I'd tried ntop a month or two back and thought it was promising, but it would only run for a short time and then quit. I would run it with stdout and stderr redirected to a file to see why it was quitting but there was no info written out.
I installed your latest version yesterday and a couple of the features you've added make it even more attractive, to the point that this time I intend to persevere with it until I get it working reliably. However it is still exiting after an hour or two. I'm running on a system with plenty free disk and a gigabyte of Ram. There's nothing else running except snort but they seem to coexist reasonably well using lib pcap as they're supposed to. Is this a known problem and is there a work around, or a fix due? The biggest problem with the program is that once it has exited, all the information it has built up is lost; if you don't catch a network abuse problem live, the program generally has quit by the time it is brought to your attention. By the way the new feature of looking in packets and recording email addresses will be tremendously useful to us here at University of Texas Pan American where we have something like 4000 PCs, most of which we don't know who they belong to. When we have a network problem (such as a report of Code Red from a campus IP address) it takes us an age to track down the owner of the machine by following the wires from the switch they're attached to. Knowing the email address will save us a huge amount of time. However the format of the table (stats/local info) makes it very hard to use. Too many columns. What would be better would be ip address / email info / machine type in text rather than many columns only one of which has an X in it. [Getting the email address from Outlook/Exchange packets would be neat too. They don't use smtp/imap/pop unfortunately] Also if there's a way for a program to extract the same info rather than going through the web interface, that would be useful too. (This may exist and I have just not found that part of the documentation yet?) If there's a mailing list for this program that I can subscribe to, would you let me know how please? Thanks for a fine piece of code. I look forward to helping work on useful extensions. I was able to manually detect mass mailing using the info that the program provides; I hope to modify it (you have a plugin system, right?) to do that automatically. Graham Toal _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
