Bug Report.
I am running the CVS build I made from today's CVS.
I have noticed that a very large portion of all traffic is somehow being
attributed to the workstation accessing the ntop web pages. For instance,
a server was collecting updates from an external service. I know what
machine is generating the traffic, but when I go into the link provided
under summary - hosts for the machine, the only last contacted peers shows
up as my workstation that I'm administering/accessing the NTOP machine
with.
Additionally, when I follow the link to my workstation, it shows what is
apparently a sum of ALL traffic that has passed the NTOP system, but now
attributes it to my workstation, along with all "users" seen on the
network.
Please find below my output from textinfo.html Thanks.
ntop Configuration
ntop version.....2.2.99
Configured on.....Jan 23 2004 16:00:47
Built on.....Jan 23 2004 16:02:00
OS.....i686-pc-linux-gnu
This version of ntop is.....the current DEVELOPMENT version - Expect the
unexpected!
Next version recheck is.....Sat Feb 7 17:14:13 2004
ntop Process Id.....17674
http Process Id.....17685
Command line
Started as....ntop -u ntop -d -i eth0,eth1 -M -e 10000 -m 10.0.0.0/8 -p
/etc/protocols.ntop -P /tmp
Resolved to....ntop
-u
ntop
-d
-i
eth0,eth1
-M
-e
10000
-m
10.0.0.0/8
-p
/etc/protocols.ntop
-P
/tmp
Command line parameters are:
-a | --access-log-path.....(default) (nil)
-b | --disable-decoders.....(default) No
-c | --sticky-hosts.....(default) No
-d | --daemon.....Yes
-e | --max-table-rows.....10000
-f | --traffic-dump-file.....(default) (nil)
-g | --track-local-hosts.....(default) Track all hosts
-o | --no-mac.....(default) Trust MAC Addresses
-i | --interface (effective).....eth0, eth1
-j | --create-other-packets.....(default) Disabled
-k | --filter-expression-in-extra-frame.....(default) No
-l | --pcap-log.....(default) (nil)
-m | --local-subnets (effective).....10.0.0.0/8
-n | --numeric-ip-addresses.....(default) No
-p | --protocols...../etc/protocols.ntop
-q | --create-suspicious-packets.....(default) Disabled
-r | --refresh-time.....(default) 120
-s | --no-promiscuous.....(default) No
-t | --trace-level.....(default) 3
-u | --user.....ntop (uid=501, gid=501)
-w | --http-server.....(default) Active, all interfaces, port 3000
-z | --disable-sessions.....(default) No
-B | --filter-expression.....(default) none
-D | --domain.....internalgroove.net
-F | --flow-spec.....(default) none
-K | --enable-debug.....(default) No
-L | --use-syslog.....daemon
-M | --no-interface-merge (effective).....(parameter -M set, Interfaces
separate) No
-N | --wwn-map.....(default) (nil)
-O | --pcap-file-path.....(default) /usr/local/var/ntop
-P | --db-file-path...../tmp
-Q | --spool-file-path...../tmp
-U | --mapper.....(default) (nil)
-W | --https-server.....Uninitialized
--ssl-watchdog.....(default) No
--w3c.....(default) No
--p3p-cp.....(default) none
--p3p-uri.....(default) none
--disable-schedYield.....(default) No
--disable-stopcap.....(default) No
--log-extra.....(default) 0
--disable-instantsessionpurge.....(default) No
--disable-mutexextrainfo.....(default) No
--fc-only.....(default) No
--no-fc.....(default) No
--no-invalid-lun.....(default) No
Note: (effective) means that this is the value after ntop has
processed the parameter.
(default) means this is the default value, usually (but not always) set
by a #define in globals-defines.h.
Run time/Internal
Web server URL.....http://any:3000
SSL Web server (https://).....Not Active
GDBM version.....This is GDBM version 1.8.0, as of May 19, 1999.
