[Ntop-dev] 2.2.98 (2-Jan-2004 CVS) on FreeBSD 4.9-p1: minor startup problem + browse fail through SSH tunnel (URL Security)

Stanley Hopcroft Sat, 03 Jan 2004 02:38:23 -0800

Dear Ladies and Gentlemen,

I am writing with some observations on ntop 2.2.98 (CVS 2-Jan-2004) on
FreeBSD 4.9-RELEASE-p1.


1 Start up messages and problems

When ntop starts it emits the messages below :-

1.1 Despite the use of --skip-version-check, it does not appear to. 

The host is a small terminal server without Internet access.

1.2 There are two (2) ntops started; one fails when it tries to lock one
of the DB fils.

At this point ntop is functional.

2 However, I can't use it as freely as with ntop-2.2 since it appears to
resent tunnelled HTTP requests (through an ssh tunnel)

Jan  3 19:51:39 tssyd ntop[66104]:   **ERROR** URL
security: 'http://tssyd:3000/' rejected (code=2)(client=192.168.102.230)

192.168.102.230 is the ntop host.

The results are the same with Nav 4.79 and Firebird (0.61). Formerly I
was able to use at least Nav in this way.

The requests are for the index/start page and come via ssh port
forwarding (becuase I am at home); LWP automated requests for the dump
pages are working fine.

Very uniformative trace is below (from the clients prespective - not
unfortunately after traversing the tunnel): the sample request shows
none of the FAQ marked verboten chars - GET / HTTP/1.0 seems about as
innocent as one could get.

Lastly, the questions and answers fonnd by a Gmane search don't seem to
deal with this issue.

I am happy to enable tracing if someone can let me know what.

Yours sincerely.


-- 
------------------------------------------------------------------------
Stanley Hopcroft
------------------------------------------------------------------------

'...No man is an island, entire of itself; every man is a piece of the
continent, a part of the main. If a clod be washed away by the sea,
Europe is the less, as well as if a promontory were, as well as if a
manor of thy friend's or of thine own were. Any man's death diminishes
me, because I am involved in mankind; and therefore never send to know
for whom the bell tolls; it tolls for thee...'

from Meditation 17, J Donne.

