfaces separate) No
-O | --pcap-file-path...../var/log/ntop/
-P | --db-file-path.....(default)   /var/lib/ntop
-U | --mapper.....(default)   (nil)
-W | --https-server.....Active, address 192.168.1.254, port 3001
--throughput-chart-type.....(default)   Area
--ignore-sigpipe.....(default)   No
--ssl-watchdog.....(default)   No
--dynamic-purge-limits.....(default)   No
--reuse-rrd-graphics.....(default)   No
--p3p-cp.....(default)   none
--p3p-uri.....(default)   none
--disable-stopcap.....(default)   No


Note:    (effective)   means that this is the value after ntop has processed the 
parameter.
(default)   means this is the default value, usually (but not always) set by a #define 
in globals-defines.h.

Run time/Internal

External tool: lsof.....(no -E parameter): Disabled
Web server URL.....http://192.168.1.254:3000
SSL Web server URL.....https://192.168.1.254:3001
GDBM version.....This is GDBM version 1.7.3, as of May 19, 1994.
OpenSSL Version.....OpenSSL 0.9.6c 21 dec 2001
zlib version.....1.1.4
Protocol Decoders.....Enabled
Fragment Handling.....Enabled
Tracking only local hosts.....No
# IP Protocols Being Monitored.....18
# Protocol slots.....730
# IP Ports Being Monitored.....57
# Ports slots.....114
# Handled SIGPIPE Errors.....0
# Handled HTTP Requests.....20
Devices (Network Interfaces).....2
Domain name (short).....de
IP to country flag table (entries).....47455
Total Hash Collisions (Vendor/Special) (lookup).....0
Local Networks.....192.168.1.0/255.255.255.0 [device eth0]
          80.131.147.104/255.255.255.255 [device ppp0]

Memory allocation - data segment

arena limit, getrlimit(RLIMIT_DATA, ...).....-1
Allocated blocks (ordblks).....11
Allocated (arena).....4695816
Used (uordblks).....4663848
Free (fordblks).....31968

Memory allocation - mmapped

Allocated blocks (hblks).....6
Allocated bytes (hblkhd).....3084288

Memory Usage

IPX/SAP Hash Size (bytes).....1897
IP to country flag table (bytes).....1454304 (1.4 MB)
Bytes per entry.....30.6
Current memory usage.....7780104
Base memory usage.....6469384
Hosts stored (active+cache).....16 = (16 + 0)
(very) Approximate memory per host.....80.0KB

Host Memory Cache

Limit.....#define MAX_HOSTS_CACHE_LEN 512
Current Size.....0
Maximum Size.....0
# Entries Reused.....0

MAC/IPX Hash tables

IPX/SAP Hash Size (entries).....179
IPX/SAP Hash Collisions (load).....0
IPX/SAP Hash Collisions (use).....0

Packet queue

Queued to Process.....0
Maximum queue.....0

Host/Session counts - global

Purge idle hosts.....Enabled
Purged hosts.....0
Maximum hosts to purge per cycle.....512
DEFAULT_MAXIMUM_HOSTS_PURGE_PER_CYCLE.....512
Terminated Sessions.....38

Host/Session counts - Device 0 (eth0)
Actual Hash Size.....32
Stored hosts.....3 [9 %]
Sessions.....21
Max Num. Sessions.....21

Host/Session counts - Device 1 (ppp0)
Actual Hash Size.....32
Stored hosts.....13 [40 %]
Sessions.....0
Max Num. Sessions.....0

Address Resolution

DNS sniffed:

DNS Packets sniffed.....24
  less 'requests'.....12
  less 'failed'.....0
  less 'reverse dns' (in-addr.arpa).....5
DNS Packets processed.....7
Stored in cache (includes aliases).....4

IP to name - ipaddr2str():

Total calls.....14
....OK.....2
....Total not found.....12
........Not found in cache.....12
........Too old in cache.....0

Queued - dequeueAddress():

Total Queued.....12
Not queued (duplicate).....0
Maximum Queued.....8
Current Queue.....0

Resolved - resolveAddress():

Addresses to resolve.....12
....less 'Error: No cache database'.....0
....less 'Found in ntop cache'.....0
Gives: # gethost (DNS lookup) calls.....12

DNS lookup calls:

