Make sure that NIC is really going into promiscuous mode? Maybe the driver needs updating or a different driver? I've seen plenty of windoze installs that have all the current SP's, yet drivers are 4 and 5 years old.
Gary >>> [EMAIL PROTECTED] 11/23/2006 11:16:03 AM >>> I notice a strange behaviour of Ntop and I would like to share my experience with you, with the hope to fix my issues. Recently I installed a Win32 version (Openxtra) of Ntop on my machine running XP+SP2. On my computer two network interfaces are configured: one Ethernet interface is built-in together with the motherboard and another one is a PCI wireless network card. On the first (Ethernet) interface Ntop works pretty fine and records all the traffic regularly. When I change preferences to monitor the traffic coming from the second network interface (wireless) no data is recorded. I am sure that a lot of traffic is passing through that network card since that's the only interface connected to the Internet and I always keep a file-sharing program turned on. What's weird is that no errors are spawn by the program, which seems to work great (even though no traffic is recorded on the proper intreface) as much as it does with ethernet card. What's going on? Can someone help me? Below you will find the first startup lines printed on the consolle Thanks a lot. Federico F:\Programmi\OPENXTRA\NTopWin32>ntop /c -i 2 Running ntop for Win32. 11/23/06 16:00:08 THREADMGMT[t3916]: ntop RUNSTATE: PREINIT(1) 11/23/06 16:00:08 THREADMGMT[t3916]: ntop RUNSTATE: INIT(2) 11/23/06 16:00:08 NOTE: Interface merge enabled by default 11/23/06 16:00:08 Initializing gdbm databases 11/23/06 16:00:08 NOTE: Interface merge disabled from prefs file 11/23/06 16:00:08 ntop v.3.2 11/23/06 16:00:08 Configured on (null), built on Nov 2005. 11/23/06 16:00:08 Copyright 1998-2005 by Luca Deri <[EMAIL PROTECTED]> 11/23/06 16:00:08 Get the freshest ntop from http://www.ntop.org/ 11/23/06 16:00:08 Initializing ntop 11/23/06 16:00:08 Resetting traffic statistics for device IEEE 802.11g PCI Wireless Network Adapter-PC31_2 11/23/06 16:00:08 DLT: Device 0 [\Device\NPF_{40ED907C-0FAC-4B22-9AFD-4C33C6927 030}] is 1, mtu 1514, header 14 11/23/06 16:00:08 Initializing gdbm databases 11/23/06 16:00:08 VENDOR: Loading MAC address table. 11/23/06 16:00:08 VENDOR: Checking for MAC address table file 11/23/06 16:00:08 VENDOR: File '.\specialMAC.txt' does not need to be reloaded 11/23/06 16:00:08 VENDOR: ntop continues ok 11/23/06 16:00:08 VENDOR: Checking for MAC address table file 11/23/06 16:00:08 VENDOR: File '.\oui.txt' does not need to be reloaded 11/23/06 16:00:08 VENDOR: ntop continues ok 11/23/06 16:00:08 Fingeprint: Loading signature file. 11/23/06 16:00:08 ASN: Checking for Autonomous System Number table file 11/23/06 16:00:08 ASN: Loading file '.\AS-list.txt' 11/23/06 16:00:09 ASN: ...found 111435 lines 11/23/06 16:00:09 ASN: ....Used 3780 KB of memory (12 per entry) 11/23/06 16:00:09 I18N: This instance of ntop does not support multiple languag es 11/23/06 16:00:09 IP2CC: Checking for IP address <-> Country Code mapping file 11/23/06 16:00:09 IP2CC: Loading file '.