1 Start up messages and problems

tssyd# /usr/local/etc/rc.d/ntop.sh start
03/Jan/2004 19:22:57  ntop v.2.2.98 MT (SSL)
03/Jan/2004 19:22:57  Configured on Jan  3 2004 16:02:35, built on Jan
3 2004 16:05:29.
03/Jan/2004 19:22:57  Copyright 1998-2004 by Luca Deri <[EMAIL PROTECTED]>
03/Jan/2004 19:22:57  Get the freshest ntop from http://www.ntop.org/
03/Jan/2004 19:22:57
CHKVER: **********************PRIVACY**NOTICE**********************
03/Jan/2004 19:22:57  CHKVER: * ntop instances may record individually
identifiable     *
03/Jan/2004 19:22:57  CHKVER: * information on a remote system as part
of the version   *
03/Jan/2004 19:22:57  CHKVER: *
check.                                                  *
03/Jan/2004 19:22:57  CHKVER: *
*
03/Jan/2004 19:22:57  CHKVER: * You have requested - via the
--skip-version-check       *
03/Jan/2004 19:22:57  CHKVER: * option that this check be skipped and so
no             *
03/Jan/2004 19:22:57  CHKVER: * individually identifiable information
will be recorded. *
03/Jan/2004 19:22:57  CHKVER: *
*
03/Jan/2004 19:22:57  CHKVER: * In general, we ask you to permit this
check because it  *
03/Jan/2004 19:22:57  CHKVER: * benefits both the users and developers
of ntop.         *
03/Jan/2004 19:22:57  CHKVER: *
*
03/Jan/2004 19:22:57  CHKVER: * Review the man ntop page for more
information.          *
03/Jan/2004 19:22:57  CHKVER: *
*
03/Jan/2004 19:22:57
CHKVER: **********************PRIVACY**NOTICE**********************
03/Jan/2004 19:22:57  Initializing ntop
03/Jan/2004 19:22:57  PROTO_INIT: Processing protocol
list: 
'HTTP=http|https,DNS=domain,Ntop=3000,NBios-IP=netbios-ns|netbios-dgm|netbios-ssn,Mail=lotusnote|pop2|pop3|kpop|smtp|imap,SNMP=snmp|snmptrap,Telnet=telnet,Cache=3128,BEA=7000-7010,SSH=ssh,SAP=3202,PSCAM=4754,Virus=2967,LPD=515,PCAny=5631|5632,FTP=ftp|49152-65536'
03/Jan/2004 19:22:57  Checking fxp0 for additional devices
03/Jan/2004 19:22:57  Resetting traffic statistics for device fxp0
03/Jan/2004 19:22:57  DLT: Device 0 [fxp0] is 1, mtu 1514, header 14
03/Jan/2004 19:22:57  Initializing gdbm databases
03/Jan/2004 19:22:57  Now running as requested user 'nobody'
(65534:65534)
03/Jan/2004 19:22:57  VENDOR: Loading MAC address table.
03/Jan/2004 19:22:57  VENDOR: Checking './specialMAC.txt.gz'
03/Jan/2004 19:22:57  VENDOR: Checking
'/usr/local/ntop-2.2.98/etc/ntop/specialMAC.txt.gz'
03/Jan/2004 19:22:57  VENDOR: File
'/usr/local/ntop-2.2.98/etc/ntop/specialMAC.txt.gz' does not need to be
reloaded
03/Jan/2004 19:22:57  VENDOR: Checking './oui.txt.gz'
03/Jan/2004 19:22:57  VENDOR: Checking
'/usr/local/ntop-2.2.98/etc/ntop/oui.txt.gz'
03/Jan/2004 19:22:57  VENDOR: File
'/usr/local/ntop-2.2.98/etc/ntop/oui.txt.gz' does not need to be
reloaded
03/Jan/2004 19:22:57  INIT: Parent process is exiting (this is normal)
03/Jan/2004 19:22:57  INIT: Bye bye: I'm becoming a daemon...
 ntop03/Jan/2004 19:22:57  ntop v.2.2.98 MT (SSL)
03/Jan/2004 19:22:57  Configured on Jan  3 2004 16:02:35, built on Jan
3 2004 16:05:29.
03/Jan/2004 19:22:57  Copyright 1998-2004 by Luca Deri <[EMAIL PROTECTED]>
03/Jan/2004 19:22:57  Get the freshest ntop from http://www.ntop.org/
03/Jan/2004 19:22:57
CHKVER: **********************PRIVACY**NOTICE**********************
03/Jan/2004 19:22:57  CHKVER: * ntop instances may record individually
identifiable     *
03/Jan/2004 19:22:57  CHKVER: * information on a remote system as part
of the version   *
03/Jan/2004 19:22:57  CHKVER: *
check.                                                  *
03/Jan/2004 19:22:57  CHKVER: *
*
03/Jan/2004 19:22:57  CHKVER: * You may request - via the
--skip-version-check option   *
03/Jan/2004 19:22:57  CHKVER: * that this check be skipped and that no
individually     *
03/Jan/2004 19:22:57  CHKVER: * identifiable information be
recorded.                   *
03/Jan/2004 19:22:57  CHKVER: *
*
03/Jan/2004 19:22:57  CHKVER: * In general, we ask you to permit this
check because it  *
03/Jan/2004 19:22:57  CHKVER: * benefits both the users and developers
of ntop.         *
03/Jan/2004 19:22:57  CHKVER: *
*
03/Jan/2004 19:22:57  CHKVER: * Review the man ntop page for more
information.          *
03/Jan/2004 19:22:57  CHKVER: *
*
03/Jan/2004 19:22:57
CHKVER: **********************PRIVACY**NOTICE**********************
03/Jan/2004 19:22:57  CHKVER: Checking current ntop version at
www.burtonstrauss.com/version.xml
03/Jan/2004 19:24:13  **ERROR** CHKVER: Unable to connect
socket: Operation timed out(60)
03/Jan/2004 19:24:13  Initializing ntop
03/Jan/2004 19:24:13  PROTO_INIT: Processing protocol
list: 
'HTTP=http|https,DNS=domain,Ntop=3000,NBios-IP=netbios-ns|netbios-dgm|netbios-ssn,Mail=lotusnote|pop2|pop3|kpop|smtp|imap,SNMP=snmp|snmptrap,Telnet=telnet,Cache=3128,BEA=7000-7010,SSH=ssh,SAP=3202,PSCAM=4754,Virus=2967,LPD=515,PCAny=5631|5632,FTP=ftp|49152-65536'
03/Jan/2004 19:24:13  Checking fxp0 for additional devices
03/Jan/2004 19:24:13  Resetting traffic statistics for device fxp0
03/Jan/2004 19:24:13  DLT: Device 0 [fxp0] is 1, mtu 1514, header 14
03/Jan/2004 19:24:13  Initializing gdbm databases
03/Jan/2004 19:24:13  Now running as requested user 'nobody'
(65534:65534)
03/Jan/2004 19:24:13  **FATAL_ERROR** ....open of
/var/log/ntop/prefsCache.db failed: Can't be writer
03/Jan/2004 19:24:13  1. Is another instance of ntop running?
03/Jan/2004 19:24:13  2. Make sure that the use you specified can write
in the target directory
tssyd# 

