[Ntop] Re: PR_8ZCKFWB - Can Only Display One Local Net At A Time; Only Partial Stats Collected For 2nd Net

The Jetman Tue, 10 Jun 2003 11:04:19 -0700

    At last, I have some breathing room, so I can resume this exercise.
Please find attached the most recently requested items below, in a single
text file.


    Let me know what I do to help narrow this down more.  BTW, this is
the cmd-line in use at the moment:

/usr/local/bin/ntop -u nobody -d -P /data0/ntop -w 3000 -i dc0,dc2 \
-m aa.bb.cc.0/26,192.168.1.0/24 -M -t5 -L && echo -n " ntop"

PS:  Sorry about that, chief....Jet

===============  From the desk of Jethro Wright, III  ================
+      Nothing causes self-delusion quite so readily as power.       =
===  [EMAIL PROTECTED]  =========================  Liu Binyan  ===


        This is an approximation of the LAN side of 
things:

        +-----------------------------------+
        |  FreeBSD 4.8-RELEASE              |
        |  NTOP 2.2                         |
        |  dc0:  aa.bb.cc.0/26   (public)   |
        |  dc2:  192.168.0.0/24             |
        +-----------------------------------+
          aa.bb.cc.48
            \
                \
                \
                \
        +--------------------+   to/from uplinked 
        |  Five port hub     |<----------------------->
        |  (true hub)        |   multi-port switches
        +--------------------+
                        \
                        \
                        \
                        \
        +-----------------------------------+
        |  Cisco 2600                       |
        |                                   |
        +-----------------------------------+
                                        \
                                        \
                                        \
                                        \
                                        \
                                        \
                                        \
                                     T1
                                 aa.bb.cc.1


        This is the ifconfig report from the NTOP 
system:

dc0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        inet aa.bb.cc.48 netmask 0xffffffc0 broadcast aa.bb.cc.63
        inet6 fe80::280:c6ff:feee:777b%dc0 prefixlen 64 scopeid 0x1 
        ether 00:80:c6:ee:77:7b
        media: Ethernet autoselect (10baseT/UTP)
        status: active
dc1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        ether 00:80:ad:0d:54:94
        media: Ethernet autoselect (none)
        status: no carrier
dc2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.1.168 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::280:c6ff:feec:1e7d%dc2 prefixlen 64 scopeid 0x3 
        ether 00:80:c6:ec:1e:7d
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 
        inet 127.0.0.1 netmask 0xff000000 
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500


        Below is an extract from /var/log/messages on the NTOP 
system:

May 29 16:00:00 hagate newsyslog[19732]: logfile turned over
May 29 16:05:06 hagate su: jetman to root on /dev/ttyp1
May 29 16:14:27 hagate su: jetman to root on /dev/ttyp2
May 29 16:14:34 hagate ntop[19762]: [MSGID00958-main] ntop v.2.2 MT (SSL) 
[i386-unknown-freebsd4.8] (05/02/03 05:39:06 PM build)
May 29 16:14:34 hagate ntop[19762]: [MSGID00960-main] Copyright 1998-2003 by Luca Deri 
<[EMAIL PROTECTED]>
May 29 16:14:34 hagate ntop[19762]: [MSGID00961-main] Get the freshest ntop from 
http://www.ntop.org/
May 29 16:14:34 hagate ntop[19762]: [MSGID01024-main] Initializing ntop
May 29 16:14:34 hagate ntop[19762]: [MSGID00117-initialize] Initializing IP services
May 29 16:14:34 hagate ntop[19762]: [MSGID00841-initialize] Initializing gdbm databases
May 29 16:14:34 hagate ntop[19762]: [MSGID00818-initialize] creating database 
'/data0/ntop/addressQueue.db'
May 29 16:14:34 hagate ntop[19762]: [MSGID00818-initialize] opening database 
'/data0/ntop/prefsCache.db'
May 29 16:14:34 hagate ntop[19762]: [MSGID00818-initialize] creating database 
'/data0/ntop/dnsCache.db'
May 29 16:14:34 hagate ntop[19762]: [MSGID00818-initialize] opening database 
'/data0/ntop/ntop_pw.db'
May 29 16:14:34 hagate ntop[19762]: [MSGID00818-initialize] opening database 
'/data0/ntop/hostsInfo.db'
May 29 16:14:34 hagate ntop[19762]: [MSGID00818-initialize] creating database 
'/data0/ntop/macPrefix.db'
May 29 16:14:34 hagate ntop[19763]: [MSGID00220-ntop] INIT: Created pid file 
(/var/run/ntop.pid)
May 29 16:14:34 hagate ntop[19762]: [MSGID00226-ntop] INIT: Parent process is exiting 
(this is normal)
May 29 16:14:34 hagate ntop[19763]: [MSGID00223-ntop] INIT: Bye bye: I'm becoming a 
daemon...
May 29 16:14:34 hagate ntop[19763]: [MSGID01047-main] Now running as a daemon
May 29 16:14:34 hagate ntop[19763]: [MSGID01001-initialize] Initializing network 
devices
May 29 16:14:34 hagate ntop[19763]: [MSGID01097-main] Listening on [dc0,dc2]
May 29 16:14:34 hagate /kernel: dc0: promiscuous mode enabled
May 29 16:14:34 hagate /kernel: dc2: promiscuous mode enabled
May 29 16:14:34 hagate ntop[19763]: [MSGID01426-initialize] Interface 'dc0' (netmask 
255.255.255.192) computed network size is 364 hosts
May 29 16:14:34 hagate ntop[19763]: [MSGID01440-initialize] MEMORY: ipTrafficMatrix 
base (no TrafficEntry) for interface 'dc0' is  0.56MB
May 29 16:14:34 hagate ntop[19763]: [MSGID01426-initialize] Interface 'dc2' (netmask 
255.255.255.0) computed network size is 606 hosts
May 29 16:14:34 hagate ntop[19763]: [MSGID01440-initialize] MEMORY: ipTrafficMatrix 
base (no TrafficEntry) for interface 'dc2' is  1.45MB
May 29 16:14:34 hagate ntop[19763]: [MSGID01105-main] Loading Plugins
May 29 16:14:34 hagate ntop[19763]: [MSGID00320-plugin] Searching for plugins in 
/usr/local/lib/ntop/plugins
May 29 16:14:34 hagate ntop[19763]: [MSGID00142-plugin] Loading plugin 
'/usr/local/lib/ntop/plugins/icmpPlugin.so'
May 29 16:14:34 hagate ntop[19763]: [MSGID00469-icmpPlugin] ICMP: Welcome to 
icmpWatchPlugin. (C) 1999 by Luca Deri
May 29 16:14:34 hagate ntop[19763]: [MSGID00236-plugin] Note: Plugin 
'/usr/local/lib/ntop/plugins/icmpPlugin.so' has an empty BPF filter (this may not be 
wrong)
May 29 16:14:34 hagate ntop[19763]: [MSGID00142-plugin] Loading plugin 
'/usr/local/lib/ntop/plugins/lastSeenPlugin.so'
May 29 16:14:34 hagate ntop[19763]: [MSGID00378-lastSeenPlugin] LASTSEEN: Welcome to 
LastSeenWatchPlugin. (C) 1999 by Andrea Marangoni
May 29 16:14:34 hagate ntop[19763]: [MSGID00246-plugin] Compiling filter 'ip' on 
interface dc0