OpenSSL Version.....OpenSSL 0.9.6b [engine] 9 Jul 2001
zlib version.....1.1.4
Protocol Decoders.....Enabled
Fragment Handling.....Enabled
Tracking only local hosts.....No
# IP Protocols Being Monitored.....29
# Protocol slots.....964
# IP Ports Being Monitored.....174
# IP Ports slots.....348
WebServer Request Queue.....10
Devices (Network Interfaces).....2
Domain name (short).....net
IP to country flag table (entries).....49056
Total Hash Collisions (Vendor/Special) (lookup).....0
ntop Web Server
Item..................http://...................https://# Handled
Requests.....101.....-
don't want to talk with you) requests.....0.....-
FORBIDDEN.....0.....-
Handled SIGPIPE Errors.....0
Memory allocation - data segment
arena limit, getrlimit(RLIMIT_DATA, ...).....-1
Allocated blocks (ordblks).....1084
Allocated (arena).....57288372
Used (uordblks).....57189420
Free (fordblks).....98952
Memory allocation - mmapped
Allocated blocks (hblks).....7
Allocated bytes (hblkhd).....4575232
Memory Usage
IPX/SAP Hash Size (bytes).....1897
IP to country flag table (bytes).....1496064 (1.4 MB)
Bytes per entry.....30.5
IP to AS (Autonomous System) number table (bytes).....3870684 (3.7 MB)
Current memory usage.....61863604
Base memory usage.....12183220
Hosts stored (active+cache).....4081 = (4081 + 0)
(very) Approximate memory per host.....11.9KB
Host Memory Cache
Limit.....#define MAX_HOSTS_CACHE_LEN 512
Current Size.....0
Maximum Size.....0
# Entries Reused.....0
MAC/IPX Hash tables
IPX/SAP Hash Size (entries).....179
IPX/SAP Hash Collisions (load).....0
IPX/SAP Hash Collisions (use).....0
Packets
Received.....207928
Processed immediately.....207279
Queued.....649
Current queue.....0
Maximum queue.....238
Host/Session counts - global
Purged hosts.....0
Maximum hosts to purge per cycle.....512
DEFAULT_MAXIMUM_HOSTS_PURGE_PER_CYCLE.....512
Terminated Sessions.....8,990
Host/Session counts - Device 0 (eth0)
Hash Bucket Size.....3.7 KB
Actual Hash Size.....16384
Stored hosts.....788
Bucket List Length.....[min 1][max 2][avg 1.0]
Max host lookup.....1
Session Bucket Size.....260
Sessions.....4,979
Max Num. Sessions.....5,287
Host/Session counts - Device 1 (eth1)
Hash Bucket Size.....3.7 KB
Actual Hash Size.....16384
Stored hosts.....3293
Bucket List Length.....[min 1][max 3][avg 1.0]
Max host lookup.....2
Session Bucket Size.....260
Sessions.....270
Max Num. Sessions.....449
Address Resolution
DNS sniffed:
DNS Packets sniffed.....1733
less 'requests'.....894
less 'failed'.....261
less 'reverse dns' (in-addr.arpa).....6
DNS Packets processed.....572
Stored in cache (includes aliases).....565
IP to name - ipaddr2str():
Total calls.....4070
....OK.....904
....Total not found.....3166
........Not found in cache.....65
........Too old in cache.....3101
Queued - dequeueAddress():
Total Queued.....0
Not queued (duplicate).....5
Maximum Queued.....0
Current Queue.....-5
Resolved - resolveAddress():
Addresses to resolve.....5
....less 'Error: No cache database'.....0
....less 'Found in ntop cache'.....0
Gives: # gethost (DNS lookup) calls.....5
DNS lookup calls:
DNS resolution attempts.....5
....Success: Resolved.....0
....Failed.....5
........HOST_NOT_FOUND.....5
........NO_DATA.....0
........NO_RECOVERY.....0
........TRY_AGAIN (don't store).....0
........Other error (don't store).....0
DNS lookups stored in cache.....5
Host addresses kept numeric.....5
Vendor Lookup Table
Input lines read.....0
Records added total.....0
.....includes special records.....0
getVendorInfo() calls.....0
getSpecialVendorInfo() calls.....18
Found 48bit (xx:xx:xx:xx:xx:xx) match.....2
Found 24bit (xx:xx:xx) match.....16
Found multicast bit set.....0
Found LAA (Locally assigned address) bit set.....0
Thread counts
Active.....11
Dequeue.....4
Children (active).....38
Directory (search) order
Data Files......