Here is the start command

ase "$1" in
start)
        # ntop 2.2.98
        $ntop_path/bin/ntop --skip-version-check
--disable-mutexextrainfo -o -c -u nobody -d -P /var/log/ntop -w 3000 -i
fxp0 -p $protocols -B "$wan_filter" && echo -n ' ntop'


2 HTTP trace

  0.060283 192.168.1.131 -> 10.0.100.252 HTTP GET http://tssyd:3000/
HTTP/1.0

0000  02 00 00 00 45 00 01 5e 1f eb 40 00 40 06 e8 87   [EMAIL PROTECTED]@...
0010  c0 a8 01 83 0a 00 64 fc 04 44 1f 90 fc af 33 d7   ......d..D....3.
0020  7e 97 6c 2e 80 18 e2 40 66 ee 00 00 01 01 08 0a   [EMAIL PROTECTED]
0030  00 41 8e 78 04 1a a1 99 47 45 54 20 68 74 74 70   .A.x....GET http
0040  3a 2f 2f 74 73 73 79 64 3a 33 30 30 30 2f 20 48   ://tssyd:3000/ H
0050  54 54 50 2f 31 2e 30 0d 0a 50 72 6f 78 79 2d 43   TTP/1.0..Proxy-C
0060  6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d   onnection: Keep-
0070  41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e   Alive..User-Agen
0080  74 3a 20 4d 6f 7a 69 6c 6c 61 2f 34 2e 37 39 20   t: Mozilla/4.79 
0090  5b 65 6e 5d 20 28 58 31 31 3b 20 55 3b 20 4c 69   [en] (X11; U; Li
00a0  6e 75 78 20 32 2e 34 2e 32 20 69 33 38 36 29 0d   nux 2.4.2 i386).
00b0  0a 48 6f 73 74 3a 20 74 73 73 79 64 3a 33 30 30   .Host: tssyd:300
00c0  30 0d 0a 41 63 63 65 70 74 3a 20 69 6d 61 67 65   0..Accept: image
00d0  2f 67 69 66 2c 20 69 6d 61 67 65 2f 78 2d 78 62   /gif, image/x-xb
00e0  69 74 6d 61 70 2c 20 69 6d 61 67 65 2f 6a 70 65   itmap, image/jpe
00f0  67 2c 20 69 6d 61 67 65 2f 70 6a 70 65 67 2c 20   g, image/pjpeg, 
0100  69 6d 61 67 65 2f 70 6e 67 2c 20 2a 2f 2a 0d 0a   image/png, */*..
0110  41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a   Accept-Encoding:
0120  20 67 7a 69 70 0d 0a 41 63 63 65 70 74 2d 4c 61    gzip..Accept-La
0130  6e 67 75 61 67 65 3a 20 65 6e 0d 0a 41 63 63 65   nguage: en..Acce
0140  70 74 2d 43 68 61 72 73 65 74 3a 20 69 73 6f 2d   pt-Charset: iso-
0150  38 38 35 39 2d 31 2c 2a 2c 75 74 66 2d 38 0d 0a   8859-1,*,utf-8..
0160  0d 0a                                             ..

