I think I figured it out. As stated I have two NICs in this machine, one for access the box and one to mirror/span the port of all out in/out traffic. The NIC ntop was using I had set with a real IP on our network. I changed it to 1.1.1.1 255.255.255.255 and everything seems great. I did nothing special in the start command, just ntop -w 3000. Still running FreeBSD 5.4 rel. For anyone else, I installed this from the port and let it go out and grab what it needed.
Before I switched the NIC, I did notice that whenever I would try and drill down to a host, graph or anything besides the summary page after the first five minutes, it would hang and eventually time out. Doing a top -b showed one process of ntop running as nobody. Once I tried to say view hosts, another process from ntop would start using nobody and hang. Dang, as I was typing, it just hung again. Not sure what is going on: PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 6209 nobody 122 0 60292K 47724K RUN 1:03 28.86% 28.86% ntop 6200 nobody 122 0 60228K 47696K RUN 2:51 28.81% 28.81% ntop 6226 nobody 122 0 60768K 48232K RUN 0:02 21.47% 6.35% ntop 588 nobody 121 0 60576K 48156K RUN 179:51 0.54% 0.54% ntop Any ideas why these sessions maybe hanging? Thanks -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss Sent: Wednesday, September 28, 2005 5:27 PM To: [email protected] Subject: RE: [Ntop] Performance and hanging I wouldn't abandon 5.4 - Luca does some development in that environment and we have plenty of users running there... Top 10 OS/Distro are currently 22012 Linux 3680 Windows WinNT/2K/XP 2029 Unknown Windowsv3.1 800 Unknown Windowsv3.0 323 FreeBSD 5.4 259 FreeBSD 5.3 211 FreeBSD 6.0 159 Darwin 7.7.0 117 FreeBSD 5.2.1 111 FreeBSD 4.10 -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rader, D. Alan Sent: Wednesday, September 28, 2005 4:30 PM To: [email protected] Subject: RE: [Ntop] Performance and hanging Ok, I feel like one those idiots on mailing lists now that every hates. I was looking all over ntop's site, plus Freebsd's site with no luck. I did google searches, but not specific enough as stated in the doc/FAQs. Now that I have read some of it, I am going to start over from scratch. First thing is get rid of 5.4 and go back to 5.1 which is stated to be known to work. Thanks and hopefully my next posts will be a little more worthy if needed. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss Sent: Wednesday, September 28, 2005 2:54 PM To: [email protected] Subject: RE: [Ntop] Performance and hanging (1) Read the RIGHT FAQ - the one on ntop.org is cr*p. You can get access to it throught the source or directly from the ntop web server - look on the 1st menu. (2) Read the articles - if you are in a switched environment you may need --no-mac. (3) Name resolution is asynchronous. Just because ntop doesn't know it NOW does not imply it couldn't learn the resolution later on, either by DNS sniffing or a direct query - read the article in docs/FAQ. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rader, D. Alan Sent: Wednesday, September 28, 2005 2:42 PM To: [email protected] Subject: RE: [Ntop] Performance and hanging I don't think it is necessarily a problem with resolving names. I would think that if it can't resolve a name, it would just list it by IP. So on that note, any other suggestions? I looked on ntop.org and didn't see a doc/FAQ. I did find a FAQ under another section, but nothing about my OS. I also looked on FreeBSD site, did a search for name resolution and for asynchronous and couldn't find anything related. Can you be more specific as to where these articles might be? Thanks -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rader, D. Alan Sent: Wednesday, September 28, 2005 12:24 PM To: [email protected] Subject: RE: [Ntop] Performance and hanging Version 3.1. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss Sent: Wednesday, September 28, 2005 11:48 AM To: [email protected] Subject: RE: [Ntop] Performance and hanging Which version of ntop is this? You should also read the articles in docs/FAQ on FreeBSD... Similarly the articles on name resolution (hint: it's asynchronous). -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rader, D. Alan Sent: Wednesday, September 28, 2005 11:38 AM To: [email protected] Subject: [Ntop] Performance and hanging I just got ntop up and running on FreeBSD 5.4 stable. Nothing else is running on this machine. The performance is terrible, within the first few minutes of starting the ntop service I can get to most pages viewing hosts etc. After about five minutes about the only page I can get to is the Traffic summary. If I try and view Summary - Hosts, it acts like it is loading but then eventually times out. We have about 750 clients on our network. I am monitoring the port in which our firewall is plugged into so I can get all traffic to the internet. Our main switch is a 6500 series and I am spanning the port our PIX 525 is plugged into. It also looks like it may not be resolving names correctly. For example I uploaded a big file to a server on the internet. Under IP - Traffic - Summary it shows the server I am uploading to at the very top. Below that is a machine that matches the data amount in the data column, yet the name showing up is not the name of the machine I am using. Also I am using FTP and nothing is showing up in the FTP column. There server is a HP DL380, 1.4Ghz, 1.5Gb ram, 4 x 18gb drives in raid 5 I believe. This server also has two gigabit ethernet nics. One is used to watch the traffic, the other is used to access the box. I am a newbie to both unix and ntop, so I don't know really what to do to begin troubleshooting this. Any help would be much appreciated. Thanks Alan -------------------------------------------- ATTENTION: To ensure compliance with applicable Internal Revenue Service Regulations, we inform you that any tax advice contained in this electronic message was not intended or written to be used, and cannot be used, for the purpose of avoiding penalties under the Internal Revenue Code. This message and all attachments are PRIVATE, and may contain information that is CONFIDENTIAL and PRIVILEGED. If you received this message in error, please notify the sender by reply e-mail and delete the message immediately. _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop -------------------------------------------- ATTENTION: To ensure compliance with applicable Internal Revenue Service Regulations, we inform you that any tax advice contained in this electronic message was not intended or written to be used, and cannot be used, for the purpose of avoiding penalties under the Internal Revenue Code. This message and all attachments are PRIVATE, and may contain information that is CONFIDENTIAL and PRIVILEGED. If you received this message in error, please notify the sender by reply e-mail and delete the message immediately. _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop -------------------------------------------- ATTENTION: To ensure compliance with applicable Internal Revenue Service Regulations, we inform you that any tax advice contained in this electronic message was not intended or written to be used, and cannot be used, for the purpose of avoiding penalties under the Internal Revenue Code. This message and all attachments are PRIVATE, and may contain information that is CONFIDENTIAL and PRIVILEGED. If you received this message in error, please notify the sender by reply e-mail and delete the message immediately. _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop -------------------------------------------- ATTENTION: To ensure compliance with applicable Internal Revenue Service Regulations, we inform you that any tax advice contained in this electronic message was not intended or written to be used, and cannot be used, for the purpose of avoiding penalties under the Internal Revenue Code. This message and all attachments are PRIVATE, and may contain information that is CONFIDENTIAL and PRIVILEGED. If you received this message in error, please notify the sender by reply e-mail and delete the message immediately. _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop -------------------------------------------- ATTENTION: To ensure compliance with applicable Internal Revenue Service Regulations, we inform you that any tax advice contained in this electronic message was not intended or written to be used, and cannot be used, for the purpose of avoiding penalties under the Internal Revenue Code. This message and all attachments are PRIVATE, and may contain information that is CONFIDENTIAL and PRIVILEGED. If you received this message in error, please notify the sender by reply e-mail and delete the message immediately. _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