DNS resolution attempts.....12
....Success: Resolved.....12
....Failed.....0
........HOST_NOT_FOUND.....0
........NO_DATA.....0
........NO_RECOVERY.....0
........TRY_AGAIN (don't store).....0
........Other error (don't store).....0
DNS lookups stored in cache.....12
Host addresses kept numeric.....0

Vendor Lookup Table

Input lines read.....42478
Records added total.....6948
.....includes special records.....59
getVendorInfo() calls.....0
getSpecialVendorInfo() calls.....2
Found 48bit (xx:xx:xx:xx:xx:xx) match.....0
Found 24bit (xx:xx:xx) match.....2
Found multicast bit set.....0
Found LAA (Locally assigned address) bit set.....0

Thread counts

Active.....7
Dequeue.....1
Children (active).....2
Directory (search) order

Data Files......<br>/usr/share/ntop<br>
Config Files......<br>/etc/ntop<br>/etc<br>
Plugins....../plugins<br>/usr/lib/ntop/ntop/plugins<br>

Compile Time: ./configure

./configure parameters.....--prefix=/usr --libdir=/usr/lib/ntop --sysconfdir=/etc --localstatedir=/var/lib --bindir=/usr/sbin --mandir=/usr/share/man --enable-tcpwrap --with-zlib-lib=/usr/lib --with-zlib-include=/usr/include --with-libpng-lib=/usr/lib --with-libpng-include=/usr/include
Built on (Host).....i686-pc-linux-gnu
Built for (Target).....i686-pc-linux-gnu
compiler (cflags).....gcc -DLINUX -g -O2 -Wshadow -Wpointer-arith -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -fPIC -DHAVE_CONFIG_H
include path.....-I/home/holzmann/debian-packets/ntop/ntop-2.2.0/gdchart0.94c -I/home/holzmann/debian-packets/ntop/ntop-2.2.0/gdchart0.94c/gd-1.8.3 -I/usr/include
system libraries.....-lxml2 -lglib -lpthread -lresolv -lnsl -lssl -lcrypto -lpcap -lgdbm -ldl -lcrypt -lc -lz -L/home/holzmann/debian-packets/ntop/ntop-2.2.0/gdchart0.94c -lgdchart -L/home/holzmann/debian-packets/ntop/ntop-2.2.0/gdchart0.94c/gd-1.8.3 -lgd -L/usr/lib -lpng
install path...../usr
GNU C (gcc) version.....2.95.4 20011002 (Debian prerelease) (2.95.0)

Internationalization (i18n)

i18n enabled.....No

Compile Time: Debug settings in globals-defines.h

DEBUG.....no
ADDRESS_DEBUG.....no
DNS_DEBUG.....no
DNS_SNIFF_DEBUG.....no
FTP_DEBUG.....no
GDBM_DEBUG.....no
HASH_DEBUG.....no
HOST_FREE_DEBUG.....no
HTTP_DEBUG.....no
IDLE_PURGE_DEBUG.....no
MEMORY_DEBUG.....no
NETFLOW_DEBUG.....no
SEMAPHORE_DEBUG.....no
SESSION_TRACE_DEBUG.....no
SSLWATCHDOG_DEBUG.....no
STORAGE_DEBUG.....no
UNKNOWN_PACKET_DEBUG.....no

Compile Time: globals-define.h

PARM_PRINT_ALL_SESSIONS.....no
PARM_PRINT_RETRANSMISSION_DATA.....no
PARM_FORK_CHILD_PROCESS.....yes (normal)
CGI Scripts.....globals-defines.h: #define PARM_USE_CGI
Alternate row colors.....globals-defines.h: /* #define PARM_USE_COLOR */
Buggy gethostbyaddr() - use alternate implementation.....globals-defines.h: /* #define 
PARM_USE_HOST */
MAKE_ASYNC_ADDRESS_RESOLUTION.....yes
MAKE_WITH_SSLWATCHDOG.....yes
MAKE_WITH_SSLWATCHDOG_RUNTIME (derived).....yes
Bad IP Address table size.....globals-defines.h: #define MAX_NUM_BAD_IP_ADDRESSES 3
Minimum refresh interval (seconds).....#define PARM_MIN_WEBPAGE_AUTOREFRESH_TIME 15
Maximum # of Protocols to show in graphs.....#define MAX_NUM_PROTOS 64
Maximum # of routers (Local Subnet Routers report).....#define MAX_NUM_ROUTERS 512
Maximum # of network interface devices.....#define MAX_NUM_DEVICES 32
Maximum # of processes for lsof report.....#define MAX_NUM_PROCESSES_READLSOFINFO 1024
Maximum network size (hosts per interface).....#define MAX_SUBNET_HOSTS 1024
Allocated # of passive FTP sessions.....#define MAX_PASSIVE_FTP_SESSION_TRACKER 384
Inactive passive FTP session timeout (seconds).....#define 
PARM_PASSIVE_SESSION_MINIMUM_IDLE 60

