Dear Ladies and Gentlemen, In relation to Mr Strauss debugging suggestions in pre MyDoom mail flow times :-
This may be simply a CHKVER related temporary hang while ntop attempts to log that it is running to the ntop dev team. No strange as it seems, ntop hangs in a state top reports as bpf and when the ntop process is trussed, data starts moving through the connections (or the kernel hands a connected socket to accept()). However, trying to disable version checking with --no-check-version leads to ... what me be a bug in the 25 Jan 2004 CVS. This is with a debugging ntop (#define URL_DEBUG 1 in global-defines.h). The war and peace edition is below. To sum up :- 1 the web server hang is repeatable on _some_ instances of ntop on same hw, os (25 Jan CVS, FreeBSD 4.9-RELEASE-p1, tiny p5 class hosts). There exist ntops that do not seem to do this on same hw and os. 2 web server hangs at start; ntop process stuck in bpf state 3 truss of the ntop process unwedges the web server ... Looks like its time to start taking drugs again. Your comments or hilarity are welcome. Yours sincerely. tsade# /usr/local/etc/rc.d/ntop.sh start /usr/local/ntop/bin/ntop: unrecognized option `--no-check-version' FATAL ERROR: unknown ntop option, '?' ntop v.2.2.99 MT (SSL) (configured on Jan 30 2004 9:14:21, built on Jan 30 2004 09:16:55) Copyright 1998-2004 by Luca Deri <[EMAIL PROTECTED]>. Get the freshest ntop from http://www.ntop.org/ Usage: ntop [OPTION] [-4 | --ipv4] Use IPv4 connections [-6 | --ipv6] Use IPv6 connections [-a <path> | --access-log-path <path>] Path for ntop web server access log [-b | --disable-decoders] Disable protocol decoders [-c | --sticky-hosts] Idle hosts are not purged from memory [-d | --daemon] Run ntop in daemon mode [-e <number> | --max-table-rows <number>] Maximum number of table rows to report [-f <file> | --traffic-dump-file <file>] Traffic dump file (see tcpdump) [-g | --track-local-hosts] Track only local hosts [-h | --help] Display this help and exit [-i <name> | --interface <name>] Interface name or names to monitor [-j | --create-other-packets] Create file ntop-other-pkts.XXX.pcap file [-o | --no-mac] ntop will trust just IP addresses (no MACs) [-k | --filter-expression-in-extra-frame] Show kernel filter expression in extra frame [-l <path> | --pcap-log <path>] Dump packets captured to a file (debug only!) [-m <addresses> | --local-subnets <addresses>] Local subnetwork(s) (see man page) [-n | --numeric-ip-addresses] Numeric IP addresses - no DNS resolution [-p <list> | --protocols <list>] List of IP protocols to monitor (see man page) [-q | --create-suspicious-packets] Create file ntop-suspicious-pkts.XXX.pcap file [-r <number> | --refresh-time <number>] Refresh time in seconds, default is 120 [-s | --no-promiscuous] Disable promiscuous mode [-t <number> | --trace-level <number>] Trace level [0-5] [-u <user> | --user <user>] Userid/name to run ntop under (see man page) [-x <max num hash entries> ] Max num. hash entries ntop can handle (default 4294967295) [-w <port> | --http-server <port>] Web server (http:) port (or address:port) to listen on [-z | --disable-sessions] Disable TCP session tracking [-A] Ask admin user password and exit [ | --set-admin-password=<pass>] Set password for the admin user to <pass> [ | --w3c] Add extra headers to make better html [-B <filter>] | --filter-expression Packet filter expression, like tcpdump [-D <name> | --domain <name>] Internet domain name [-F <spec> | --flow-spec <specs>] Flow specs (see man page) [-K | --enable-debug] Enable debug mode [-L] Do logging via syslog [ | --use-syslog=<facility>] Do logging via syslog, facility ('=' is REQUIRED) [-M | --no-interface-merge] Don't merge network interfaces (see man page) [-N | --wwn-map] Map file providing map of WWN to FCID/VSAN [-O <path> | --pcap-file-path <path>] Path for log files in pcap format [-P <path> | --db-file-path <path>] Path for ntop internal database files [-U <URL> | --mapper <URL>] URL (mapper.pl) for displaying host location [-V | --version] Output version information and exit [-X <max num TCP sessions> ] Max num. TCP sessions ntop can handle (default 4294967295) [-W <port> | --https-server <port>] Web server (https:) port (or address:port) to listen on [--ssl-watchdog] Use ssl watchdog (NS6 problem) [--disable-schedyield] Turn off sched_yield() calls, if ntop is deadlocking on them [--p3p-cp] Set return value for p3p compact policy, header [--p3p-uri] Set return value for p3p policyref header [--disable-stopcap] Capture packets even if there's no memory left [--log-extra <level>] Add extra information to log messages [--disable-instantsessionpurge] Disable instant FIN session purge [--disable-mutexextrainfo] Disable extra mutex info [--fc-only] Display only Fibre Channel statistics [--no-fc] Disable processing & Display of Fibre Channel [--no-invalid-lun] Don't display Invalid LUN information [--no-check-version] Skip ntop version check tsade# Here is how it is started tsade# sh -x /usr/local/etc/rc.d/ntop.sh start + ntop_path=/usr/local/ntop + wan_filter=ether host 00:10:7b:7f:e7:8e + protocols=HTTP=http|https,DNS=domain,Ntop=3000,NBios-IP=netbios-ns|netbios-dgm|netbios-ssn,Mail=lotusnote|pop2|pop3|kpop|smtp|imap,SNMP=snmp|snmptrap,Telnet=telnet,Cache=3128,BEA=7000-7010,SSH=ssh,SAP=3202,PSCAM=4754,Virus=2967,LPD=515,PCAny=5631|5632 + /usr/local/ntop/bin/ntop --no-check-version -t 4 -o -c -u nobody -d -P /var/log/ntop -w 3000 -i fxp0 -p HTTP=http|https,DNS=domain,Ntop=3000,NBios-IP=netbios-ns|netbios-dgm|netbios-ssn,Mail=lotusnote|pop2|pop3|kpop|smtp|imap,SNMP=snmp|snmptrap,Telnet=telnet,Cache=3128,BEA=7000-7010,SSH=ssh,SAP=3202,PSCAM=4754,Virus=2967,LPD=515,PCAny=5631|5632 -B ether host 00:10:7b:7f:e7:8e /usr/local/ntop/bin/ntop: unrecognized option `--no-check-version' FATAL ERROR: unknown ntop option, '?' ntop v.2.2.99 MT (SSL) (configured on Jan 30 2004 9:14:21, built on Jan 30 2004 09:16:55) Copyright 1998-2004 by Luca Deri <[EMAIL PROTECTED]>. Get the freshest ntop from http://www.ntop.org/ It may be that I can only connect after the CHKVER error in the log Jan 30 17:21:00 tsade ntop[2285]: URL_DEBUG: read HTTP request line: GET /dumpTrafficData.html?language=perl&key=fxp0 HTTP/1.0 [57] Jan 30 17:21:00 tsade ntop[2285]: URL_DEBUG: read HTTP header line: Host: tsade:3000 [16] Jan 30 17:21:00 tsade ntop[2285]: URL_DEBUG: read HTTP header line: User-Agent: lwp-trivial/1.35 [28] Jan 30 17:21:00 tsade ntop[2285]: HTTP/I18N_URL_DEBUG: Requested URL = '/dumpTrafficData.html?language=perl&key=fxp0', length = -1 Jan 30 17:21:00 tsade ntop[2285]: HTTP/I18N_URL_DEBUG: User-Agent = 'lwp-trivial/1.35' Jan 30 17:21:00 tsade ntop[2285]: URL_DEBUG: RAW url is '/dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:21:00 tsade ntop[2285]: URL_DEBUG: uri is '/dumpTrafficData.html' Jan 30 17:21:00 tsade ntop[2285]: URL_DEBUG: Checking password-protect for '/dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:21:00 tsade ntop[2285]: URL_DEBUG: Page: 'dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:21:00 tsade ntop[2285]: HTTP/I18N/URL_DEBUG: Testing for page dumpTrafficData.html at ./html/dumpTrafficData.html Jan 30 17:21:00 tsade ntop[2285]: HTTP/I18N/URL_DEBUG: Testing for page dumpTrafficData.html at /usr/local/ntop-2.2.99/share/ntop/html/dumpTrafficData.html Jan 30 17:21:00 tsade ntop[2285]: URL_DEBUG: tmpStr=/usr/local/ntop-2.2.99/share/ntop/html/dumpTrafficData.html - fd=0x0 Jan 30 17:21:34 tsade ntop[2285]: URL_DEBUG: read HTTP request line: GET /textinfo.html HTTP/1.0 [27] Jan 30 17:21:34 tsade ntop[2285]: URL_DEBUG: read HTTP header line: Host: tsade:3000 [16] Jan 30 17:21:34 tsade ntop[2285]: URL_DEBUG: read HTTP header line: Accept: text/html, text/plain, text/sgml, */*;q=0.01 [52] Jan 30 17:21:34 tsade ntop[2285]: URL_DEBUG: read HTTP header line: Accept-Encoding: gzip, compress [31] Jan 30 17:21:34 tsade ntop[2285]: URL_DEBUG: read HTTP header line: Accept-Language: en [19] Jan 30 17:21:34 tsade ntop[2285]: URL_DEBUG: read HTTP header line: Pragma: no-cache [16] Jan 30 17:21:34 tsade ntop[2285]: URL_DEBUG: read HTTP header line: Cache-Control: no-cache [23] Jan 30 17:21:34 tsade ntop[2285]: URL_DEBUG: read HTTP header line: User-Agent: Lynx/2.8.3rel.1 libwww-FM/2.14 [42] Jan 30 17:21:34 tsade ntop[2285]: HTTP/I18N_URL_DEBUG: Requested URL = '/textinfo.html', length = -1 Jan 30 