May 29 16:14:34 hagate ntop[19763]: [MSGID00246-plugin] Compiling filter 'ip' on 
interface dc2
May 29 16:14:34 hagate ntop[19763]: [MSGID00142-plugin] Loading plugin 
'/usr/local/lib/ntop/plugins/netflowPlugin.so'
May 29 16:14:34 hagate ntop[19763]: [MSGID01479-netflowPlugin] NETFLOW: Welcome to 
NetFlow.(C) 2002 by Luca Deri
May 29 16:14:34 hagate ntop[19763]: [MSGID00236-plugin] Note: Plugin 
'/usr/local/lib/ntop/plugins/netflowPlugin.so' has an empty BPF filter (this may not 
be wrong)
May 29 16:14:34 hagate ntop[19763]: [MSGID00142-plugin] Loading plugin 
'/usr/local/lib/ntop/plugins/nfsPlugin.so'
May 29 16:14:34 hagate ntop[19763]: [MSGID00358-nfsPlugin] NFS: Welcome to 
nfsWatchPlugin. (C) 1999 by Luca Deri
May 29 16:14:34 hagate ntop[19763]: [MSGID00246-plugin] Compiling filter 'port 2049' 
on interface dc0
May 29 16:14:34 hagate ntop[19763]: [MSGID00246-plugin] Compiling filter 'port 2049' 
on interface dc2
May 29 16:14:34 hagate ntop[19763]: [MSGID00142-plugin] Loading plugin 
'/usr/local/lib/ntop/plugins/pdaPlugin.so'
May 29 16:14:34 hagate ntop[19763]: [MSGID00317-pdaPlugin] PDA: Welcome to PDAPlugin. 
(C) 2001-2002 by L.Deri and W.Brock
May 29 16:14:34 hagate ntop[19763]: [MSGID00236-plugin] Note: Plugin 
'/usr/local/lib/ntop/plugins/pdaPlugin.so' has an empty BPF filter (this may not be 
wrong)
May 29 16:14:34 hagate ntop[19763]: [MSGID00142-plugin] Loading plugin 
'/usr/local/lib/ntop/plugins/sflowPlugin.so'
May 29 16:14:34 hagate ntop[19763]: [MSGID02254-sflowPlugin] SFLOW: Welcome to 
sFlowPlugin. (C) 2002 by Luca Deri
May 29 16:14:34 hagate ntop[19763]: [MSGID00246-plugin] Compiling filter 'ip' on 
interface dc0
May 29 16:14:34 hagate ntop[19763]: [MSGID00246-plugin] Compiling filter 'ip' on 
interface dc2
May 29 16:14:34 hagate ntop[19763]: [MSGID00142-plugin] Loading plugin 
'/usr/local/lib/ntop/plugins/rrdPlugin.so'
May 29 16:14:34 hagate ntop[19763]: [MSGID01880-rrdPlugin] RRD: Welcome to rrdPlugin. 
(C) 2002 by Luca Deri. 
May 29 16:14:34 hagate ntop[19763]: [MSGID00236-plugin] Note: Plugin 
'/usr/local/lib/ntop/plugins/rrdPlugin.so' has an empty BPF filter (this may not be 
wrong)
May 29 16:14:34 hagate ntop[19763]: [MSGID01107-main] Plugins loaded... continuing 
with initialization
May 29 16:14:34 hagate ntop[19763]: [MSGID00344-util] Processing -m | --local-subnets 
parameter 'aa.bb.cc.0/26,192.168.1.0/24'
May 29 16:14:34 hagate ntop[19763]: [MSGID00462-util] -m: Discarded unnecessary 
parameter aa.bb.cc.0/26 - this is the local network
May 29 16:14:34 hagate ntop[19763]: [MSGID00462-util] -m: Discarded unnecessary 
parameter 192.168.1.0/24 - this is the local network
May 29 16:14:34 hagate ntop[19763]: [MSGID00734-initialize] Resetting traffic 
statistics...
May 29 16:14:34 hagate ntop[19763]: [MSGID00447-vendor] VENDOR: Loading MAC address 
table. 
May 29 16:14:34 hagate ntop[19763]: [MSGID00453-vendor] VENDOR: Checking 
'./specialMAC.txt' 
May 29 16:14:34 hagate ntop[19763]: [MSGID00453-vendor] VENDOR: Checking 
'/usr/local/etc/ntop/specialMAC.txt' 
May 29 16:14:34 hagate ntop[19763]: [MSGID00525-vendor] VENDOR: ...found, 61 lines, 
loaded 59 records! 
May 29 16:14:34 hagate ntop[19763]: [MSGID00453-vendor] VENDOR: Checking './oui.txt' 
May 29 16:14:34 hagate ntop[19763]: [MSGID00453-vendor] VENDOR: Checking 
'/usr/local/etc/ntop/oui.txt' 
May 29 16:14:34 hagate ntop[19763]: [MSGID00525-vendor] VENDOR: ...found, 70 lines, 
loaded 62 records! 
May 29 16:14:34 hagate ntop[19763]: [MSGID00534-initialize] OSFP: Looking for OS 
fingerprint file, etter.passive.os.fp 
May 29 16:14:34 hagate ntop[19763]: [MSGID00540-initialize] OSFP: Checking 
