(REPOST due to mailing list problems) ntop version 2.0.0
Upgrade to the latest snapshot, both because of the recent security issue and because of a number of fixes in the hashing area which did cause segfaults. Read the FAQs - the intop.1 problem is discussed at length... I've not heard of anybody else running with the suspicious packet detection stuff - does not turning it on improve stability? Finally, use the instructions in the FAQ at http://snapshot.ntop.org to run under gdb and capture the information about the segmentation fault (or you could try the patch I posted last week - I'm STILL looking for a tester). -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Todd Holloway Sent: Wednesday, March 06, 2002 7:09 PM To: [EMAIL PROTECTED] Subject: [Ntop] segfault... hello, I've been running ntop for a few weeks now...and it rarely runs more than a few hours, if that. 06/Mar/2002 16:52:50 [pbuf.c:1818] WARNING: TCP session [gateway.example.com:56068]<->[xxx.xxx.xxx.101:80] reset by gateway.example.com without completing 3-way handshake 06/Mar/2002 16:52:51 [pbuf.c:1936] WARNING: host [xxx.xxx.xxx.70:80] performed FIN scan of host [:2062] 06/Mar/2002 16:52:51 [pbuf.c:1936] WARNING: host [xxx.xxx.xxx.102:80] performed FIN scan of host [:2062] 06/Mar/2002 16:52:52 [pbuf.c:1936] WARNING: host [xxx.xxx.xxx.70:80] performed FIN scan of host [:2065] 06/Mar/2002 16:52:52 [pbuf.c:1936] WARNING: host [xxx.xxx.xxx.103:80] performed FIN scan of host [:2065] 06/Mar/2002 16:52:52 [pbuf.c:1818] WARNING: TCP session [cvx19-bradley.dialup.earthlink.net:3219]<->[xxx.xxx.xxx.104:80] reset by cvx19-bradley.dialup.earthlink.net without completing 3-way handshake 06/Mar/2002 16:52:53 [pbuf.c:1288] WARNING: unknown protocol (no HTTP) detected (trojan?) at port 80 :2066->xxx.xxx.xxx.70:80 [no tcp, reset] 06/Mar/2002 16:52:53 [pbuf.c:1818] WARNING: TCP session [:2066]<->[xxx.xxx.xxx.70:80] reset by without completing 3-way handshake 06/Mar/2002 16:52:53 [pbuf.c:1288] WARNING: unknown protocol (no HTTP) detected (trojan?) at port 80 :2066->xxx.xxx.xxx.104:80 [no tcp, reset] 06/Mar/2002 16:52:53 [pbuf.c:1818] WARNING: TCP session [:2066]<->[xxx.xxx.xxx.104:80] reset by without completing 3-way handshake 06/Mar/2002 16:52:54 [pbuf.c:1288] WARNING: unknown protocol (no HTTP) detected (trojan?) at port 80 :2068->xxx.xxx.xxx.70:80 [no tcp, reset] 06/Mar/2002 16:52:54 [pbuf.c:1818] WARNING: TCP session [:2068]<->[xxx.xxx.xxx.70:80] reset by without completing 3-way handshake 06/Mar/2002 16:52:54 [pbuf.c:1288] WARNING: unknown protocol (no HTTP) detected (trojan?) at port 80 :2068->xxx.xxx.xxx.101:80 [no tcp, reset] 06/Mar/2002 16:52:54 [pbuf.c:1818] WARNING: TCP session [:2068]<->[xxx.xxx.xxx.101:80] reset by without completing 3-way handshake 06/Mar/2002 16:52:54 [pbuf.c:1288] WARNING: unknown protocol (no HTTP) detected (trojan?) at port 80 :2069->xxx.xxx.xxx.70:80 [no tcp, reset] 06/Mar/2002 16:52:54 [pbuf.c:1818] WARNING: TCP session [:2069]<->[xxx.xxx.xxx.70:80] reset by without completing 3-way handshake 06/Mar/2002 16:52:54 [pbuf.c:1288] WARNING: unknown protocol (no HTTP) detected (trojan?) at