  0.291929 10.0.100.252 -> 192.168.1.131 TCP 8080 > 1092 [ACK]
Seq=2123852846 Ack=4239340801 Win=57920 Len=0

0000  02 00 00 00 45 00 00 34 77 c0 40 00 3f 06 92 dc   [EMAIL PROTECTED]
0010  0a 00 64 fc c0 a8 01 83 1f 90 04 44 7e 97 6c 2e   ..d........D~.l.
0020  fc af 35 01 80 10 e2 40 ee 84 00 00 01 01 08 0a   [EMAIL PROTECTED]
0030  04 1a a1 b1 00 41 8e 78                           .....A.x

  0.439873 10.0.100.252 -> 192.168.1.131 HTTP HTTP/1.0 403 Forbidden

0000  02 00 00 00 45 00 00 4c 77 c2 40 00 3f 06 92 c2   [EMAIL PROTECTED]
0010  0a 00 64 fc c0 a8 01 83 1f 90 04 44 7e 97 6c 2e   ..d........D~.l.
0020  fc af 35 01 80 18 e2 40 da ef 00 00 01 01 08 0a   [EMAIL PROTECTED]
0030  04 1a a1 ba 00 41 8e 78 48 54 54 50 2f 31 2e 30   .....A.xHTTP/1.0
0040  20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a    403 Forbidden..

  0.461885 10.0.100.252 -> 192.168.1.131 HTTP Continuation

0000  02 00 00 00 45 00 00 d8 77 c4 40 00 3f 06 92 34   [EMAIL PROTECTED]
0010  0a 00 64 fc c0 a8 01 83 1f 90 04 44 7e 97 6c 46   ..d........D~.lF
0020  fc af 35 01 80 18 e2 40 71 c1 00 00 01 01 08 0a   [EMAIL PROTECTED]
0030  04 1a a1 bc 00 41 8e 78 44 61 74 65 3a 20 53 61   .....A.xDate: Sa
0040  74 2c 20 30 33 20 4a 61 6e 20 32 30 30 34 20 30   t, 03 Jan 2004 0
0050  39 3a 31 39 3a 31 35 20 47 4d 54 0d 0a 43 61 63   9:19:15 GMT..Cac
0060  68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63   he-Control: no-c
0070  61 63 68 65 0d 0a 45 78 70 69 72 65 73 3a 20 30   ache..Expires: 0
0080  0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c   ..Connection: cl
0090  6f 73 65 0a 53 65 72 76 65 72 3a 20 6e 74 6f 70   ose.Server: ntop
00a0  2f 32 2e 32 2e 39 38 20 28 69 33 38 36 2d 75 6e   /2.2.98 (i386-un
00b0  6b 6e 6f 77 6e 2d 66 72 65 65 62 73 64 34 2e 39   known-freebsd4.9
00c0  29 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a   )..Content-Type:
00d0  20 74 65 78 74 2f 68 74 6d 6c 0d 0a                text/html..

_______________________________________________
Ntop-dev mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev

[Ntop-dev] 2.2.98 (2-Jan-2004 CVS) on FreeBSD 4.9-p1: minor startup problem + browse fail through SSH tunnel (URL Security)

Reply via email to