/usr/local/share/ntop
Config Files......
/usr/local/etc/ntop
/etc
Plugins....../plugins
/usr/local/lib/ntop/plugins
Compile Time: ./configure
./configure parameters.....
Built on (Host).....i686-pc-linux-gnu
Built for(Target).....i686-pc-linux-gnu
compiler (cflags).....gcc -g -O2 -I/usr/local/include -Wshadow
-Wpointer-arith -Wmissing-prototypes -Wmissing-declarations
-Wnested-externs -fPIC -DHAVE_CONFIG_H
include path.....-I/root/ntop-cvs-current/ntop/myrrd
system libraries.....-L/usr/local/lib -L/root/ntop-cvs-current/ntop/myrrd
-lxml2 -lglib -lpthread -lresolv -lnsl -lcrypt -lc -lssl -lcrypto -lpcap
-lgdbm -lgd -lpng -lz -lmyrrd
install path...../usr/local
GNU C (gcc) version.....3.2 20020903 (Red Hat Linux 8.0 3.2-7) (3.2.0)
uname data.....sysname(Linux) release(2.4.18-14) version(#1 Wed Sep 4
13:35:50 EDT 2002) machine(i686)
Internationalization (i18n)
i18n enabled.....No
Compile Time: Debug settings in globals-defines.h
DEBUG.....no
ADDRESS_DEBUG.....no
DNS_DEBUG.....no
DNS_SNIFF_DEBUG.....no
FC_DEBUG.....no
FINGERPRINT_DEBUG.....no
FTP_DEBUG.....no
GDBM_DEBUG.....no
HASH_DEBUG.....no
HOST_FREE_DEBUG.....no
HTTP_DEBUG.....no
IDLE_PURGE_DEBUG.....no
INITWEB_DEBUG.....no
MEMORY_DEBUG.....no
NETFLOW_DEBUG.....no
SEMAPHORE_DEBUG.....no
SESSION_TRACE_DEBUG.....no
SSLWATCHDOG_DEBUG.....no
STORAGE_DEBUG.....no
UNKNOWN_PACKET_DEBUG.....no
URL_DEBUG.....no
Compile Time: globals-define.h
PARM_PRINT_ALL_SESSIONS.....no
PARM_PRINT_RETRANSMISSION_DATA.....no
PARM_FORK_CHILD_PROCESS.....yes (normal)
CGI Scripts.....globals-defines.h: #define PARM_USE_CGI
Alternate row colors.....globals-defines.h: /* #define PARM_USE_COLOR */
Buggy gethostbyaddr() - use alternate implementation.....globals-defines.h:
/* #define PARM_USE_HOST */
MAKE_ASYNC_ADDRESS_RESOLUTION.....yes
MAKE_WITH_SSLWATCHDOG.....yes
MAKE_WITH_SSLWATCHDOG_RUNTIME (derived).....yes
Bad IP Address table size.....globals-defines.h: #define
MAX_NUM_BAD_IP_ADDRESSES 3
Minimum refresh interval (seconds).....#define
PARM_MIN_WEBPAGE_AUTOREFRESH_TIME 15
Maximum # of Protocols to show in graphs.....#define MAX_NUM_PROTOS 64
Maximum # of routers (Local Subnet Routers report).....#define
MAX_NUM_ROUTERS 512
Maximum # of network interface devices.....#define MAX_NUM_DEVICES 32
Maximum # of virtual network interfaces (per device).....#define
MAX_NUM_DEVICES_VIRTUAL 7
Maximum network size (hosts per interface).....#define MAX_SUBNET_HOSTS
1024
Allocated # of passive FTP sessions.....#define
MAX_PASSIVE_FTP_SESSION_TRACKER 384
Inactive passive FTP session timeout (seconds).....#define
PARM_PASSIVE_SESSION_MINIMUM_IDLE 60
Compile Time: Hash Table Sizes
Size.....#define CONST_HASH_INITIAL_SIZE 16384
Compile Time: globals-define.h
Chart Format.....globals-report.h: #define CHART_FORMAT ".png"
Compile Time: config.h
CFG_ETHER_HEADER_HAS_EA.....no
CFG_MULTITHREADED.....yes
HAVE_ALARM.....yes
HAVE_ALLOCA.....yes
HAVE_ALLOCA_H.....yes
HAVE_ARPA_NAMESER_H.....yes
HAVE_BACKTRACE.....yes
HAVE_BZERO.....yes
HAVE_CTIME_R.....yes
HAVE_DLFCN_H.....yes
HAVE_DL_H.....no
HAVE_DOPRNT.....no
HAVE_ENDPWENT.....yes
HAVE_ERRNO_H.....yes
HAVE_FACILITYNAMES.....yes
HAVE_FCNTL_H.....yes
HAVE_FORK.....yes
HAVE_GDBM_H.....yes
HAVE_GD_H.....yes
HAVE_GDOME_H.....no
HAVE_GETHOSTBYADDR.....yes
HAVE_GETHOSTBYADDR_R.....yes
HAVE_GETHOSTBYNAME.....yes
HAVE_GETHOSTNAME.....yes
HAVE_GETIPNODEBYADDR.....no
HAVE_GETPASS.....yes
HAVE_GETTIMEOFDAY.....yes
HAVE_GLIBCONFIG_H.....no
HAVE_GLIB_H.....no
HAVE_IF_H.....no
HAVE_IN6_ADDR.....yes
HAVE_INT16_T.....yes
HAVE_INT32_T.....yes
HAVE_INT64_T.....yes
HAVE_INT8_T.....yes
HAVE_INTTYPES_H.....yes
HAVE_LANGINFO_H.....yes
HAVE_LIBC.....yes
HAVE_LIBCRYPT.....yes
HAVE_LIBCRYPTO.....yes
HAVE_LIBDL.....no
HAVE_LIBDLD.....no
HAVE_LIBGD.....yes
HAVE_LIBGDBM.....yes
HAVE_LIBGDOME.....no
HAVE_LIBGLIB.....yes
HAVE_LIBM.....no
HAVE_LIBNSL.....yes
HAVE_LIBPCAP.....yes
HAVE_LIBPNG.....yes
HAVE_LIBPOSIX4.....no
HAVE_LIBPTHREAD.....yes
HAVE_LIBPTHREADS.....no
HAVE_LIBRESOLV.....yes
HAVE_LIBRT.....no
HAVE_LIBSOCKET.....no
HAVE_LIBSSL.....yes
HAVE_LIBWRAP.....no
HAVE_LIBXML2.....yes
HAVE_LIBXNET.....no
HAVE_LIBZ.....yes
HAVE_LIMITS_H.....yes
HAVE_LINUX_IF_PPPOX_H.....yes
HAVE_LOCALE_H.....yes
HAVE_LOCALTIME_R.....yes
HAVE_LONG_DOUBLE.....yes
HAVE_MATH_H.....yes
HAVE_MEMCHR.....yes
HAVE_MEMORY_H.....yes
HAVE_MEMSET.....yes
HAVE_NDIR_H.....no
HAVE_NETDB_H.....yes
HAVE_OPENSSL.....yes
HAVE_OPENSSL_CRYPTO_H.....yes
HAVE_OPENSSL_ERR_H.....yes
HAVE_OPENSSL_PEM_H.....yes
HAVE_OPENSSL_RSA_H.....yes
HAVE_OPENSSL_SSL_H.....yes
HAVE_OPENSSL_X509_H.....yes
HAVE_PCAP_H.....yes
