Hi, The ifconfig doesnt seem to be reporting interfaces in promisc mode correctly, atleast for ntop, I checked this at two places (one of them displays sessions ok). I ran NTOP and then ifconfig, and it dint show interfaces in promisc mode. NTOP was still catching *all* traffic because I could see the hosts adding in the hosts table and ftp data column being incremented except for the fact that the session wasnt being shown, so i concluded that NIC was actually in promisc mode and ifconfig may not be reporting correctly, but to be sure I set the interfaces to promisc mode using "ifconfig eth0 promisc" & "ifconfig eth1 promisc", and then it shows them in PROMISC mode forever, without any impact on the running of NTOP (i.e. sessions still not display).
What could be wrong here? Thanks Regards Farhan Ali Khan On Fri, 11 Feb 2005 20:22:28 -0600, Burton Strauss <[EMAIL PROTECTED]> wrote: > What's the chance that some other process is knocking the NIC out of > promiscuous mode? Somebody had a cron that did this. Don't remember which > distro ... > > 1) Check if the NIC is in promiscuous mode using ifconfig > 2) If it's not, figure out who is bouncing it out and stop it. > > -----Burton > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Farhan Ali Khan > Sent: Friday, February 11, 2005 6:39 PM > To: Burton Strauss; [email protected] > Subject: Re: [Ntop-dev] TCP Sessions > > Hi, > > NTOP is only showing sessions which are originating/terminating at the > server on which NTOP is running. > For example, NTOP is running on 192.168.0.13, then only sessions which > involve 192.168.0.13 are shown, this includes the initial session to > version.ntop.org and an ftp session which > 192.168.0.13 is maintaining with an ftp server, other than this no other > session for any other host is displayed. > > I read the FAQ, --no-mac option is disabled. > What could be the problem? > > Thanks > Regards > Farhan Ali Khan > > On Wed, 9 Feb 2005 20:23:58 +0500, Farhan Ali Khan <[EMAIL PROTECTED]> > wrote: > > Hi, > > > > Yes i tried it, No luck with it. > > Now, I sometimes get "No Data to Display" and at other times i get "No > > Active TCP Sessions" error. > > Though I know that ther should be a session displayed over here... > > > > Thanks > > Regards > > Farhan Ali Khan > > > > On Tue, 8 Feb 2005 14:52:40 -0600, Burton Strauss > > <[EMAIL PROTECTED]> wrote: > > > Did you try --disable-instantsessionpurge ? > > > > > > -----Burton > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > On Behalf Of Farhan Ali Khan > > > Sent: Tuesday, February 08, 2005 2:26 PM > > > To: [email protected] > > > Subject: Re: [Ntop-dev] TCP Sessions > > > > > > Hi, > > > > > > Im checking on the longer sessions like http downloads, streams and ssh. > > > These should be shown. > > > > > > The picture attached in the email earlier should have shown a http > > > session for the download going on at that time. > > > > > > Thanks > > > Regards > > > Farhan Ali Khan > > > > > > On Tue, 8 Feb 2005 12:03:22 -0600, Burton Strauss > > > <[EMAIL PROTECTED]> > > > wrote: > > > > man ntop: > > > > > > > > --disable-instantsessionpurge > > > > ntop sets completed sessions as 'timed out' and then purge > > > > them almost instantly, which is not the behavior you might > > > > expect from the discussions about purge timeouts. This > > > > switch makes ntop respect the timeouts for completed sessions. > > > > It is NOT the default because a busy web server may have > > > > 100s or 1000s of completed sessions and this would significantly > > > > increase the amount of memory ntop uses. > > > > > > > > Without this, if you're looking at web traffic there typically > > > > aren't any open sessions - only the long lived ones such as FTP > > > > and SSH might be > > > seen. > > > > But read docs/FAQ - it will cost memory! > > > > > > > > -----Burton > > > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > > On Behalf Of Farhan Ali Khan > > > > Sent: Tuesday, February 08, 2005 11:23 AM > > > > To: [email protected] > > > > Subject: [Ntop-dev] TCP Sessions > > > > > > > > Hi all, > > > > > > > > I have done three installations on different servers with same > > > > configuration. > > > > Two of them (heavy traffic passes through them) dont show any TCP > > > > sessions at all. (Only a couple of times I managed to see some > > > > sessions > > > for a while). > > > > The Netnetstat.html page also shows "No Data To Display Yet" > > > > (while there should be!). > > > > One of them (light traffic) shows TCP sessions sucessfully. > > > > > > > > The --disable-sessions switch isnt enforced on any of them. > > > > > > > > Any hint at what the problem would be? > > > > > > > > Thanks > > > > Regards > > > > Farhan Ali Khan > > > > _______________________________________________ > > > > Ntop-dev mailing list > > > > [email protected] > > > > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > > > > > > _______________________________________________ > > > > Ntop-dev mailing list > > > > [email protected] > > > > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > > > > > _______________________________________________ > > > Ntop-dev mailing list > > > [email protected] > > > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > > > > > > > _______________________________________________ > Ntop-dev mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > _______________________________________________ > Ntop-dev mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > _______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
