For my local host this was a DNS problem...
Thanks for the feedback... Thomas Pagel Senior Consultant Business Intelligence Software4You Planungssysteme GmbH Niederlassung Paderborn Hauptstraße 35 33178 Borchen (Germany) tel.: +49 (5251) 54009-11 mob.: +49 (172) 8423035 fax.: +49 (5251) 54009-99 home: http://www.software4you.com 4PLAN® - The Art of Budgeting. Disclaimer: This email may contain confidential and proprietary material for the sole use of the intended recipient. Any review or distribution by others is prohibited. If you are not the intended recipient please contact the sender and delete all copies. -----Ursprüngliche Nachricht----- Von: Burton M. Strauss III [mailto:[EMAIL PROTECTED] Gesendet: Montag, 31. März 2003 20:15 An: [EMAIL PROTECTED] Betreff: RE: [Ntop] Wrong Flag Some feedback from Mr. Anon E. Mouse: As for the wrong flags seen by another person: I occasionally see an Swedish akamai server when browsing German news sites, e.g. #> whois 213.61.5.0 .. inetnum: 213.61.5.0 - 213.61.5.127 netname: DE-COLT-AKAMAI descr: Akamai Technologies Inc. descr: 500 Technologies SQ. descr: 02139 Massachuetts descr: abuse? [EMAIL PROTECTED] country: SE .. The same info is contained in the ripe inetnum file. and from the traceroute from my dialup I would guess a German location so this probably is a typo in the whois data (DE/SE). The D key is right next to S. -----Burton Never attribute to malice that which can be adequately explained by stupidity. http://www.jargon.net/jargonfile/h/HanlonsRazor.html -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Burton M. Strauss III Sent: Monday, March 31, 2003 9:00 AM To: [EMAIL PROTECTED] Subject: RE: [Ntop] Wrong Flag You know, that sounds like a corrupted p2c.opt.table file... Check the log messages from the read (you may have to temporarily log more - I think I've cleaned it up in .90+, but it may not tell you unless you turn on noisy (-t 4) in .90 or -t 3 in earlier versions). It should tell you how many records were read. If that's not a match for the lines in the file, then something is wrong... Look at it - it's just text... if it's munged, that could be. Look up your various ranges and see what you see... If you need to download an updated p2c file, the shell script in utils/p2c isn't really very complex - a .bat file wouldn't be out of the question if you have the necessary tools (gawk and wget, IIRC) - which run fine under cygwin. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas Pagel Sent: Monday, March 31, 2003 8:49 AM To: [EMAIL PROTECTED] Subject: AW: [Ntop] Wrong Flag I guess I'll get into trouble rebuilding the lists, I was one of the "not UNIX speaking people" paying €50 for the ready-to-use download for Win32... Redirection might be the case..., but in the meantime I got a flag of UA for one of my local hosts.... Thomas Pagel Senior Consultant Business Intelligence Software4You Planungssysteme GmbH Niederlassung Paderborn Hauptstraße 35 33178 Borchen (Germany) tel.: +49 (5251) 54009-11 mob.: +49 (172) 8423035 fax.: +49 (5251) 54009-99 home: http://www.software4you.com 4PLAN® - The Art of Budgeting. Disclaimer: This email may contain confidential and proprietary material for the sole use of the intended recipient. Any review or distribution by others is prohibited. If you are not the intended recipient please contact the sender and delete all copies. -----Ursprüngliche Nachricht----- Von: Burton M. Strauss III [mailto:[EMAIL PROTECTED] Gesendet: Montag, 31. März 2003 15:54 An: [EMAIL PROTECTED] Betreff: RE: [Ntop] Wrong Flag The data is derived from the registry provided tables - RIPE in your case. Three thoughts, one is that they've updated their data since the p2c table you have (I updated it in the cvs this weekend with the March data). Second thought is that you're getting service (directly or upstream) from a Swedish company - they may have gotten an allocation from RIPE, who listed it in their database as Sweden, even though they're servicing .de Third - it's not who you think it is, because of under-the-covers redirection etc. To troubleshoot these, 1. Do a traceroute and see who the upstream providers are 2. Do a whois query 3. Check the data in the p2c file (and check the updated version). 