17:21:34 tsade ntop[2285]: HTTP/I18N_URL_DEBUG: User-Agent = 'Lynx/2.8.3rel.1 libwww-FM/2.14' Jan 30 17:21:34 tsade ntop[2285]: URL_DEBUG: RAW url is '/textinfo.html' Jan 30 17:21:34 tsade ntop[2285]: URL_DEBUG: uri is '/textinfo.html' Jan 30 17:21:34 tsade ntop[2285]: URL_DEBUG: Checking password-protect for '/textinfo.html' Jan 30 17:21:34 tsade ntop[2285]: URL_DEBUG: Page: 'textinfo.html' Jan 30 17:21:34 tsade ntop[2285]: HTTP/I18N/URL_DEBUG: Testing for page textinfo.html at ./html/textinfo.html Jan 30 17:21:34 tsade ntop[2285]: HTTP/I18N/URL_DEBUG: Testing for page textinfo.html at /usr/local/ntop-2.2.99/share/ntop/html/textinfo.html Jan 30 17:21:34 tsade ntop[2285]: URL_DEBUG: tmpStr=/usr/local/ntop-2.2.99/share/ntop/html/textinfo.html - fd=0x0 Jan 30 17:21:47 tsade /kernel: fxp0: promiscuous mode disabled Jan 30 17:21:54 tsade /kernel: fxp0: promiscuous mode enabled Jan 30 17:21:54 tsade ntop[2318]: Now running as a daemon Jan 30 17:21:54 tsade ntop[2318]: Setting filter to "ether host 00:10:7b:7f:e7:8e" on device fxp0. Jan 30 17:21:54 tsade ntop[2318]: OSFP: Looking for OS fingerprint file, etter.passive.os.fp.gz Jan 30 17:21:54 tsade ntop[2318]: OSFP: Checking './etter.passive.os.fp.gz' Jan 30 17:21:54 tsade ntop[2318]: OSFP: Checking '/usr/local/ntop-2.2.99/etc/ntop/etter.passive.os.fp.gz' Jan 30 17:21:54 tsade ntop[2318]: OSFP: ...found! Jan 30 17:21:54 tsade ntop[2318]: AS: Looking for ASN file, AS-list.txt.gz Jan 30 17:21:54 tsade ntop[2318]: AS: Checking './AS-list.txt.gz' Jan 30 17:21:54 tsade ntop[2318]: AS: Checking '/usr/local/ntop-2.2.99/etc/ntop/AS-list.txt.gz' Jan 30 17:21:54 tsade ntop[2318]: AS: Checking '/etc/AS-list.txt.gz' Jan 30 17:21:54 tsade ntop[2318]: **WARNING** AS: Unable to open file 'AS-list.txt.gz'. Jan 30 17:21:54 tsade ntop[2318]: AS: ntop continues ok, but without ASN information. Jan 30 17:21:54 tsade ntop[2318]: I18N: This instance of ntop does not support multiple languages Jan 30 17:21:54 tsade ntop[2318]: IP2CC: Looking for IP address <-> Country code mapping file Jan 30 17:21:54 tsade ntop[2318]: IP2CC: ...looking for file ./p2c.opt.table.gz Jan 30 17:21:54 tsade ntop[2318]: IP2CC: ...looking for file ./p2c.opt.table Jan 30 17:21:54 tsade ntop[2318]: IP2CC: ...does not exist Jan 30 17:21:54 tsade ntop[2318]: IP2CC: ...looking for file /usr/local/ntop-2.2.99/etc/ntop/p2c.opt.table.gz Jan 30 17:21:54 tsade ntop[2318]: IP2CC: reading file '/usr/local/ntop-2.2.99/etc/ntop/p2c.opt.table.gz' Jan 30 17:21:58 tsade ntop[2318]: IP2CC: ......49056 records read Jan 30 17:21:58 tsade ntop[2318]: IP2CC: ...looking for file /etc/p2c.opt.table.gz Jan 30 17:21:58 tsade ntop[2318]: IP2CC: ...looking for file /etc/p2c.opt.table Jan 30 17:21:58 tsade ntop[2318]: IP2CC: ...does not exist Jan 30 17:21:58 tsade ntop[2318]: IP2CC: 49056 records read Jan 30 17:21:58 tsade ntop[2318]: Initializing external applications Jan 30 17:21:58 tsade ntop[2318]: Initializing semaphores, mutexes and threads Jan 30 17:21:58 tsade ntop[2318]: THREADMGMT: Started thread (134691840) for network packet analyser Jan 30 17:21:58 tsade ntop[2318]: THREADMGMT: Started thread (137131008) for idle hosts detection Jan 30 17:21:58 tsade ntop[2318]: THREADMGMT: Started thread (137132032) for DNS address resolution Jan 30 17:21:58 tsade ntop[2318]: Starting Plugins Jan 30 17:21:58 tsade ntop[2318]: Calling plugin start functions (if any) Jan 30 17:21:58 tsade ntop[2318]: Plugins started... continuing with initialization Jan 30 17:21:58 tsade ntop[2318]: MEMORY: Base interface structure (no hashes loaded) is 0.27MB each Jan 30 17:21:58 tsade ntop[2318]: MEMORY: or 0.27MB for 1 interfaces Jan 30 17:21:58 tsade ntop[2318]: MEMORY: ipTraffixMatrix structure (no TrafficEntry loaded) is 1.41MB Jan 30 17:21:58 tsade ntop[2318]: Sniffying... Jan 30 17:21:58 tsade ntop[2318]: **WARNING** INIT: Unable to create pid file (/var/log/ntop/ntop.pid) Jan 30 17:21:58 tsade ntop[2318]: Listening on [fxp0] Jan 30 17:21:58 tsade ntop[2318]: Now running as requested user 'nobody' (65534:65534) Jan 30 17:21:58 tsade ntop[2318]: Loading Plugins Jan 30 17:21:58 tsade ntop[2318]: Searching for plugins in /usr/local/ntop-2.2.99/lib/ntop/plugins