RE: [Ntop] Problem running Win32 version with -f and tcpdump file

Nik Barron Mon, 24 Sep 2007 02:46:12 -0700

Hi,

Some further info... By playing on a Linux install I found you need to
specify local subnets with -m when using -f. This gets round my initial
problem (ntop immediately exiting), but unfortunately now it crashes as
soon as it starts up, e.g.


        C:\Program Files\Utils\ntop-Win32>ntop /c -f
d:\temp\ta\eth2c0-pssl-generic.dmp -m 10.50.2.0/24
        Running ntop for Win32.
        09/24/07 10:41:04  THREADMGMT[t3456]: ntop RUNSTATE: PREINIT(1)
        09/24/07 10:41:04  THREADMGMT[t3456]: ntop RUNSTATE: INIT(2)
        09/24/07 10:41:04  NOTE: Interface merge enabled by default
        09/24/07 10:41:04  Initializing gdbm databases
        09/24/07 10:41:04  ntop v.3.3.3
        09/24/07 10:41:04  Configured on ntop-factory.ntop.org, built on
07/09/07 22:49:24.
        09/24/07 10:41:04  Copyright 1998-2007 by Luca Deri
<[EMAIL PROTECTED]>
        09/24/07 10:41:04  Get the freshest ntop from
http://www.ntop.org/
        09/24/07 10:41:04  Initializing ntop
        09/24/07 10:41:04  Creating dummy interface, 'none'
        09/24/07 10:41:04  Resetting traffic statistics for device
d:/temp/ta/eth2c0-pssl-generic.dmp
        09/24/07 10:41:04  Initializing device none (0)
        09/24/07 10:41:04  DLT: Device 0 [none] is 1, mtu 1514, header
14
        09/24/07 10:41:04  Initializing gdbm databases
        09/24/07 10:41:04  VENDOR: Loading MAC address table.
        09/24/07 10:41:04  VENDOR: Checking for MAC address table file
        09/24/07 10:41:04  VENDOR: File '.\specialMAC.txt' does not need
to be reloaded
        09/24/07 10:41:04  VENDOR: ntop continues ok
        09/24/07 10:41:04  VENDOR: Checking for MAC address table file
        09/24/07 10:41:04  VENDOR: File '.\oui.txt' does not need to be
reloaded
        09/24/07 10:41:04  VENDOR: ntop continues ok
        09/24/07 10:41:04  Fingerprint: Loading signature file
        09/24/07 10:41:04  Fingerprint: Checking for Fingerprint file...
file
        09/24/07 10:41:04  Fingerprint: Loading file '.\etter.finger.os'
        09/24/07 10:41:04  Fingerprint: ...loaded 1697 records
        09/24/07 10:41:04  ASN: Checking for Autonomous System Number
table file
        09/24/07 10:41:04  **WARNING** ASN: Unable to open file
'AS-list.txt'
        09/24/07 10:41:04  I18N: This instance of ntop does not support
multiple languages
        09/24/07 10:41:04  IP2CC: Checking for IP address <-> Country
Code mapping file
        09/24/07 10:41:04  IP2CC: Loading file '.\p2c.opt.table'
        09/24/07 10:41:04  IP2CC: ...found 52395 lines
        09/24/07 10:41:05  **ERROR** Failed to connect to MySQL: Can't
connect to MySQL server on 'localhost' (10061) [localhost
        :root::ntop]
        09/24/07 10:41:05  Initializing external applications
        09/24/07 10:41:05  THREADMGMT[t131508]: NPA: Started thread for
network packet analyzer (d:/temp/ta/eth2c0-pssl-generic.
        dmp)
        09/24/07 10:41:05  THREADMGMT[t131516]: SFP: Started thread for
fingerprinting
        09/24/07 10:41:05  THREADMGMT[t131520]: SIH: Started thread for
idle hosts detection
        09/24/07 10:41:05  THREADMGMT[t131528]: DNSAR(1): Started thread
for DNS address resolution
        09/24/07 10:41:05  THREADMGMT[t131532]: DNSAR(2): Started thread
for DNS address resolution
        09/24/07 10:41:05  THREADMGMT[t131536]: DNSAR(3): Started thread
for DNS address resolution
        09/24/07 10:41:05  Calling plugin start functions (if any)
        09/24/07 10:41:05  INITWEB: Initializing web server
        09/24/07 10:41:05  INITWEB: Initializing TCP/IP socket
connections for web server
        09/24/07 10:41:05  INITWEB: Initialized socket, port 3000,
address (any)