Compile Time: Hash Table Sizes

Initial size.....#define CONST_HASH_INITIAL_SIZE 32
After 1st extend.....#define CONST_HASH_MINIMUM_SIZE 512
Intermediate increase factor.....#define CONST_HASH_INCREASE_FACTOR 2
Factor growth until.....#define CONST_HASH_FACTOR_MAXIMUM 4096
Then grow (linearly) by.....#define CONST_HASH_TERMINAL_INCREASE 4096

Compile Time: globals-define.h

Chart Format.....globals-report.h: #define CHART_FORMAT ".png"

Compile Time: config.h

CFG_ETHER_HEADER_HAS_EA.....no
CFG_MULTITHREADED.....yes
HAVE_ALARM.....yes
HAVE_ALLOCA.....yes
HAVE_ALLOCA_H.....yes
HAVE_ARPA_NAMESER_H.....yes
HAVE_BACKTRACE.....yes
HAVE_BZERO.....yes
HAVE_CTIME_R.....yes
HAVE_CURSES_H.....no
HAVE_DLFCN_H.....yes
HAVE_DL_H.....no
HAVE_DOPRNT.....no
HAVE_ENDPWENT.....yes
HAVE_ERRNO_H.....yes
HAVE_FACILITYNAMES.....yes
HAVE_FCNTL_H.....yes
HAVE_FORK.....yes
HAVE_GDBM_H.....yes
HAVE_GDCPIE_H.....yes
HAVE_GD_H.....yes
HAVE_GDOME_H.....no
HAVE_GETHOSTBYADDR.....yes
HAVE_GETHOSTBYADDR_R.....yes
HAVE_GETHOSTBYNAME.....yes
HAVE_GETHOSTNAME.....yes
HAVE_GETIPNODEBYADDR.....no
HAVE_GETPASS.....yes
HAVE_GETTIMEOFDAY.....yes
HAVE_GLIBCONFIG_H.....no
HAVE_GLIB_H.....no
HAVE_IF_H.....no
HAVE_IN6_ADDR.....yes
HAVE_INT16_T.....yes
HAVE_INT32_T.....yes
HAVE_INT64_T.....yes
HAVE_INT8_T.....yes
HAVE_INTTYPES_H.....yes
HAVE_LANGINFO_H.....yes
HAVE_LIBC.....yes
HAVE_LIBCRYPT.....yes
HAVE_LIBCRYPTO.....yes
HAVE_LIBDL.....yes
HAVE_LIBDLD.....no
HAVE_LIBGD.....yes
HAVE_LIBGDBM.....yes
HAVE_LIBGDOME.....no
HAVE_LIBGLIB.....yes
HAVE_LIBM.....no
HAVE_LIBNSL.....yes
HAVE_LIBPCAP.....yes
HAVE_LIBPNG.....yes
HAVE_LIBPOSIX4.....no
HAVE_LIBPTHREAD.....yes
HAVE_LIBPTHREADS.....no
HAVE_LIBRESOLV.....yes
HAVE_LIBRT.....no
HAVE_LIBSOCKET.....no
HAVE_LIBSSL.....yes
HAVE_LIBWRAP.....no
HAVE_LIBXML2.....no
HAVE_LIBZ.....yes
HAVE_LIMITS_H.....yes
HAVE_LOCALE_H.....yes
HAVE_LOCALTIME_R.....yes
HAVE_LONG_DOUBLE.....no
HAVE_MATH_H.....yes
HAVE_MEMCHR.....yes
HAVE_MEMORY_H.....yes
HAVE_MEMSET.....yes
HAVE_NCURSES_H.....no
HAVE_NDIR_H.....no
HAVE_NETDB_H.....yes
HAVE_OPENSSL.....yes
HAVE_OPENSSL_CRYPTO_H.....yes
HAVE_OPENSSL_ERR_H.....yes
HAVE_OPENSSL_PEM_H.....yes
HAVE_OPENSSL_RSA_H.....yes
HAVE_OPENSSL_SSL_H.....yes
HAVE_OPENSSL_X509_H.....yes
HAVE_PCAP_FREECODE.....yes
HAVE_PCAP_H.....yes
HAVE_PCAP_OPEN_DEAD.....yes
HAVE_PNG_H.....yes
HAVE_PTHREAD_H.....yes
HAVE_PUTENV.....yes
HAVE_PWD_H.....yes
HAVE_READLINE.....no
HAVE_READLINE_READLINE_H.....no
HAVE_RE_COMP.....yes
HAVE_REGCOMP.....yes
HAVE_REGEX.....yes
HAVE_RRD.....yes
HAVE_RRD_H.....yes
HAVE_SCHED_H.....yes
HAVE_SCHED_YIELD.....yes
HAVE_SECURITY_PAM_APPL_H.....yes
HAVE_SELECT.....yes
HAVE_SEMAPHORE_H.....yes
HAVE_SETJMP_H.....yes
HAVE_SHADOW_H.....yes
HAVE_SIGNAL_H.....yes
HAVE_SNPRINTF.....yes
HAVE_SOCKET.....yes
HAVE_SQRT.....yes
HAVE_STDARG_H.....yes
HAVE_STDIO_H.....yes
HAVE_STDLIB_H.....yes
HAVE_STRCASECMP.....yes
HAVE_STRCHR.....yes
HAVE_STRCSPN.....yes
HAVE_STRDUP.....yes
HAVE_STRERROR.....yes
HAVE_STRFTIME.....yes
HAVE_STRING_H.....yes
HAVE_STRINGS_H.....yes
HAVE_STRNCASECMP.....yes
HAVE_STRPBRK.....yes
HAVE_STRRCHR.....yes
HAVE_STRSPN.....yes
HAVE_STRSTR.....yes
HAVE_STRTOK_R.....yes
HAVE_STRTOUL.....yes
HAVE_SYS_DIR_H.....no
HAVE_SYS_IOCTL_H.....yes
HAVE_SYS_LDR_H.....no
HAVE_SYS_NDIR_H.....no
HAVE_SYS_RESOURCE_H.....yes
HAVE_SYS_SCHED_H.....no
HAVE_SYS_SOCKIO_H.....no
HAVE_SYS_TIME_H.....yes
HAVE_SYS_TYPES_H.....yes
HAVE_SYS_UN_H.....yes
HAVE_TCPD_H.....yes
HAVE_TM_ZONE.....yes
HAVE_TZNAME.....no
HAVE_U_INT16_T.....yes
HAVE_U_INT32_T.....yes
HAVE_U_INT64_T.....yes
HAVE_UINT64_T.....no
HAVE_U_INT8_T.....yes
HAVE_UNAME.....yes
HAVE_UNISTD_H.....yes
HAVE_VFORK.....yes
HAVE_VFORK_H.....no
HAVE_VPRINTF.....yes
HAVE_WORKING_FORK.....yes
HAVE_WORKING_VFORK.....yes
HAVE_ZLIB_H.....yes
MAKE_MICRO_NTOP.....no
MAKE_WITH_FTPDATA_ASSUMED.....no
MAKE_WITH_GDCHART.....yes
MAKE_WITH_I18N.....no
MAKE_WITH_IGNORE_SIGPIPE.....no
MAKE_WITH_LARGERRDPOP.....no
MAKE_WITH_SSLV3_SUPPORT.....no
MAKE_WITH_SSLWATCHDOG_COMPILETIME.....no
MAKE_WITH_ZLIB.....yes
__PROTOTYPES.....yes
PROTOTYPES.....yes
SETVBUF_REVERSED.....no
TIME_WITH_SYS_TIME.....yes
TM_IN_SYS_TIME.....no
CFG_CONFIGFILE_DIR - config file directory...../etc/ntop
CFG_DATAFILE_DIR - data file directory...../usr/share/ntop
CFG_DBFILE_DIR - database file directory...../var/lib/ntop
CFG_PLUGIN_DIR - plugin file directory...../usr/lib/ntop/ntop/plugins
CFG_RUN_DIR - run file directory...../var/lib/ntop
CFG_NEED_GETDOMAINNAME (getdomainname(2) function).....yes
CFG_xxxxxx_ENDIAN (Hardware Endian).....little