port 80 :2069->xxx.xxx.xxx.103:80 [no tcp, reset] 06/Mar/2002 16:52:54 [pbuf.c:1818] WARNING: TCP session [:2069]<->[xxx.xxx.xxx.103:80] reset by without completing 3-way handshake 06/Mar/2002 16:52:54 [pbuf.c:1936] WARNING: host [xxx.xxx.xxx.70:80] performed FIN scan of host [:2070] 06/Mar/2002 16:52:54 [pbuf.c:1936] WARNING: host [xxx.xxx.xxx.101:80] performed FIN scan of host [:2070] 06/Mar/2002 16:52:55 [pbuf.c:1288] WARNING: unknown protocol (no HTTP) detected (trojan?) at port 80 208.10.124.129:1173->xxx.xxx.xxx.70:80 06/Mar/2002 16:52:55 [pbuf.c:3361] Detected ICMP msg [type=TIMXCEED/code=0] 216.126.94.81->xxx.xxx.xxx.59 06/Mar/2002 16:52:55 [pbuf.c:3418] Host [xxx.xxx.xxx.58] sent UDP data to a closed port of host [xxx.xxx.xxx.80:33856] (scan attempt?) 06/Mar/2002 16:52:55 [pbuf.c:3418] Host [xxx.xxx.xxx.58] sent UDP data to a closed port of host [xxx.xxx.xxx.80:33856] (scan attempt?) 06/Mar/2002 16:52:55 [pbuf.c:3418] Host [xxx.xxx.xxx.58] sent UDP data to a closed port of host [xxx.xxx.xxx.80:33856] (scan attempt?) 06/Mar/2002 16:52:55 [pbuf.c:3418] Host [xxx.xxx.xxx.58] sent UDP data to a closed port of host [xxx.xxx.xxx.80:33856] (scan attempt?) 06/Mar/2002 16:52:55 [pbuf.c:3418] Host [xxx.xxx.xxx.58] sent UDP data to a closed port of host [xxx.xxx.xxx.80:33856] (scan attempt?) Segmentation fault Is there a method/flag that I should be using to help track the problem down? The box is a Mandrake Linux release 8.1 (Vitamin) for i586. I'd could "strace" it with the "-K" flag set. Any suggestions? from the "configuration link": OS i686-pc-linux-gnu ntop version 2.0.0 Built on 03/06/02 03:12:18 PM Started as /usr/local/bin/ntop -i eth0 -D xxx.com -E -q -S2 -t5 -A2 GDBM version This is GDBM version 1.8.0, as of May 19, 1999. OpenSSL Support OpenSSL 0.9.6b 9 Jul 2001 SSL Port Not Active Multithreaded Yes GD Chart Present Chart Format .png UCD/NET SNMP Absent TCP Wrappers Absent Async. Addr. Resolution Yes lsof Support Yes nmap Support Yes # Handled HTTP Requests 3 Actual Hash Size 362 Top Hash Size 362 # Queued Pkts to Process 0 # Max Queued Pkts 0 # Stored Hash Hosts 278 [76 %] # Purged Hash Hosts 0 # TCP Sessions 1190 # Terminated TCP Sessions 0 # Queued Addresses 159 # Addresses Resolved with DNS 29 # Addresses Kept Numeric 2 # Addresses Found in Cache 0 # Dropped Addresses 0 # Active Threads 10 # Monitored Processes 17 thanks alot...great program! todd ps: I would be using the current cvs snapshot, but I could get "sessioningn" to work, at all. pss: I also found a bug in the "make install" process: make[3]: Entering directory `/home/todd/ntop-current/ntop' /bin/sh ./mkinstalldirs /usr/local/man/man1 /usr/bin/install -c -m 644 ./intop/intop.1 /usr/local/man/man1/intop/intop.1 /usr/bin/install: cannot create regular file `/usr/local/man/man1/intop/intop.1': No such file or directory make[3]: *** [install-man1] Error 1 I had to make the directory myself and that fixed it...mkdir /usr/local/man/man1/intop/ -- "This UI has been brought to you by the letters 'S' and 'K', and the runlevel 3." - Greg Andrews _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop
