Just to follow up, I ran tcpdump on the web interface of my ntop server while it was running and saw no DNS or other traffic beyond ARP and what was going to my Firefox client. It still seemed to behave with a little bit of stutter. The performance page indicated it was only using about 0.59% CPU. I then connected from another box to the ntop IP and watched the http traffic. I saw a bunch of “admin denied” messages, the browser changed the path the to lua address, but wouldnt load anything. I turned off firewalld and things got drastically better on the second web client.
So I think thats my issue. I am pretty sure, but not positive I unblocked tcp 3000 on the ntop server. I at least know its not DNS lookups failing. I dont know how my web client was able to gather the lua path from the ntop server if tcp 3000 was blocked. I am thinking there are other ports involved or my firewall is blocking ephemeral ports. So anyway, its good news and looks like ntop is working as expected. -Ken > On Mar 25, 2018, at 11:06 PM, Ken Kirchner <[email protected]> wrote: > > I will get some captures from the host, but why would this be DNS related if > I have "-n=3” in the config? Shouldn’t that disable lookups, or have I > misread the docs? > > -Ken > > >> On Mar 23, 2018, at 12:46 AM, Luca Deri <[email protected]> wrote: >> >> Ken, >> I think this is a DNS issue. Can you please capture with tcpdump the >> hosts being resolved (e.g. due to HTML code in ntopng) and report? >> >> Regards Luca >> >> On 03/23/2018 03:09 AM, Ken Kirchner wrote: >>> Hello all, >>> >>> I’ve setup a new VM as an ntopng server. I have allocated 4 cpu’s and 8GB >>> of ram. This runs on an all flash array. The host OS is an up to date Red >>> Hat Linux v7.4 with ntopng v3.2-stable branch deployed. I have a dedicated >>> web management ethernet interface and a probe interface. >>> >>> It works, but the web interface is very unresponsive and often reports time >>> out errors in my browser (Firefox and Chrome). It is nearly unusable yet >>> top reports almost no CPU being used. There is only a trickle of data being >>> monitored and the VM is mostly idle, so I cannot imagine what the problem >>> is. >>> >>> This is in a mostly isolated environment, so I have turned off DNS >>> resolution (-n=3). Could AS lookups or some other internet required query >>> be the cause? >>> >>> What can I check next? If I run tcpdump on the probe interface it looks >>> fine, no packets dropped. I cannot demo this to my boss with this behavior. >>> >>> -Ken K. >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