Jan 30 17:21:58 tsade ntop[2318]: Loading plugin '/usr/local/ntop-2.2.99/lib/ntop/plugins/icmpPlugin.so' Jan 30 17:21:58 tsade ntop[2318]: ICMP: Welcome to icmpWatchPlugin. (C) 1999 by Luca Deri Jan 30 17:21:58 tsade ntop[2318]: Loading plugin '/usr/local/ntop-2.2.99/lib/ntop/plugins/lastSeenPlugin.so' Jan 30 17:21:58 tsade ntop[2318]: LASTSEEN: Welcome to LastSeenWatchPlugin. (C) 1999 by Andrea Marangoni Jan 30 17:21:58 tsade ntop[2318]: Compiling filter 'ip' on interface fxp0 Jan 30 17:21:58 tsade ntop[2318]: Loading plugin '/usr/local/ntop-2.2.99/lib/ntop/plugins/netflowPlugin.so' Jan 30 17:21:58 tsade ntop[2318]: NETFLOW: Welcome to NetFlow.(C) 2002-04 by Luca Deri Jan 30 17:21:58 tsade ntop[2318]: Loading plugin '/usr/local/ntop-2.2.99/lib/ntop/plugins/nfsPlugin.so' Jan 30 17:21:58 tsade ntop[2318]: NFS: Welcome to nfsWatchPlugin. (C) 1999 by Luca Deri Jan 30 17:21:58 tsade ntop[2318]: Compiling filter 'port 2049' on interface fxp0 Jan 30 17:21:58 tsade ntop[2318]: Loading plugin '/usr/local/ntop-2.2.99/lib/ntop/plugins/pdaPlugin.so' Jan 30 17:21:58 tsade ntop[2318]: THREADMGMT: Packet processor thread running... Jan 30 17:21:58 tsade ntop[2318]: THREADMGMT: Idle host scan thread running... Jan 30 17:21:58 tsade ntop[2318]: THREADMGMT: Address resolution thread running... Jan 30 17:21:58 tsade ntop[2318]: CHKVER: Checking current ntop version at www.burtonstrauss.com/version.xml Jan 30 17:21:58 tsade ntop[2318]: PDA: Welcome to PDAPlugin. (C) 2001-2002 by L.Deri and W.Brock Jan 30 17:21:58 tsade ntop[2318]: Loading plugin '/usr/local/ntop-2.2.99/lib/ntop/plugins/rrdPlugin.so' Jan 30 17:21:58 tsade ntop[2318]: RRD: Welcome to rrdPlugin. (C) 2002-04 by Luca Deri. Jan 30 17:21:58 tsade ntop[2318]: Loading plugin '/usr/local/ntop-2.2.99/lib/ntop/plugins/sflowPlugin.so' Jan 30 17:21:58 tsade ntop[2318]: SFLOW: Welcome to sFlowPlugin. (C) 2002-04 by Luca Deri Jan 30 17:21:58 tsade ntop[2318]: Compiling filter 'ip' on interface fxp0 Jan 30 17:21:58 tsade ntop[2318]: Loading plugin '/usr/local/ntop-2.2.99/lib/ntop/plugins/xmldumpPlugin.so' Jan 30 17:21:58 tsade ntop[2318]: XML: Welcome to xmldump plugin. (C) 2003-2004 by Burton Strauss Jan 30 17:21:58 tsade ntop[2318]: Starting Plugins Jan 30 17:21:58 tsade ntop[2318]: Calling plugin start functions (if any) Jan 30 17:21:58 tsade ntop[2318]: Starting 'xmldump plugin' Jan 30 17:21:58 tsade ntop[2318]: Starting 'sFlowPlugin' Jan 30 17:21:58 tsade ntop[2318]: Starting 'rrdPlugin' Jan 30 17:21:58 tsade ntop[2318]: RRD: Welcome to the RRD plugin Jan 30 17:21:58 tsade ntop[2318]: RRD: Mask for new directories is 0700 Jan 30 17:21:58 tsade ntop[2318]: RRD: Mask for new files is 0066 Jan 30 17:21:58 tsade ntop[2318]: RRD: Started thread (140238848) for data collection. Jan 30 17:21:58 tsade ntop[2318]: Starting 'PDAPlugin' Jan 30 17:21:58 tsade ntop[2318]: Starting 'nfsWatchPlugin' Jan 30 17:21:58 tsade ntop[2318]: Starting 'NetFlow' Jan 30 17:21:58 tsade ntop[2318]: Processing Netflow white/black list parameter '0' Jan 30 17:21:58 tsade ntop[2318]: NETFLOW: White list initialized to '' Jan 30 17:21:58 tsade ntop[2318]: NETFLOW: Black list initialized to '' Jan 30 17:21:58 tsade ntop[2318]: NETFLOW: FILEDESCRIPTORBUG: Work-around activated Jan 30 17:21:58 tsade ntop[2318]: NETFLOW: FILEDESCRIPTORBUG: Creating 0, '/tmp/ntop-nf-000002318-0' Jan 30 17:21:58 tsade ntop[2318]: NETFLOW: FILEDESCRIPTORBUG: Created file 0 - '/tmp/ntop-nf-000002318-0'(0) Jan 30 17:21:58 tsade ntop[2318]: NETFLOW: FILEDESCRIPTORBUG: Creating 1, '/tmp/ntop-nf-000002318-1' Jan 30 17:21:58 tsade ntop[2318]: NETFLOW: FILEDESCRIPTORBUG: Created file 1 - '/tmp/ntop-nf-000002318-1'(13) Jan 30 17:21:58 tsade ntop[2318]: NETFLOW: FILEDESCRIPTORBUG: Creating 2, '/tmp/ntop-nf-000002318-2' Jan 30 17:21:58 tsade ntop[2318]: NETFLOW: FILEDESCRIPTORBUG: Created file 2 - '/tmp/ntop-nf-000002318-2'(14) Jan 30 17:21:58 tsade ntop[2318]: NETFLOW: Created a socket (15) Jan 30 17:21:58 tsade ntop[2318]: NETFLOW: Export disabled at user request Jan 30 17:21:58 tsade ntop[2318]: THREADMGMT: rrd thread (140238848) started Jan 30 17:21:58 tsade ntop[2318]: Starting 'LastSeenWatchPlugin' Jan 30 17:21:58 tsade ntop[2318]: Starting 'icmpWatchPlugin' Jan 30 17:21:58 tsade ntop[2318]: Plugins started... continuing with initialization Jan 30 17:21:58 tsade ntop[2318]: SSL is present but https is disabled: use -W <https port> for enabling it Jan 30 17:21:58 tsade ntop[2318]: Device 0. fxp0 (active) Jan 30 17:21:58 tsade ntop[2318]: Note: Reporting device initally set to 0 [fxp0] Jan 30 17:21:58 tsade ntop[2318]: WEB: Initializing web server Jan 30 17:21:58 tsade ntop[2318]: WEB: Initializing tcp/ip socket connections for web server Jan 30 17:21:58 tsade ntop[2318]: Initializing socket, port 3000, address (any) Jan 30 17:21:58 tsade ntop[2318]: FILEDESCRIPTORBUG: Work-around activated Jan 30 17:21:58 tsade ntop[2318]: FILEDESCRIPTORBUG: Creating 0, '/tmp/ntop-000002318-0' Jan 30 17:21:58 tsade ntop[2318]: FILEDESCRIPTORBUG: Created file 0 - '/tmp/ntop-000002318-0'(16) Jan 30 17:21:58 tsade ntop[2318]: FILEDESCRIPTORBUG: Creating 1, '/tmp/ntop-000002318-1' Jan 30 17:21:58 tsade ntop[2318]: FILEDESCRIPTORBUG: Created file 1 - '/tmp/ntop-000002318-1'(17) Jan 30 17:21:58 tsade ntop[2318]: FILEDESCRIPTORBUG: Creating 2, '/tmp/ntop-000002318-2' Jan 30 17:21:58 tsade ntop[2318]: FILEDESCRIPTORBUG: Created file 2 - '/tmp/ntop-000002318-2'(18) Jan 30 17:21:58 tsade ntop[2318]: WEB: Created a new socket (19) Jan 30 17:21:58 tsade ntop[2318]: Initialized socket, port 3000, address (any) Jan 30 17:21:58 tsade ntop[2318]: WEB: Waiting for HTTP connections on port 3000 Jan 30 17:21:58 tsade ntop[2318]: WEB: Starting web server Jan 30 17:21:58 tsade ntop[2318]: THREADMGMT: Started thread (140239872) for web server Jan 30 17:21:58 tsade ntop[2318]: WEB: Server started... continuing with initialization Jan 30 17:21:58 tsade ntop[2318]: THREADMGMT: Started thread (140240896) for network packet sniffing on fxp0 Jan 30 17:21:58 tsade ntop[2318]: THREADMGMT: web connections thread (2318) started... Jan 30 17:21:58 tsade ntop[2318]: Note: SIGPIPE handler set (ignore) Jan 30 17:21:58 tsade ntop[2318]: THREADMGMT: pcap dispatch thread running... Jan 30 17:21:58 tsade ntop[2318]: MAC prefix '00:90:27' not found in vendor database Jan 30 17:21:58 tsade ntop[2318]: MAC prefix '00:02:B3' not found in vendor database Jan 30 17:22:06 tsade ntop[2318]: MAC prefix '00:C0:1D' not found in vendor database Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: read HTTP request line: GET /textinfo.html HTTP/1.0 [27] Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: read HTTP header line: Host: tsade:3000 [16] Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: read HTTP header line: Accept: text/html, text/plain, text/sgml, */*;q=0.01 [52] Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: read HTTP header line: Accept-Encoding: gzip, compress [31] Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: read HTTP header line: Accept-Language: en [19] Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: read HTTP header line: Pragma: no-cache [16] Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: read HTTP header line: Cache-Control: no-cache [23] Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: read HTTP header line: User-Agent: Lynx/2.8.3rel.1 libwww-FM/2.14 [42] Jan 30 17:25:58 tsade ntop[2318]: HTTP/I18N_URL_DEBUG: Requested URL = '/textinfo.html', length = -1 Jan 30 17:25:58 tsade ntop[2318]: HTTP/I18N_URL_DEBUG: User-Agent = 'Lynx/2.8.3rel.1 libwww-FM/2.14' Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: RAW url is '/textinfo.html' Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: uri is '/textinfo.html' Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: Checking password-protect for '/textinfo.html' Jan 30 17:25:58 tsade ntop[2318]: SECURITY: Loading items table Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: Page: 'textinfo.html' Jan 30 17:25:58 tsade ntop[2318]: HTTP/I18N/URL_DEBUG: Testing for page textinfo.html at ./html/textinfo.html Jan 30 17:25:58 tsade ntop[2318]: HTTP/I18N/URL_DEBUG: Testing for page textinfo.html at /usr/local/ntop-2.2.99/share/ntop/html/textinfo.html Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: tmpStr=/usr/local/ntop-2.2.99/share/ntop/html/textinfo.html - fd=0x0 Jan 30 17:25:58 tsade