HAVE_PCAP_OPEN_DEAD.....yes
HAVE_PNG_H.....yes
HAVE_PTHREAD_ATFORK.....yes
HAVE_PTHREAD_H.....yes
HAVE_PUTENV.....yes
HAVE_PWD_H.....yes
HAVE_RE_COMP.....yes
HAVE_REGCOMP.....yes
HAVE_REGEX.....yes
HAVE_SCHED_H.....yes
HAVE_SCHED_YIELD.....yes
HAVE_SECURITY_PAM_APPL_H.....yes
HAVE_SELECT.....yes
HAVE_SEMAPHORE_H.....yes
HAVE_SETJMP_H.....yes
HAVE_SHADOW_H.....yes
HAVE_SIGNAL_H.....yes
HAVE_SNPRINTF.....yes
HAVE_SOCKET.....yes
HAVE_SQRT.....yes
HAVE_STDARG_H.....yes
HAVE_STDDEF_H.....yes
HAVE_STDIO_H.....yes
HAVE_STDLIB_H.....yes
HAVE_STRCASECMP.....yes
HAVE_STRCHR.....yes
HAVE_STRCSPN.....yes
HAVE_STRDUP.....yes
HAVE_STRERROR.....yes
HAVE_STRFTIME.....yes
HAVE_STRING_H.....yes
HAVE_STRINGS_H.....yes
HAVE_STRNCASECMP.....yes
HAVE_STRPBRK.....yes
HAVE_STRRCHR.....yes
HAVE_STRSPN.....yes
HAVE_STRSTR.....yes
HAVE_STRTOK_R.....yes
HAVE_STRTOUL.....yes
HAVE_SYS_DIR_H.....no
HAVE_SYS_IOCTL_H.....yes
HAVE_SYS_LDR_H.....no
HAVE_SYS_NDIR_H.....no
HAVE_SYS_RESOURCE_H.....yes
HAVE_SYS_SCHED_H.....no
HAVE_SYS_SOCKIO_H.....no
HAVE_SYS_TIME_H.....yes
HAVE_SYS_TYPES_H.....yes
HAVE_SYS_UN_H.....yes
HAVE_TCPD_H.....yes
HAVE_TM_ZONE.....yes
HAVE_TZNAME.....no
HAVE_U_INT16_T.....yes
HAVE_U_INT32_T.....yes
HAVE_U_INT64_T.....yes
HAVE_UINT64_T.....no
HAVE_U_INT8_T.....yes
HAVE_UNAME.....yes
HAVE_UNISTD_H.....yes
HAVE_VFORK.....yes
HAVE_VFORK_H.....no
HAVE_VPRINTF.....yes
HAVE_WORKING_FORK.....yes
HAVE_WORKING_VFORK.....yes
HAVE_ZLIB_H.....yes
MAKE_WITH_I18N.....no
MAKE_WITH_SSLV3_SUPPORT.....no
MAKE_WITH_SSLWATCHDOG_COMPILETIME.....no
MAKE_WITH_XMLDUMP.....no
MAKE_WITH_ZLIB.....yes
__PROTOTYPES.....yes
PROTOTYPES.....yes
SETVBUF_REVERSED.....no
TIME_WITH_SYS_TIME.....yes
TM_IN_SYS_TIME.....no
CFG_CONFIGFILE_DIR - config file directory...../usr/local/etc/ntop
CFG_DATAFILE_DIR - data file directory...../usr/local/share/ntop
CFG_DBFILE_DIR - database file directory...../usr/local/var/ntop
CFG_PLUGIN_DIR - plugin file directory...../usr/local/lib/ntop/plugins
CFG_RUN_DIR - run file directory...../usr/local/var/ntop
CFG_NEED_GETDOMAINNAME (getdomainname(2) function).....yes
CFG_xxxxxx_ENDIAN (Hardware Endian).....little
HAVE_FILEDESCRIPTORBUG.....no
Compile Time: globals-defines.h
EMSGSIZE.....90
ETHERMTU.....1500
LEN_CMDLINE_BUFFER.....4096
LEN_FGETS_BUFFER.....512