'./etter.passive.os.fp' 
May 29 16:14:34 hagate ntop[19763]: [MSGID00540-initialize] OSFP: Checking 
'/usr/local/etc/ntop/etter.passive.os.fp' 
May 29 16:14:34 hagate ntop[19763]: [MSGID00544-initialize] OSFP: ...found! 
May 29 16:14:34 hagate ntop[19763]: [MSGID00721-initialize] I18N: This instance of 
ntop does not support multiple languages 
May 29 16:14:34 hagate ntop[19763]: [MSGID00219-initialize] IP2CC: Looking for IP 
address <-> Country code mapping file
May 29 16:14:34 hagate ntop[19763]: [MSGID00238-initialize] IP2CC: ...looking for file 
./p2c.opt.table
May 29 16:14:34 hagate ntop[19763]: [MSGID00280-initialize] IP2CC: ...does not exist
May 29 16:14:34 hagate ntop[19763]: [MSGID00238-initialize] IP2CC: ...looking for file 
/usr/local/etc/ntop/p2c.opt.table
May 29 16:14:34 hagate ntop[19763]: [MSGID00249-initialize] IP2CC: ...found - reading 
data
May 29 16:14:34 hagate ntop[19763]: [MSGID00276-initialize] IP2CC: ......47455 records 
read
May 29 16:14:34 hagate ntop[19763]: [MSGID00238-initialize] IP2CC: ...looking for file 
/etc/p2c.opt.table
May 29 16:14:34 hagate ntop[19763]: [MSGID00280-initialize] IP2CC: ...does not exist
May 29 16:14:34 hagate ntop[19763]: [MSGID00288-initialize] IP2CC: 47455 records read
May 29 16:14:34 hagate ntop[19763]: [MSGID00895-initialize] THREADMGMT: Started thread 
(134896640) for network packet analyser
May 29 16:14:34 hagate ntop[19763]: [MSGID00908-initialize] THREADMGMT: Started thread 
(139576320) for idle hosts detection
May 29 16:14:34 hagate ntop[19763]: [MSGID00921-initialize] THREADMGMT: Started thread 
(139577344) for DNS address resolution
May 29 16:14:34 hagate ntop[19763]: [MSGID01202-main] Starting Plugins
May 29 16:14:34 hagate ntop[19763]: [MSGID00395-plugin] Calling plugin start functions 
(if any)
May 29 16:14:34 hagate ntop[19763]: [MSGID00399-plugin] Starting 'rrdPlugin'
May 29 16:14:34 hagate ntop[19763]: [MSGID01776-rrdPlugin] RRD: Welcome to the RRD 
plugin
May 29 16:14:34 hagate ntop[19763]: [MSGID01817-rrdPlugin] RRD: Started thread 
(139578368) for data collection.
May 29 16:14:34 hagate ntop[19763]: [MSGID00399-plugin] Starting 'sFlowPlugin'
May 29 16:14:34 hagate ntop[19763]: [MSGID00399-plugin] Starting 'PDAPlugin'
May 29 16:14:34 hagate ntop[19763]: [MSGID00399-plugin] Starting 'nfsWatchPlugin'
May 29 16:14:34 hagate ntop[19763]: [MSGID00399-plugin] Starting 'NetFlow'
May 29 16:14:34 hagate ntop[19763]: [MSGID00399-plugin] Starting 'LastSeenWatchPlugin'
May 29 16:14:34 hagate ntop[19763]: [MSGID00399-plugin] Starting 'icmpWatchPlugin'
May 29 16:14:34 hagate ntop[19763]: [MSGID01204-main] Plugins started... continuing 
with initialization
May 29 16:14:34 hagate ntop[19763]: [MSGID01208-main] Starting web server
May 29 16:14:34 hagate ntop[19763]: [MSGID04352-webInterface] WEB: Initializing
May 29 16:14:34 hagate ntop[19763]: [MSGID04396-webInterface] Note: Reporting device 
set to 0[dc0]
May 29 16:14:34 hagate ntop[19763]: [MSGID04519-webInterface] WEB: Waiting for HTTP 
connections on port 3000
May 29 16:14:34 hagate ntop[19763]: [MSGID04536-webInterface] THREADMGMT: Started 
thread (139583488) for web server
May 29 16:14:34 hagate ntop[19763]: [MSGID01210-main] Web server started... continuing 
with initialization
May 29 16:14:34 hagate ntop[19763]: [MSGID01225-main] MEMORY: Base interface structure 
(no hashes loaded) is 0.27MB each
May 29 16:14:34 hagate ntop[19763]: [MSGID01227-main] MEMORY:     or 0.53MB for 2 
interfaces
May 29 16:14:34 hagate ntop[19763]: [MSGID01230-main] MEMORY: ipTraffixMatrix 
structure (no TrafficEntry loaded) is 1.91MB
