Hi, I was going through the code in sessions.c to figure out things. My traffic is reported as Remote -> Remote, and i want sessions for that. But in sessions.c (Ln 1345) , I see that nonFullyRemoteSession is set to 0 & thus the sessions for Remote->Remote traffic arent handled? Any specific reasons behind this?
Thanks Regards Farhan Ali Khan On Sun, 13 Feb 2005 04:07:16 +0500, Farhan Ali Khan <[EMAIL PROTECTED]> wrote: > Hi, > The ifconfig doesnt seem to be reporting interfaces in promisc mode > correctly, atleast for ntop, I checked this at two places (one of them > displays sessions ok). > I ran NTOP and then ifconfig, and it dint show interfaces in promisc mode. > NTOP was still catching *all* traffic because I could see the hosts > adding in the hosts table and ftp data column being incremented except > for the fact that the session wasnt being shown, so i concluded that > NIC was actually in promisc mode and ifconfig may not be reporting > correctly, but to be sure I set the interfaces to promisc mode using > "ifconfig eth0 promisc" & "ifconfig eth1 promisc", and then it shows > them in PROMISC mode forever, without any impact on the running of > NTOP (i.e. sessions still not display). > > What could be wrong here? > > Thanks > Regards > Farhan Ali Khan > > On Fri, 11 Feb 2005 20:22:28 -0600, Burton Strauss > <[EMAIL PROTECTED]> wrote: > > What's the chance that some other process is knocking the NIC out of > > promiscuous mode? Somebody had a cron that did this. Don't remember which > > distro ... > > > > 1) Check if the NIC is in promiscuous mode using ifconfig > > 2) If it's not, figure out who is bouncing it out and stop it. > > > > -----Burton > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > > Of Farhan Ali Khan > > Sent: Friday, February 11, 2005 6:39 PM > > To: Burton Strauss; [email protected] > > Subject: Re: [Ntop-dev] TCP Sessions > > > > Hi, > > > > NTOP is only showing sessions which are originating/terminating at the > > server on which NTOP is running. > > For example, NTOP is running on 192.168.0.13, then only sessions which > > involve 192.168.0.13 are shown, this includes the initial session to > > version.ntop.org and an ftp session which > > 192.168.0.13 is maintaining with an ftp server, other than this no other > > session for any other host is displayed. > > > > I read the FAQ, --no-mac option is disabled. > > What could be the problem? > > > > Thanks > > Regards > > Farhan Ali Khan > > > > On Wed, 9 Feb 2005 20:23:58 +0500, Farhan Ali Khan <[EMAIL PROTECTED]> > > wrote: > > > Hi, > > > > > > Yes i tried it, No luck with it. > > > Now, I sometimes get "No Data to Display" and at other times i get "No > > > Active TCP Sessions" error. > > > Though I know that ther should be a session displayed over here... > > > > > > Thanks > > > Regards > > > Farhan Ali Khan > > > > > > On Tue, 8 Feb 2005 14:52:40 -0600, Burton Strauss > > > <[EMAIL PROTECTED]> wrote: > > > > Did you try --disable-instantsessionpurge ? > > > > > > > > -----Burton > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > > On Behalf Of Farhan Ali Khan > > > > Sent: Tuesday, February 08, 2005 2:26 PM > > > > To: [email protected] > > > > Subject: Re: [Ntop-dev] TCP Sessions > > > > > > > > Hi, > > > > > > > > Im checking on the longer sessions like http downloads, streams and ssh. > > > > These should be shown. > > > > > > > > The picture attached in the email earlier should have shown a http > > > > session for the download going on at that time. > > > > > > > > Thanks > > > > Regards > > > > Farhan Ali Khan > > > > > > > > On Tue, 8 Feb 2005 12:03:22 -0600, Burton Strauss > > > > <[EMAIL PROTECTED]> > > > > wrote: > > > > > man ntop: > > > > > > > > > > --disable-instantsessionpurge > > > > > ntop sets completed sessions as 'timed out' and then purge > > > > > them almost instantly, which is not the behavior you might > > > > > expect from the discussions about purge timeouts. This > > > > > switch makes ntop respect the timeouts for completed sessions. > > > > > It is NOT the default because a busy web server may have > > > > > 100s or 1000s of completed sessions and this would significantly > > > > > increase the amount of memory ntop uses. > > > > > > > > > > Without this, if you're looking at web traffic there typically > > > > > aren't any open sessions - only the long lived ones such as FTP > > > > > and SSH might be > > > > seen. > > > > > But read docs/FAQ - it will cost memory! > > > > > > > > > > -----Burton > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > > > On Behalf Of Farhan Ali Khan > > > > > Sent: Tuesday, February 08, 2005 11:23 AM > > > > > To: [email protected] > > > > > Subject: [Ntop-dev] TCP Sessions > > > > > > > > > > Hi all, > > > > > > > > > > I have done three installations on different servers with same > > > > > configuration. > > > > > Two of them (heavy traffic passes through them) dont show any TCP > > > > > sessions at all. (Only a couple of times I managed to see some > > > > > sessions > > > > for a while). > > > > > The Netnetstat.html page also shows "No Data To Display Yet" > > > > > (while there should be!). > > > > > One of them (light traffic) shows TCP sessions sucessfully. > > > > > > > > > > The --disable-sessions switch isnt enforced on any of them. > > > > > > > > > > Any hint at what the problem would be? > > > > > > > > > > Thanks > > > > > Regards > > > > > Farhan Ali Khan > > > > > _______________________________________________ > > > > > Ntop-dev mailing list > > > > > [email protected] > > > > > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > > > > > > > > _______________________________________________ > > > > > Ntop-dev mailing list > > > > > [email protected] > > > > > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > > > > > > > _______________________________________________ > > > > Ntop-dev mailing list > > > > [email protected] > > > > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > > > > > > > > > > > _______________________________________________ > > Ntop-dev mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > > _______________________________________________ > > Ntop-dev mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > > > _______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