LEN_GENERAL_WORK_BUFFER.....1024
LEN_MEDIUM_WORK_BUFFER.....128
LEN_SMALL_WORK_BUFFER.....24
LEN_TIME_STAMP_BUFFER.....2
MAKE_NTOP_PACKETSZ_DECLARATIONS.....no
MAKE_RMON_SUPPORT.....yes
MAKE_WITH_FORK_COPYONWRITE.....yes
MAKE_WITH_HTTPSIGTRAP.....no
MAKE_WITH_NETFLOWSIGTRAP.....no
MAKE_WITH_RRDSIGTRAP.....no
MAKE_WITH_SCHED_YIELD.....yes
MAKE_WITH_SEMAPHORES.....yes
MAKE_WITH_SSLWATCHDOG.....yes
MAKE_WITH_SSLWATCHDOG_RUNTIME.....yes
MAKE_WITH_SYSLOG.....yes
MAX_ADDRESSES.....35
MAX_ALIASES.....35
MAX_ASSIGNED_IP_PORTS.....1024
MAXCDNAME.....255
MAX_DEVICE_NAME_LEN.....64
MAXDNAME.....1025
MAX_HASHDUMP_ENTRY.....65535
MAXHOSTNAMELEN.....64
MAX_HOSTS_CACHE_LEN.....512
MAX_IP_PORT.....65534
MAXLABEL.....63
MAX_LANGUAGES_REQUESTED.....4
MAX_LANGUAGES_SUPPORTED.....8
MAX_LASTSEEN_TABLE_SIZE.....4096
MAX_LEN_VENDOR_NAME.....64
MAX_NFS_NAME_HASH.....12288
MAX_NODE_TYPES.....8
MAX_NUM_BAD_IP_ADDRESSES.....3
MAX_NUM_CONTACTED_PEERS.....8
MAX_NUM_DEQUEUE_THREADS.....yes
MAX_NUM_DEVICES.....32
MAX_NUM_DHCP_MSG.....8
MAX_NUM_FIN.....4
MAX_NUM_IGNOREDFLOWS.....32
MAX_NUM_NETWORKS.....32
MAX_NUM_PROBES.....16
MAX_NUM_PROTOS.....64
MAX_NUM_PROTOS_SCREENS.....5
MAX_NUM_PURGED_SESSIONS.....512
MAX_NUM_PWFILE_ENTRIES.....32
MAX_NUM_ROUTERS.....512
MAX_NUM_STORED_FLAGS.....4
MAX_NUM_UNKNOWN_PROTOS.....5
MAX_PASSIVE_FTP_SESSION_TRACKER.....384
MAX_PER_DEVICE_HASH_LIST.....65535
MAX_SESSIONS_CACHE_LEN.....512
MAX_SSL_CONNECTIONS.....32
NAME_MAX.....255
NETDB_SUCCESS.....0
NS_CMPRSFLGS.....192
NS_MAXCDNAME.....255
PACKETSZ.....512
PARM_ENABLE_EXPERIMENTAL.....no
PARM_FORK_CHILD_PROCESS.....yes
PARM_MIN_WEBPAGE_AUTOREFRESH_TIME.....15
PARM_PASSIVE_SESSION_MINIMUM_IDLE.....60
PARM_SESSION_PURGE_MINIMUM_IDLE.....600
PARM_SHOW_NTOP_HEARTBEAT.....no
PARM_SSLWATCHDOG_WAITWOKE_LIMIT.....5
PARM_USE_CGI.....yes
PARM_USE_COLOR.....no
PARM_USE_HOST.....no
PARM_USE_MACHASH_INVERT.....yes
PARM_USE_SESSIONS_CACHE.....no
PARM_WEDONTWANTTOTALKWITHYOU_INTERVAL.....300
THREAD_MODE.....MT (SSL)
PLUGINS:
RRD:
RRD path...../tmp/rrd
New directory permissions.....0700
New file umask.....0066
--
J. Eric Josephson
Director of Network and System Operations
978-720-2159
mailto:[EMAIL PROTECTED]
_______________________________________________
Ntop-dev mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