May 29 16:14:34 hagate ntop[19763]: [MSGID01233-main] Sniffying...
May 29 16:14:34 hagate ntop[19763]: [MSGID01626-initialize] THREADMGMT: Started thread 
(139584512) for network packet sniffing on dc0
May 29 16:14:34 hagate ntop[19763]: [MSGID01626-initialize] THREADMGMT: Started thread 
(139585536) for network packet sniffing on dc2
May 29 16:14:34 hagate ntop[19763]: [MSGID01600-pbuf] THREADMGMT: Packet processor 
thread (134896640) started... 
May 29 16:14:34 hagate ntop[19763]: [MSGID00656-ntop] THREADMGMT: Idle Scan thread 
(139576320) started
May 29 16:14:34 hagate ntop[19763]: [MSGID00537-address] THREADMGMT: Address 
resolution thread started... 
May 29 16:14:34 hagate ntop[19763]: [MSGID01307-rrdPlugin] THREADMGMT: rrd thread 
(139578368) started
May 29 16:14:34 hagate ntop[19763]: [MSGID04824-webInterface] THREADMGMT: web 
connections thread (139583488) started... 
May 29 16:14:34 hagate ntop[19763]: [MSGID00079-ntop] THREADMGMT: pcap dispatch thread 
started... 
May 29 16:14:34 hagate ntop[19763]: [MSGID00337-vendor] MAC prefix '00:30:AB' not 
found in vendor database
May 29 16:14:34 hagate ntop[19763]: [MSGID00337-vendor] MAC prefix '00:02:16' not 
found in vendor database
May 29 16:14:34 hagate ntop[19763]: [MSGID00079-ntop] THREADMGMT: pcap dispatch thread 
started... 
May 29 16:14:35 hagate ntop[19763]: [MSGID00337-vendor] MAC prefix '00:40:10' not 
found in vendor database
May 29 16:14:35 hagate ntop[19763]: [MSGID00337-vendor] MAC prefix '00:80:C6' not 
found in vendor database
May 29 16:14:35 hagate ntop[19763]: [MSGID00337-vendor] MAC prefix '00:03:B2' not 
found in vendor database
May 29 16:14:35 hagate ntop[19763]: [MSGID00337-vendor] MAC prefix '00:04:9A' not 
found in vendor database
May 29 16:14:35 hagate ntop[19763]: [MSGID00337-vendor] MAC prefix '00:90:27' not 
found in vendor database
May 29 16:14:35 hagate ntop[19763]: [MSGID00814-hash] Extending hash size 
[32->512][deviceId=0]
May 29 16:14:35 hagate ntop[19763]: [MSGID00337-vendor] MAC prefix '00:40:F4' not 
found in vendor database
May 29 16:14:36 hagate ntop[19763]: [MSGID00337-vendor] MAC prefix '00:03:B2' not 
found in vendor database
May 29 16:14:36 hagate ntop[19763]: [MSGID00337-vendor] MAC prefix '00:40:10' not 
found in vendor database
May 29 16:14:44 hagate ntop[19763]: [MSGID00337-vendor] MAC prefix '00:03:42' not 
found in vendor database
May 29 16:14:50 hagate ntop[19763]: [MSGID00344-util] Processing RRD parameter 
'aa.bb.cc.0/26,192.168.1.0/24'
May 29 16:15:12 hagate ntop[19763]: [MSGID00337-vendor] MAC prefix '00:08:74' not 
found in vendor database
May 29 16:15:35 hagate ntop[19763]: [MSGID00450-hash] IDLE_PURGE: purgeIdleHosts 
firstRun (mutex every 64 times through the loop) 
May 29 16:15:35 hagate ntop[19763]: [MSGID00489-hash] IDLE_PURGE: Device 0(dc0), up to 
53 of 512 hosts
May 29 16:15:35 hagate ntop[19763]: [MSGID00539-hash] IDLE_PURGE: FINISHED selection, 
0 hosts selected
May 29 16:15:35 hagate ntop[19763]: [MSGID00583-hash] IDLE_PURGE: Device 0: no hosts 
deleted
May 29 16:15:35 hagate ntop[19763]: [MSGID00489-hash] IDLE_PURGE: Device 1(dc2), up to 
8 of 32 hosts
May 29 16:15:35 hagate ntop[19763]: [MSGID00539-hash] IDLE_PURGE: FINISHED selection, 
0 hosts selected
May 29 16:15:36 hagate ntop[19763]: [MSGID00583-hash] IDLE_PURGE: Device 1: no hosts 
deleted
May 29 16:16:16 hagate ntop[19763]: [MSGID00337-vendor] MAC prefix '00:A0:65' not 
found in vendor database

[Ntop] Re: PR_8ZCKFWB - Can Only Display One Local Net At A Time; Only Partial Stats Collected For 2nd Net

Reply via email to