Hi Burton,
Thanks for your suggestions. I've installed it and it works fine. However, I am a bit
confused regarding the physical setup.
My Ntop box is on a separate hub with our gateway box. It only has one nic though. Do
I have to change something in this setup? Do I have to put one more nic
To clarify, I am using gnu make I have /usr/local/bin first in my path, which is where
gnu make named simply make is located. I tried ver 3.80, and now am using 3.79 since
it worked on my linux/x86 box.
make -v
GNU Make version 3.79..
g
-Original Message-
From: Burton M. Strauss
Sorry if my message had any unintended tude. I'm running 2.1.5, I'll
update.
-Original Message-
From: Burton Strauss [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003 6:22 AM
To: [EMAIL PROTECTED]
Subject: Re: [Ntop] Syslog getting spammed with Mutex errors
Lose the 'tude and
hi,dear sir:
Now,I run ntop-2.1.58 for redhat8.0,that run every half hours,then
crash(segment fault),so I read FAQ,use gdb to check this,that is 'bt full' output:
#0 0x40106e07 in updateInterfacePorts (actualDeviceId=0, sport=4540, dport=1135,
length=117) at pbuf.c:595
No locals.
#1
Gang: FYI...
-Original Message-
From: Alex Bajan [mailto:[EMAIL PROTECTED]
Sent: Friday, March 28, 2003 11:05 AM
To: 'Burton M. Strauss III'
Subject: 3409023937 Listing was terminated following revue Thank you for
your advice
3409023937 Listing was terminated following revue Thank
Title: Nachricht
correction:
Host2
is only listed as "Cisco CDPD/VTP" without
any IP
Thomas
PagelSenior Consultant Business
Intelligence
Software4You Planungssysteme GmbH Niederlassung PaderbornHauptstraße
3533178 Borchen (Germany)
tel.:
+49 (5251) 54009-11
mob.: +49 (172)
S:
I've got no clue either, it's YOUR file grin
Seriously, the real question is what causes a file error 2 (ENOENT) on
FreeBSD... the patch in the cvs prints the file name too, so we can check
if that's being corrupted. Otherwise, all I can guess is some kind of file
system corruption - might
2.1.50? - that's pretty old
It should be solved in 2.1.90 and the cvs.
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lance
Lloyd
Sent: Thursday, March 27, 2003 10:24 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [Ntop] Syslog getting spammed with
Title: Wrong Flag
The
data is derived from the registry provided tables - RIPE in your
case.
Three
thoughts, one is that they've updated their data since the p2c table you have (I
updated it in the cvs this weekend with the March data).
Second
thought is that you're getting service
That's right, isn't it?
The 01: is the multicast bit and 01:00:0c:cc:cc:cc is listed in most lists
as Cisco CDPD/VTP...
It's one of those odd, pre-IANA pre-IEEE assignments, where companies picked
what they wanted and there weren't enough in the market to cause problems,
but not all of them were
Read the code ... it's not a matter of optimizing, it's a matter of
disabling features.
$ grep --line-number -A5 myGlobals.largeNetwork *.c
hash.c:778: if(!myGlobals.largeNetwork)
hash.c-779- el-portsUsage = (PortUsage**)calloc(sizeof(PortUsage*),
MAX_ASSIGNED_IP_PORTS);
hash.c-780-
That code should be pretty simple - it's a JIT allocator of the structure:
void updateInterfacePorts(int actualDeviceId, u_short sport, u_short dport,
u_int length) {
if((sport = MAX_IP_PORT) || (dport = MAX_IP_PORT))
return;
#ifdef CFG_MULTITHREADED
accessMutex(myGlobals.gdbmMutex,
Sorry, my fault That's why I have an odd MAC for the Cisco... But all the other
issues are not affected by this... In my example Host1 and Host3 are still mixed up...
Thomas Pagel
Senior Consultant Business Intelligence
Software4You Planungssysteme GmbH
Niederlassung Paderborn
Title: Nachricht
I
guess I'll get into trouble rebuilding the lists, I was one of the "not UNIX
speaking people" paying 50 for the ready-to-use download for
Win32...
Redirection might be the case...,but in the
meantime I got a flag of UA for one of my local hosts
Thomas
PagelSenior
I would suspect a dns problem...
Look at the data in info.html on dns - see where it's getting the resolution
(sniffing vs. queries) and try to do your own nslookups...
Also check your switches - some of them rewrite the monitor port data with
their own MAC address, which confuses ntop - You
You know, that sounds like a corrupted p2c.opt.table file...
