Looks like its time to buy a bigger pipe or disable by default autoversion
checking. I think its probably safer to disable automatic version checking
for the end user.
Like the old saying give them an inch and they take the whole yard. Or it
takes one bad apple to spoil the bunch.
-Original
Looks like its time to buy a bigger pipe or disable by default autoversion
checking. I think its probably safer to disable automatic version checking
for the end user.
Like the old saying give them an inch and they take the whole yard. Or it
takes one bad apple to spoil the bunch.
-Original
That would take heavy duty hardware, Since not only do you have to inspect
every single TCP session concurrently regardless of port for application
layer signatures that match Kazaa etc... it would also suck up major memory.
You are probably better off running SNORT 2.1x + the ACID/MYSQL addon
No bugs that I can identify, ASN stuff works the charts look good and the
session tracking etc.. I guess 3.0 release is around the corner :)
I have it plugged in a 100mb pipe right now monitoring all our mail servers
(about 200+ servers) and hundreds of thousands of contacts.
The later CVS's seem to give me this error when
loading the rrd plugin
I am running fedora Core-1 and verified that the rrd files
are in the directory but it seems like something is wrong with GD??
Wed Feb 4 09:07:47 2004 **WARNING** Unable to load plugin
PROTECTED]
Subject: Re: [Ntop-dev] RRD undefined symbol
Hi
Quoting Horta, Benny [EMAIL PROTECTED]:
The later CVS's seem to give me this error when loading the rrd plugin
I am running fedora Core-1 and verified that the rrd files are in the
directory but it seems like something is wrong with GD
Just downloaded the CVS today
I did the basics
cvs -d :pserver:[EMAIL PROTECTED]:/export/home/ntop login
cvs -d :pserver:[EMAIL PROTECTED]:/export/home/ntop checkout ntop
./configure
make
make install
then when I do
the following it dies right off the bat this happens with Fedora
mailto:[EMAIL PROTECTED]
Horta, Benny
[EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
ols.net cc:
Sent by: Subject: [Ntop-dev] NTOP Segmentation fault on two different distros
[EMAIL PROTECTED]
ipi.it
01/30/2004 01:17
PM
Please respond to
ntop-dev
Title: successful fedora install + instructions
You might want to add some of this to the FAQ even the CVS part since most people might not know how to add env variables etc... so doing the cvs -d saves you the trouble of figuring things out, and the rest is stuff for fedora-1 core
With
-Original Message-
From: Burton M. Strauss III
[mailto:[EMAIL PROTECTED]
Sent: Thursday, October 23, 2003 11:31 AM
To: [EMAIL PROTECTED]
Subject: RE: [Ntop] NTOP refuses
to use libpng
Benny, Benny, Benny - You
of all people... it's in docs/FAQ:
Q. When I run
I try compiling the current CVS and even though I have the
packages installed in RH it will think libpng is is not installed.
checking for pcap...
checking pcap.h usability... yes
checking pcap.h presence... yes
checking for pcap.h... yes
checking for pcap_open_live in -lpcap...
Title: blaster.exe worm, ntop
ntop --disable-instantsessionpurge -c -g -o -u root -i eth0 -B tcp port 135 -m xx.xxx.xxx.xxx/xx
xxx.xxx.xxx.xxx is your local subnet with /xx subnetmask.
Place the ntop probe right behind the firewall and you will be able to identify machines trying to scan
Title: RE: [Ntop] local-subnets
- m 192.168.1.0/28 -B not host 192.168.1.13 and not host 192.168.1.14
that should work out the filter _expression_ will drop 13 and 14 since the subnet of 28 is a network of 14 hosts
-Original Message-
From: Steve Abrahall [mailto:[EMAIL
Title: do I have the wrong version of libpng?
I downloaded the current CVS and on compile I get the error below. I am running redhat 9 and verified the existence of libpng version 1.2.2 png and png-devel. am I supposed to run 1.2.5?
Title: ntop user interface issue
Ntop should provide information regarding the default path it is trying to put stuff in so the end user can make the appropriate directory. this only happens on a brand new install
SSL is present but https is disabled: use -W https port for enabling it
Title: current ntop CVS stuck in time??
I compiled the current ntop 2.1.53 and everything works fine except the network load statistics seems broken, the sampling period seems to keep going in circles, you will see it display 6 sampling periods and stop, then the times overwrite each other
Title: cannot see sessions latest CVS help?
I tried different machines still cannot track TCP sessions, older versions help. running the current CVS 2.1.52 and the parameters are ntop -u daemon -i eth1
nothing special. anyone else having issues?
Title: weird, current ntop does not see sessions all else okay
Ran it with the basics and no sessions are inspected even running it as ntop -u daemon -i eth1 and no other command lines
ntop version.2.1.52
Built on.11/18/02 09:58:07 AM
OS.i686-pc-linux-gnu
Process Id.2913
Title: RE: [Ntop] Ntop sessiontracking disabled?
okay the new CVS took care of the confusing extra -z, but by default shouldn't -z be disabled by default be (no) instead of disabled by default.
Title: make census
Once
ntop hits around 16k hash (110mb) with plenty of ram sitting around the CPU
stays at 99% is this Hash processing overhead even if traffic drops cpu never
goes below 99 I tried 2.1.3 and the latest CVS to verify any version issues.
same result.
Title: RE: [Ntop] Command line suggestions. Was Large hash
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Welcome to the world of big pipes and limitations of current
technology :) If your trying to run NTOP on a border pipe to the the
internet, good luck expect to enter the VIP club of
Title: oops forgot devcomp on latest cvs
forgot decomp on the latest cvs?
anyhow here is a link to it
http://www.fastcgi.com/devkit/depcomp
just stick it in the ntop directory, chmod +x and it should compile fine :)
BTW I like the new bars and the changing of the charts for types
Title: RE: [Ntop] reseting connection ?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
if you want to do RST'ing to kill specific traffic you need to use
something like snort 1.8.7 compiled with flexresp support. then you
can reset specific traffic like napster,mail virus traffic etc..
-
Title: oops forgot devcomp on latest cvs
forgot decomp on the latest cvs?
anyhow here is a link to it
http://www.fastcgi.com/devkit/depcomp
just stick it in the ntop directory, chmod +x and it should compile fine :)
BTW I like the new bars and the changing of the charts for types
Title: NTOP 2.1.50 very stable
Very stable so far, 2.1.50 is running solid on a WAN circuit that peaks at 28mbit at times (averages 9mbit), no problems compiling, so far no memory leaks. hash size has been 8k and steady at 8k. not only is 2.1.50 solid its running on a box doing duty as a
Title: compiled NTOP using -O3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Any issues running ntop 2.1.50 compiled with the -O3 flags, I
recompiled and it seems to work okay cpu is around 40-45 percent on a
65megabit backbone. PC is a p4 1.5ghz but only has 256mb of ram
though
Title: limiting HASH size
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
is there a way to limit the hashsize to a max of 16k in ntop.h or
hash.c?
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com
Title: The Hash Barrier 100megabit, 94,000 host enviroment
Well it looks like around 42,000-48,000 entries will use up 512megs of memory.
hopefully soon I will be able to come across a box that will support 2 gigabytes of RAM
anyone using NTOP on large networks 50+ megabits?
right now
Title: RE: [Ntop-dev] Test - Disregard
hey another public school person :)
Test - testing email configuration, please disregard
Walter Brock
Network Manager
Frostproof Middle/Senior High School
Frostproof FL
___
Ntop-dev mailing list
[EMAIL
29 matches
Mail list logo