Compile Time: globals-defines.h

EMSGSIZE.....90
ETHERMTU.....1500
LEN_CMDLINE_BUFFER.....4096
LEN_FGETS_BUFFER.....512
LEN_GENERAL_WORK_BUFFER.....1024
LEN_MEDIUM_WORK_BUFFER.....64
LEN_SMALL_WORK_BUFFER.....16
LEN_TIME_STAMP_BUFFER.....2
MAKE_NTOP_PACKETSZ_DECLARATIONS.....no
MAKE_RMON_SUPPORT.....yes
MAKE_WITH_FORK_COPYONWRITE.....yes
MAKE_WITH_HTTPSIGTRAP.....no
MAKE_WITH_RRDSIGTRAP.....no
MAKE_WITH_SCHED_YIELD.....yes
MAKE_WITH_SEMAPHORES.....yes
MAKE_WITH_SYSLOG.....yes
MAKE_WITH_XMLDUMP.....no
MAX_ADDRESSES.....35
MAX_ALIASES.....35
MAX_ASSIGNED_IP_PORTS.....1024
MAXCDNAME.....255
MAX_DEVICE_NAME_LEN.....64
MAXDNAME.....1025
MAX_HASHDUMP_ENTRY.....65535
MAXHOSTNAMELEN.....64
MAX_HOSTS_CACHE_LEN.....512
MAX_IP_PORT.....65534
MAX_IPXSAP_NAME_HASH.....179
MAXLABEL.....63
MAX_LANGUAGES_REQUESTED.....4
MAX_LANGUAGES_SUPPORTED.....8
MAX_LASTSEEN_TABLE_SIZE.....4096
MAX_LEN_VENDOR_NAME.....64
MAX_NFS_NAME_HASH.....12288
MAX_NODE_TYPES.....8
MAX_NUM_BAD_IP_ADDRESSES.....3
MAX_NUM_CONTACTED_PEERS.....8
MAX_NUM_DEQUEUE_THREADS.....yes
MAX_NUM_DEVICES.....32
MAX_NUM_DHCP_MSG.....8
MAX_NUM_FIN.....4
MAX_NUM_IGNOREDFLOWS.....32
MAX_NUM_NETWORKS.....32
MAX_NUM_PROBES.....16
MAX_NUM_PROCESSES_READLSOFINFO.....1024
MAX_NUM_PROTOS.....64
MAX_NUM_PROTOS_SCREENS.....5
MAX_NUM_ROUTERS.....512
MAX_NUM_STORED_FLAGS.....4
MAX_PASSIVE_FTP_SESSION_TRACKER.....384
MAX_PER_DEVICE_HASH_LIST.....65535
MAX_SESSIONS_CACHE_LEN.....512
MAX_SSL_CONNECTIONS.....32
NAME_MAX.....255
NETDB_SUCCESS.....0
NS_CMPRSFLGS.....192
NS_MAXCDNAME.....255
PACKETSZ.....512
PARM_ENABLE_EXPERIMENTAL.....no
PARM_FORK_CHILD_PROCESS.....yes
PARM_MIN_WEBPAGE_AUTOREFRESH_TIME.....15
PARM_PASSIVE_SESSION_MINIMUM_IDLE.....60
PARM_PIPE_READ_TIMEOUT.....15
PARM_SESSION_PURGE_MINIMUM_IDLE.....600
PARM_SHOW_NTOP_HEARTBEAT.....no
PARM_SSLWATCHDOG_WAITWOKE_LIMIT.....5
PARM_USE_CGI.....yes
PARM_USE_COLOR.....no
PARM_USE_HOST.....no
PARM_USE_MACHASH_INVERT.....yes
PARM_USE_SESSIONS_CACHE.....no
PARM_WEDONTWANTTOTALKWITHYOU_INTERVAL.....300
SLL_HDR_LEN.....16
THREAD_MODE.....MT (SSL)

-------------------------------------------------------------------------------
Note: The generated id below should be unique. It's essentially a random 6 or 7
      character tracking tag for each problem report.  Since it's generated on
      your machine, we can't just use an ever increasing global number.

      While it should be unique, it is not traceable back to a specific user or
      machine.  If it makes you uncomfortable just delete it.

Problem Report Id: PR_EKTMAXX

ntop.log.zip
Description: Zip archive

[Ntop-dev] n t o p v e r s i o n '2.2' p r o b l e m r e p o r t

Reply via email to