ntop[2318]: **ERROR** CHKVER: Unable to connect socket: Operation timed out(60) Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: read HTTP request line: GET /dumpTrafficData.html?language=perl&key=fxp0 HTTP/1.0 [57] Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: read HTTP header line: Host: tsade:3000 [16] Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: read HTTP header line: User-Agent: lwp-trivial/1.35 [28] Jan 30 17:25:58 tsade ntop[2318]: HTTP/I18N_URL_DEBUG: Requested URL = '/dumpTrafficData.html?language=perl&key=fxp0', length = -1 Jan 30 17:25:58 tsade ntop[2318]: HTTP/I18N_URL_DEBUG: User-Agent = 'lwp-trivial/1.35' Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: RAW url is '/dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: uri is '/dumpTrafficData.html' Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: Checking password-protect for '/dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: Page: 'dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:25:58 tsade ntop[2318]: HTTP/I18N/URL_DEBUG: Testing for page dumpTrafficData.html at ./html/dumpTrafficData.html Jan 30 17:25:58 tsade ntop[2318]: HTTP/I18N/URL_DEBUG: Testing for page dumpTrafficData.html at /usr/local/ntop-2.2.99/share/ntop/html/dumpTrafficData.html Jan 30 17:25:58 tsade ntop[2318]: URL_DEBUG: tmpStr=/usr/local/ntop-2.2.99/share/ntop/html/dumpTrafficData.html - fd=0x0 Jan 30 17:26:00 tsade ntop[2318]: URL_DEBUG: read HTTP request line: GET /dumpTrafficData.html?language=perl&key=fxp0 HTTP/1.0 [57] Jan 30 17:26:00 tsade ntop[2318]: URL_DEBUG: read HTTP header line: Host: tsade:3000 [16] Jan 30 17:26:00 tsade ntop[2318]: URL_DEBUG: read HTTP header line: User-Agent: lwp-trivial/1.35 [28] Jan 30 17:26:00 tsade ntop[2318]: HTTP/I18N_URL_DEBUG: Requested URL = '/dumpTrafficData.html?language=perl&key=fxp0', length = -1 Jan 30 17:26:00 tsade ntop[2318]: HTTP/I18N_URL_DEBUG: User-Agent = 'lwp-trivial/1.35' Jan 30 17:26:00 tsade ntop[2318]: URL_DEBUG: RAW url is '/dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:26:00 tsade ntop[2318]: URL_DEBUG: uri is '/dumpTrafficData.html' Jan 30 17:26:00 tsade ntop[2318]: URL_DEBUG: Checking password-protect for '/dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:26:00 tsade ntop[2318]: URL_DEBUG: Page: 'dumpTrafficData.html?language=perl&key=fxp0' Yep tsade# telnet tsade 3000 Trying 192.168.105.230... Connected to tsade.aipo.gov.au. Escape character is '^]'. GET / ..wait .. wait >From the ntop message log perspective tsade> tail -f /var/log/messages Jan 30 17:33:31 tsade ntop[2381]: THREADMGMT: Started thread (140239872) for web server Jan 30 17:33:31 tsade ntop[2381]: WEB: Server started... continuing with initialization Jan 30 17:33:31 tsade ntop[2381]: THREADMGMT: Started thread (140240896) for network packet sniffing on fxp0 Jan 30 17:33:31 tsade ntop[2381]: THREADMGMT: web connections thread (2381) started... Jan 30 17:33:31 tsade ntop[2381]: Note: SIGPIPE handler set (ignore) Jan 30 17:33:31 tsade ntop[2381]: THREADMGMT: pcap dispatch thread running... Jan 30 17:33:31 tsade ntop[2381]: MAC prefix '00:C0:1D' not found in vendor database Jan 30 17:33:31 tsade ntop[2381]: MAC prefix '00:90:27' not found in vendor database Jan 30 17:33:59 tsade ntop[2381]: MAC prefix '00:02:B3' not found in vendor database Jan 30 17:36:18 tsade ntop[2381]: MAC prefix '00:80:9F' not found in vendor database Jan 30 17:40:12 tsade ntop[2381]: MAC prefix '00:60:B0' not found in vendor database not much action is there ? After trssing -p <ntop_process> life returns so its probably not CHKVER related. Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: read HTTP request line: GET / [5] Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: Too short request line. Jan 30 17:44:05 tsade ntop[2381]: HTTP/I18N_URL_DEBUG: Requested URL = '', length = -2 Jan 30 17:44:05 tsade ntop[2381]: HTTP/I18N_URL_DEBUG: User-Agent = '' Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: read HTTP request line: GET /textinfo.html HTTP/1.0 [27] Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: read HTTP header line: Host: tsade:3000 [16] Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: read HTTP header line: Accept: text/html, text/plain, text/sgml, */*;q=0.01 [52] Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: read HTTP header line: Accept-Encoding: gzip, compress [31] Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: read HTTP header line: Accept-Language: en [19] Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: read HTTP header line: User-Agent: Lynx/2.8.3rel.1 libwww-FM/2.14 [42] Jan 30 17:44:05 tsade ntop[2381]: HTTP/I18N_URL_DEBUG: Requested URL = '/textinfo.html', length = -1 Jan 30 17:44:05 tsade ntop[2381]: HTTP/I18N_URL_DEBUG: User-Agent = 'Lynx/2.8.3rel.1 libwww-FM/2.14' Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: RAW url is '/textinfo.html' Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: uri is '/textinfo.html' Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: Checking password-protect for '/textinfo.html' Jan 30 17:44:05 tsade ntop[2381]: SECURITY: Loading items table Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: Page: 'textinfo.html' Jan 30 17:44:05 tsade ntop[2381]: HTTP/I18N/URL_DEBUG: Testing for page textinfo.html at ./html/textinfo.html Jan 30 17:44:05 tsade ntop[2381]: HTTP/I18N/URL_DEBUG: Testing for page textinfo.html at /usr/local/ntop-2.2.99/share/ntop/html/textinfo.html Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: tmpStr=/usr/local/ntop-2.2.99/share/ntop/html/textinfo.html - fd=0x0 Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: read HTTP request line: GET /dumpTrafficData.html?language=perl&key=fxp0 HTTP/1.0 [57] Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: read HTTP header line: Host: tsade:3000 [16] Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: read HTTP header line: User-Agent: lwp-trivial/1.35 [28] Jan 30 17:44:05 tsade ntop[2381]: HTTP/I18N_URL_DEBUG: Requested URL = '/dumpTrafficData.html?language=perl&key=fxp0', length = -1 Jan 30 17:44:05 tsade ntop[2381]: HTTP/I18N_URL_DEBUG: User-Agent = 'lwp-trivial/1.35' Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: RAW url is '/dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: uri is '/dumpTrafficData.html' Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: Checking password-protect for '/dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: Page: 'dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:44:05 tsade ntop[2381]: HTTP/I18N/URL_DEBUG: Testing for page dumpTrafficData.html at ./html/dumpTrafficData.html Jan 30 17:44:05 tsade ntop[2381]: HTTP/I18N/URL_DEBUG: Testing for page dumpTrafficData.html at /usr/local/ntop-2.2.99/share/ntop/html/dumpTrafficData.html Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: tmpStr=/usr/local/ntop-2.2.99/share/ntop/html/dumpTrafficData.html - fd=0x0 Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: read HTTP request line: GET /dumpTrafficData.html?language=perl&key=fxp0 HTTP/1.0 [57] Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: read HTTP header line: Host: tsade:3000 [16] Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: read HTTP header line: User-Agent: lwp-trivial/1.35 [28] Jan 30 17:44:05 tsade ntop[2381]: HTTP/I18N_URL_DEBUG: User-Agent = 'lwp-trivial/1.35' Jan 30 17:44:05 tsade ntop[2381]: URL_DEBUG: Checking password-protect for '/dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: Page: 'dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:44:06 tsade ntop[2381]: HTTP/I18N/URL_DEBUG: Testing for page dumpTrafficData.html at ./html/dumpTrafficData.html Jan 30 17:44:06 tsade ntop[2381]: HTTP/I18N/URL_DEBUG: Testing for page dumpTrafficData.html at /usr/local/ntop-2.2.99/share/ntop/html/dumpTrafficData.html Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: tmpStr=/usr/local/ntop-2.2.99/share/ntop/html/dumpTrafficData.html - fd=0x0 Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: read HTTP request line: GET /textinfo.html HTTP/1.0 [27] Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: read HTTP header line: Host: tsade:3000 [16] Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: read HTTP header line: Accept: text/html, text/plain, text/sgml, */*;q=0.01 [52] Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: read HTTP header