\p2c.opt.table' 11/23/06 16:00:09 IP2CC: ...found 52395 lines 11/23/06 16:00:09 GDVERCHK: Guessing at libgd version 11/23/06 16:00:09 GDVERCHK: ... as 2.x 11/23/06 16:00:09 Initializing external applications 11/23/06 16:00:09 THREADMGMT[t131680]: NPA: Started thread for network packet a nalyzer 11/23/06 16:00:09 THREADMGMT[t131692]: SFP: Started thread for fingerprinting 11/23/06 16:00:09 THREADMGMT[t131688]: SIH: Started thread for idle hosts detec tion 11/23/06 16:00:09 THREADMGMT[t131656]: DNSAR(1): Started thread for DNS address resolution 11/23/06 16:00:09 THREADMGMT[t2240]: NPA: network packet analyzer (packet proce ssor) thread running [p832] 11/23/06 16:00:09 THREADMGMT[t2600]: SFP: Fingerprint scan thread starting [p83 2] 11/23/06 16:00:09 THREADMGMT[t2432]: SIH: Idle host scan thread starting [p832] 11/23/06 16:00:09 THREADMGMT[t3028]: DNSAR(1): Address resolution thread runnin g [p832] 11/23/06 16:00:09 Calling plugin start functions (if any) 11/23/06 16:00:09 INITWEB: Initializing web server 11/23/06 16:00:09 INITWEB: Initializing tcp/ip socket connections for web serve r 11/23/06 16:00:09 INITWEB: Initialized socket, port 3000, address (any) 11/23/06 16:00:09 INITWEB: Waiting for HTTP connections on port 3000 11/23/06 16:00:09 INITWEB: Starting web server 11/23/06 16:00:09 THREADMGMT[t131644]: INITWEB: Started thread for web server 11/23/06 16:00:09 WEB: ntop's web server is now processing requests 11/23/06 16:00:09 Listening on [IEEE 802.11g PCI Wireless Network Adapter-PC31_ 2] 11/23/06 16:00:09 Loading Plugins 11/23/06 16:00:09 ICMP: Welcome to ICMP Watch. (C) 1999-2005 by Luca Deri 11/23/06 16:00:09 SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri 11/23/06 16:00:09 NETFLOW: Welcome to NetFlow.(C) 2002-05 by Luca Deri 11/23/06 16:00:09 RRD: Welcome to Round-Robin Databases. (C) 2002-04 by Luca De ri. 11/23/06 16:00:09 Calling plugin start functions (if any) 11/23/06 16:00:09 NETFLOW: Welcome to the netFlow plugin 11/23/06 16:00:09 NETFLOW: no devices to initialize 11/23/06 16:00:09 RRD: Welcome to the RRD plugin 11/23/06 16:00:09 THREADMGMT: RRD: Started thread (t131616) for data collection 11/23/06 16:00:09 THREADMGMT[t592]: RRD: Data collection thread starting [p832] 11/23/06 16:00:09 Note: Reporting device initally set to 0 [IEEE 802.11g PCI Wi reless Network Adapter-PC31_2] 11/23/06 16:00:09 THREADMGMT[t3916]: ntop RUNSTATE: RUN(4) 11/23/06 16:00:09 THREADMGMT[t131768]: NPS(1): Started thread for network packe t sniffing 11/23/06 16:00:09 THREADMGMT[t420]: NPS(1,IEEE 802.11g PCI Wireless Network Ada pter-PC31_2): pcapDispatch thread starting [p832] 11/23/06 16:00:09 THREADMGMT[t420]: NPS(1,IEEE 802.11g PCI Wireless Network Ada pter-PC31_2): pcapDispatch thread running [p832] 11/23/06 16:00:09 THREADMGMT[t2600]: SFP: Fingerprint scan thread running [p832 ] 11/23/06 16:00:09 THREADMGMT[t2432]: SIH: Idle host scan thread running [p832] 11/23/06 16:00:19 THREADMGMT[t131536]: RRD: Started thread for throughput data collection 11/23/06 16:00:19 THREADMGMT[t2148]: RRD: Throughput data collection: Thread st arting [p832] 11/23/06 16:00:22 THREADMGMT[t2148]: RRD: Throughput data collection: Thread ru nning [p832] 11/23/06 16:00:22 THREADMGMT[t592]: RRD: Data collection thread running [p832] ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