        09/24/07 10:41:05  INITWEB: Waiting for HTTP connections on port
3000
        09/24/07 10:41:05  INITWEB: Starting web server
        09/24/07 10:41:05  THREADMGMT[t1028]: NPA: network packet
analyzer (packet processor) thread running [p2268]
        09/24/07 10:41:05  THREADMGMT[t3492]: SFP: Fingerprint scan
thread starting [p2268]
        09/24/07 10:41:05  THREADMGMT[t2712]: SIH: Idle host scan thread
starting [p2268]
        09/24/07 10:41:05  THREADMGMT[t3192]: DNSAR(1): Address
resolution thread running
        09/24/07 10:41:05  THREADMGMT[t2864]: DNSAR(2): Address
resolution thread running
        09/24/07 10:41:05  THREADMGMT[t3132]: DNSAR(3): Address
resolution thread running
        09/24/07 10:41:05  THREADMGMT[t131580]: INITWEB: Started thread
for web server
        09/24/07 10:41:05  Listening on [pcap file]
        09/24/07 10:41:05  Loading Plugins
        09/24/07 10:41:05  ICMP: Welcome to ICMP Watch. (C) 1999-2005 by
Luca Deri
        09/24/07 10:41:05  SFLOW: Welcome to sFlow.(C) 2002-04 by Luca
Deri
        09/24/07 10:41:05  WEB: ntop's web server is now processing
requests
        09/24/07 10:41:05  NETFLOW: Welcome to NetFlow.(C) 2002-07 by
Luca Deri
        09/24/07 10:41:05  RRD: Welcome to Round-Robin Databases. (C)
2002-07 by Luca Deri.
        09/24/07 10:41:05  Calling plugin start functions (if any)
        09/24/07 10:41:05  RRD: Welcome to the RRD plugin
        09/24/07 10:41:05  RRD_DEBUG: Parameters:
        09/24/07 10:41:05  RRD_DEBUG:     dumpInterval 300 seconds
        09/24/07 10:41:05  RRD_DEBUG:     dumpShortInterval 10 seconds
        09/24/07 10:41:05  RRD_DEBUG:     dumpHours 72 hours by 300
seconds
        09/24/07 10:41:05  RRD_DEBUG:     dumpDays 90 days by hour
        09/24/07 10:41:05  RRD_DEBUG:     dumpMonths 36 months by day
        09/24/07 10:41:05  RRD_DEBUG:     dumpDomains no
        09/24/07 10:41:05  RRD_DEBUG:     dumpFlows no
        09/24/07 10:41:05  RRD_DEBUG:     dumpSubnets no
        09/24/07 10:41:05  RRD_DEBUG:     dumpHosts no
        09/24/07 10:41:05  RRD_DEBUG:     dumpInterfaces yes
        09/24/07 10:41:05  RRD_DEBUG:     dumpASs yes
        09/24/07 10:41:05  RRD_DEBUG:     dumpMatrix no
        09/24/07 10:41:05  RRD_DEBUG:     dumpDetail high
        09/24/07 10:41:05  RRD_DEBUG:     hostsFilter
        09/24/07 10:41:05  RRD_DEBUG:     rrdPath C:\Program
Files\Utils\ntop-Win32\3697258935\rrd [normal]
        09/24/07 10:41:05  RRD_DEBUG:     rrdPath C:\Program
Files\Utils\ntop-Win32 [throughput]
        09/24/07 10:41:05  THREADMGMT: RRD: Started thread (t131596) for
data collection
        09/24/07 10:41:05  THREADMGMT[t1792]: RRD: Data collection
thread starting [p2268]
        09/24/07 10:41:05  Note: Reporting device initally set to 0
[d:/temp/ta/eth2c0-pssl-generic.dmp] (merged)
        09/24/07 10:41:05  THREADMGMT[t3456]: ntop RUNSTATE: RUN(4)
        09/24/07 10:41:05  THREADMGMT[t2784]:
NPS(d:/temp/ta/eth2c0-pssl-generic.dmp): pcapDispatch thread starting
[p2268]
        09/24/07 10:41:05  THREADMGMT[t2784]:
NPS(d:/temp/ta/eth2c0-pssl-generic.dmp): pcapDispatch thread running
[p2268]
        09/24/07 10:41:05  THREADMGMT[t131604]: NPS(1): Started thread
for network packet sniffing [pcap-file]
        09/24/07 10:41:06  THREADMGMT[t3492]: SFP: Fingerprint scan
thread running [p2268]
        09/24/07 10:41:06  THREADMGMT[t2712]: SIH: Idle host scan thread
running [p2268]                            

        Message box with "ntop.exe has generated errors and will be
closed by Windows".

This is with the same dump file that runs OK on the Linux box (my
Windows PC is much faster than the Linux machine, hence my desire to do
the analysis on it).

Nik


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

RE: [Ntop] Problem running Win32 version with -f and tcpdump file

Reply via email to