line: Accept-Encoding: gzip, compress [31] Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: read HTTP header line: Accept-Language: en [19] Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: read HTTP header line: User-Agent: Lynx/2.8.3rel.1 libwww-FM/2.14 [42] Jan 30 17:44:06 tsade ntop[2381]: HTTP/I18N_URL_DEBUG: Requested URL = '/textinfo.html', length = -1 Jan 30 17:44:06 tsade ntop[2381]: HTTP/I18N_URL_DEBUG: User-Agent = 'Lynx/2.8.3rel.1 libwww-FM/2.14' Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: RAW url is '/textinfo.html' Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: uri is '/textinfo.html' Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: Checking password-protect for '/textinfo.html' Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: Page: 'textinfo.html' Jan 30 17:44:06 tsade ntop[2381]: HTTP/I18N/URL_DEBUG: Testing for page textinfo.html at ./html/textinfo.html Jan 30 17:44:06 tsade ntop[2381]: HTTP/I18N/URL_DEBUG: Testing for page textinfo.html at /usr/local/ntop-2.2.99/share/ntop/html/textinfo.html Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: tmpStr=/usr/local/ntop-2.2.99/share/ntop/html/textinfo.html - fd=0x0 Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: read HTTP request line: GET /dumpTrafficData.html?language=perl&key=fxp0 HTTP/1.0 [57] Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: read HTTP header line: Host: tsade:3000 [16] Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: read HTTP header line: User-Agent: lwp-trivial/1.35 [28] Jan 30 17:44:06 tsade ntop[2381]: HTTP/I18N_URL_DEBUG: Requested URL = '/dumpTrafficData.html?language=perl&key=fxp0', length = -1 Jan 30 17:44:06 tsade ntop[2381]: HTTP/I18N_URL_DEBUG: User-Agent = 'lwp-trivial/1.35' Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: RAW url is '/dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: uri is '/dumpTrafficData.html' Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: Checking password-protect for '/dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: Page: 'dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:44:06 tsade ntop[2381]: HTTP/I18N/URL_DEBUG: Testing for page dumpTrafficData.html at ./html/dumpTrafficData.html Jan 30 17:44:06 tsade ntop[2381]: HTTP/I18N/URL_DEBUG: Testing for page dumpTrafficData.html at /usr/local/ntop-2.2.99/share/ntop/html/dumpTrafficData.html Jan 30 17:44:06 tsade ntop[2381]: URL_DEBUG: tmpStr=/usr/local/ntop-2.2.99/share/ntop/html/dumpTrafficData.html - fd=0x0 Jan 30 17:45:02 tsade ntop[2381]: URL_DEBUG: read HTTP request line: GET /dumpTrafficData.html?language=perl&key=fxp0 HTTP/1.0 [57] Jan 30 17:45:02 tsade ntop[2381]: URL_DEBUG: read HTTP header line: Host: tsade:3000 [16] Jan 30 17:45:02 tsade ntop[2381]: URL_DEBUG: read HTTP header line: User-Agent: lwp-trivial/1.35 [28] Jan 30 17:45:02 tsade ntop[2381]: HTTP/I18N_URL_DEBUG: Requested URL = '/dumpTrafficData.html?language=perl&key=fxp0', length = -1 Jan 30 17:45:02 tsade ntop[2381]: HTTP/I18N_URL_DEBUG: User-Agent = 'lwp-trivial/1.35' Jan 30 17:45:02 tsade ntop[2381]: URL_DEBUG: RAW url is '/dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:45:02 tsade ntop[2381]: URL_DEBUG: uri is '/dumpTrafficData.html' Jan 30 17:45:02 tsade ntop[2381]: URL_DEBUG: Checking password-protect for '/dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:45:02 tsade ntop[2381]: URL_DEBUG: Page: 'dumpTrafficData.html?language=perl&key=fxp0' Jan 30 17:45:02 tsade ntop[2381]: HTTP/I18N/URL_DEBUG: Testing for page dumpTrafficData.html at ./html/dumpTrafficData.html Jan 30 17:45:02 tsade ntop[2381]: HTTP/I18N/URL_DEBUG: Testing for page dumpTrafficData.html at /usr/local/ntop-2.2.99/share/ntop/html/dumpTrafficData.html Jan 30 17:45:02 tsade ntop[2381]: URL_DEBUG: tmpStr=/usr/local/ntop-2.2.99/share/ntop/html/dumpTrafficData.html - fd=0x0 Jan 30 17:45:07 tsade ntop[2381]: **WARNING** Address resolution queue is full [4294967285 of 4096 slots] Jan 30 17:45:07 tsade ntop[2381]: Addresses in excess won't be resolved Jan 30 17:45:20 tsade ntop[2381]: **ERROR** CHKVER: Unable to connect socket: Operation timed out(60) _______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