4. Check the latest data at the registry You can always update the table via $ make p2ctable $ su - $ cd ... $ make install-data-local For a.focus.de: $ whois -h whois.ripe.de focus.de [whois.ripe.de] % This is the RIPE Whois server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/ripencc/pub-services/db/copyright.html % The object shown below is NOT in the RIPE database. % It has been obtained by querying a remote server: % (whois.denic.de) at port 43. % To see the object stored in the RIPE database % use the -R flag in your query % %REFERRAL START % Copyright (c)2002 by DENIC % % Restricted rights. % % % Except for agreed Internet operational purposes, no part of this % information may be reproduced, stored in a retrieval system, or % transmitted, in any form or by any means, electronic, mechanical, % recording, or otherwise, without prior permission of the DENIC % on behalf of itself and/or the copyright holders. Any use of this % material to target advertising or similar activities are explicitly % forbidden and will be prosecuted. The DENIC requests to be notified % of any such activities or suspicions thereof. domain: focus.de descr: Focus Magazin Verlag GmbH descr: Arabellastr. 23 descr: D-81925 Muenchen descr: Germany nserver: ns1.tomorrow-focus.de nserver: ns2.tomorrow-focus.de nserver: demdwu02.mediaways.net nserver: ns-2.mediaways.net status: connect changed: 20020815 142754 source: DENIC [admin-c] Type: PERSON Name: Joerg Buerosse Address: Prinzregentenstrasse 78 City: München Pcode: 81675 Country: DE Changed: 20020812 144343 Source: DENIC [tech-c][zone-c] Type: ORG Name: Hostmaster mediaWays GmbH Address: Huelshorstweg 30 City: Verl Pcode: 33415 Country: DE Phone: +49 5246 80 1244 Phone: +49 5246 80 1705 Fax: +49 5246 80 2081 Email: [EMAIL PROTECTED] Changed: 20030207 153222 Source: DENIC %REFERRAL END vs. $ nslookup -sil a.focus.de Server: 192.168.42.1 Address: 192.168.42.1#53 Non-authoritative answer: a.focus.de canonical name = a.focus.de.edgesuite.net. a.focus.de.edgesuite.net canonical name = a654.g.akamai.net. Name: a654.g.akamai.net Address: 130.81.64.27 Name: a654.g.akamai.net Address: 130.81.64.10 $ grep ':130\.8' p2c.opt.table US:130.8.0.0/14 US:130.80.0.0/15 CH:130.82.0.0/16 DE:130.83.0.0/16 FR:130.84.0.0/16 US:130.85.0.0/16 US:130.86.0.0/16 JP:130.87.0.0/16 UK:130.88.0.0/16 NL:130.89.0.0/16 Could it be you're getting redirected to a different Akamai server??? -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas Pagel Sent: Monday, March 31, 2003 4:57 AM To: [EMAIL PROTECTED] Subject: [Ntop] Wrong Flag Hi, Looking at statistics/hosts I find a host a.focus.de with a Swedish flag… I'm quite sure that this host is in Germany… Any idea why it thinks that this host is from Sweden? Thanks, Thomas Pagel Senior Consultant Business Intelligence Software4You Planungssysteme GmbH Niederlassung Paderborn Hauptstraße 35 33178 Borchen (Germany) tel.: +49 (5251) 54009-11 mob.: +49 (172) 8423035 fax.: +49 (5251) 54009-99 home: http://www.software4you.com 4PLAN® - The Art of Budgeting. Disclaimer: This email may contain confidential and proprietary material for the sole use of the intended recipient. Any review or distribution by others is prohibited. If you are not the intended recipient please contact the sender and delete all copies. _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