Check the log messages from the read (you may have to temporarily log more -
I think I've cleaned it up in .90+, but it may not tell you unless you turn
on noisy (-t 4) in .90 or -t 3 in earlier versions). It should tell you how
many
Remember - it only takes one packet, not even an ack, for ntop to create a
host record. If that's wrong, it will carry forward - you'll probably see
the host tagged as 'Multihomed'.
Host 1: IP 192.168.1.1 MAC 00:00:00:aa:aa:aa
Host 3: IP 192.168.1.3 MAC 00:00:00:cc:cc:cc
If somebody has the
Some feedback from Mr. Anon E. Mouse:
As for the wrong flags seen by another person:
I occasionally see an Swedish akamai server when
browsing German news sites, e.g.
# whois 213.61.5.0
..
inetnum: 213.61.5.0 - 213.61.5.127
netname:
Under my Debian (Testing with a 2.4.20 kernel) i installed ntop v.2.1.0
(apt-get install ntop).
Unfortunately at boot start, the launch of ntop failed
The error is :
ntop uses obsolete (PF_INET,SOCK_PACKET)
I found only one topic on this problem
are available. These are the standard 1.0.41's with the one line patch that
ntop prefers. Since the release date of .42 is unknown, I've made these
available.
Comments/Questions/Issues to ntop-dev, please
-Burton
___
Ntop mailing list
[EMAIL
For the record, these are the updates to the automated data provided by Mr.
Anon E. Mouse and included in the cvs p2c.opt.table posted on 31Mar2003
(expected to be part of v2.2).
I have attached a file with mappings I have manually
edited when noticing inconsistencies in the mapping (e.g
Searched the web for uses obsolete PF_INET,SOCK_PACKET. Results 1 - 10 of
about 862. Search took 0.21 seconds
I think it depends on the path you take, some find the comma meaningful and
look for the phrase 'uses obsolete PF-INET', others such as the Google
toolbar ignore it...
Anyway, I run
The problem with requiring auto* tools boils down to about four + thirteen
lines in Makefile.in created by automake... and one missed commit. (I know,
it sounds like a nursery rhyme).
But where do they come from?? And why??? And how do you fix them
Well, here's a partial answer... It's
Hello Ntop developers,
Can any one explain logic used in handleSession() function.
I gone through code but i am not able to interpret the logic from src code..
I found that it will handle various protocols based on port no they use...
waiting for reply.
regards
== atit
I think that's a pretty accurate description. If it's still unclear, then
perhaps you need to start learning to read code with something simpler?
-Burton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf
Of atit jariwala
Sent: Monday, March 31, 2003 6:55 AM
Dear all,
the former obsolete/ directory is no longer part of ntop. Now, when you
do cvs co ntop the directory is no longer extracted. If you want to
retrieve it do cvs co obsolete.
Cheers, Luca
--
Luca Deri [EMAIL PROTECTED] http://luca.ntop.org/
Hacker: someone who loves to program and
Update of /export/home/ntop/ntop/plugins
In directory jabber:/tmp/cvs-serv10070/plugins
Modified Files:
netflowPlugin.c
Log Message:
Moved black/white list functions from the netflow plugin to util.c (this should
ease their integration with other plugins such as sFlow).
Changed -u
Update of /export/home/ntop/ntop
In directory jabber:/tmp/cvs-serv10070
Modified Files:
globals-core.h globals-structtypes.h main.c util.c
Log Message:
Moved black/white list functions from the netflow plugin to util.c (this should
ease their integration with other plugins such as
are available. These are the standard 1.0.41's with the one line patch that
ntop prefers. Since the release date of .42 is unknown, I've made these
available.
Comments/Questions/Issues to ntop-dev, please
-Burton
___
Ntop-dev mailing list
[EMAIL
Update of /export/home/ntop/ntop
In directory jabber:/tmp/cvs-serv11300
Modified Files:
p2c.opt.table
Log Message:
The updates to p2c.opt.table based on the changes just posted.
This includes
1) The registries' 01Mar2003 data.
2) A # of 'manual' corrections and improvements by Mr.
Burton,
the idea is to type ntop enter and run the application. I think that
the -P hack is fine. If you want to change it (e.g. #ifdef HP user =
???) do that but I suggest not to remove it. My idea was not to make
ntop insecure, just to ease its use.
Cheers, Luca
Burton M. Strauss III wrote:
32 matches
Mail list logo
