Re: Status latest Ntop

On Sun, Sep 30, 2001 at 06:01:19PM +0200, Dirk Brockhausen wrote:
> Hi all,
> 
>  >mysql.c:157: `host' undeclared (first use in this function)
>  >mysql.c:157: (Each undeclared identifier is reported only once
>  >mysql.c:157: for each function it appears in.)
> 
> When I tried to install NTOP on Red Hat 6.2,
> I got the same error.
> 
>  From mysql.c:
> 
>     * Address is not set or in use atm. The user, passwd and name is
>     * hardcore programmed in this file..
> 
> 
> But where is "host" defined?
Try something like this:

--- ntop-010926.orig/ntop/mysql.c»··Tue Sep 25 00:25:40 2001
+++ ntop-010926/ntop/mysql.c»···Wed Sep 26 18:54:56 2001
 <at>  <at>  -47,7 +47,7  <at>  <at> 
 static pthread_mutex_t ntop_mysql_mutex;
 #endif
·
-int enable_mySQL = 0;
+/* int enable_mySQL = 0; */
 #ifdef MULTITHREADED
 int use_mutex;
 #endif

Makefile.am location patches

Hi all,

I needed the following patches to the Makefile.am files to create
the Debian packages. Maybe you want to include them in the
distribution.

--- ntop-010926.orig/ntop/Makefile.am»··Tue Sep 25 00:05:06 2001
+++ ntop-010926/ntop/Makefile.am»···Thu Sep 27 12:30:43 2001
 <at>  <at>  -214,7 +214,7  <at>  <at> 
 »·· <at> echo ""
·
 install-data-local:
-»·· <at> cp -p ntop-cert.pem $(bindir)/ntop-cert.pem
+»·· <at> cp -p ntop-cert.pem $(DESTDIR)/etc/ntop-cert.pem
 »·· <at> $(top_srcdir)/mkinstalldirs $(DESTDIR)/$(libdir)/plugins;
 »·· <at> $(top_srcdir)/mkinstalldirs $(DESTDIR)/$(datadir)/ntop;
 »·· <at> $(top_srcdir)/mkinstalldirs $(DESTDIR)/$(datadir)/ntop/html;

--- ntop-010926.orig/ntop/plugins/Makefile.am»··Tue Sep 25 00:26:02 2001
+++ ntop-010926/ntop/plugins/Makefile.am»···Thu Sep 27 12:33:19 2001
 <at>  <at>  -103,9 +103,9  <at>  <at> 
 »·· <at> ln -s .libs/libwapPlugin.so wapPlugin.so
·
 install-data-local:
-»·· <at> $(top_srcdir)/mkinstalldirs $(plugindir);
+»·· <at> $(top_srcdir)/mkinstalldirs $(DESTDIR)/$(plugindir);
 »·· <at> for file in $(noinst_PROGRAMS); do \
-             cp -p $$file $(plugindir)/$$file; \
+             cp -p $$file $(DESTDIR)/$(plugindir)/$$file; \
          done

config.cache in tarball && CVS

Hi all,

this file should really not be included in the
distribution (tarball && CVS)

gdchart0.94c/config.cache

The configure values most likely will be wrong for other systems.

Ciao
  Dennis
--

-- 
"The Idea Is Good But The World Isn't Ready Yet"

ntop Compilation with GCC and Solaris 2.6

Re: [Ntop] NTOP & FTP

Sorry for posting this on the two mailing lists, but it relates to the both.

> Another problem.
> Looks  like  NTOP  doesn't  count  FTP in a proper way (at least at my
> site)  I'm sending file by 9242303 bytes length but NTOP gives me only
> about  7,3K  of  FTP  traffic.  Can  someone  check  it with your NTop
> installation   ?  It  doesn't  count FTP traffic which comes even from
> itself  (I  mean  NTOP  box,  see pic, below) May be it's too late for
> today and I'm missing something important ? %)

I'm not entirely sure, but as this also relates to what I'm trying to do
with NTOP I'm going to put this on the mailing list in the hope of getting
some feedback. AFAIK NTOP distinguishes between protocols by using the port
number, so if your FTP traffic is not using the standard port numbers (20 &
21 if I'm not mistaken) it will not be counted as FTP, but as unknown TCP.
Please correct me if I'm wrong :)

What I'm trying to do is add other protocols, which is not difficult if they
are at a standard port, but the problem is a lot of protocols used by for
example peer-to-peer applications use random port numbers, so you really
need to analyze the packets. I've taken a glance at the source code and this
seems almost impossible to do this, or am I wrong? The only easy way I see
is by using a plugin, but I don't think a plugin can report back to the
"main" database (which is used for creating the IP stats). If any one has
suggestions, please let me know.

kind regards,
Peter

(Ph.D. student at INTEC - Ghent University http://www.intec.rug.ac.be)

New ntop beta

Hi all,
I have changed several components of ntop and I hope to have solved some
(if not all) the stability problems some of you experienced.

You can either:
- get the new snapshot from http://luca.ntop.org/ntop-beta-2.tgz
or
- (better) resync with CVS

Note that I have removed pep/rmon/wap: this work is still in progress
and is not ready for the prime time. intop need to be modified still, so
be patient.

Please send me your feedback.

Cheers, Luca

--

-- 
Luca Deri                     NETikos S.p.A.
Via Matteucci 34/B	      56124 Pisa, Italy.
Ph. +39/050/968.639           Fax. +39/050/968.626
Personal: luca <at> lucaderi.org   Business: luca.deri <at> netikos.com
WWW: http://www.lucaderi.org/ ICQ: 68183632
Hacker: someone who loves to program and enjoys being
clever about it - Richard Stallman

Compiling ntop1.3.1 on Solaris 2.6 - problem

I'm having trouble compiling ntop 1.3.1 on Solaris 2.6 and gcc 2.95.3
20010315

# make
make  all-recursive
Making all in gdchart0.94b
Making all in .
Making all in plugins
Making all in intop
Making all in remoteInterfaceAPI
Making all in CPP
c++      -g -O2 -c NtopHandle.cpp
NtopHandle.cpp: In method `void NtopHandle::sendMessage(char *, HashTable
*)':
NtopHandle.cpp:98: passing `unsigned int *' as argument 6 of `recvfrom(int,
char *, int, int, sockaddr *, int *)' changes signedness
*** Error code 1
make: Fatal error: Command failed for target `NtopHandle.o'
Current working directory /export/home/src/ntop-1.3.1/remoteInterfaceAPI/CPP
*** Error code 1
make: Fatal error: Command failed for target `all-recursive'
Current working directory /export/home/src/ntop-1.3.1/remoteInterfaceAPI
*** Error code 1
make: Fatal error: Command failed for target `all-recursive'
Current working directory /export/home/src/ntop-1.3.1
*** Error code 1
make: Fatal error: Command failed for target `all-recursive-am'
#

Anyone else noticed this??

George Travan
Email : george.travan <at> adelaide.edu.au

Re: Compiling ntop1.3.1 on Solaris 2.6 - problem

> From: "George Travan" <george <at> health.adelaide.edu.au>
> 
> I'm having trouble compiling ntop 1.3.1 on Solaris 2.6 and gcc 2.95.3
> 20010315
> 
> # make
> make  all-recursive
> Making all in gdchart0.94b
> Making all in .
> Making all in plugins
> Making all in intop
> Making all in remoteInterfaceAPI
> Making all in CPP
> c++      -g -O2 -c NtopHandle.cpp

Greetings George

1.3.1 is a "orphan release". The development effort is currently in
2.0 which is asymptotically approaching stability.

See http://www.ntop.org/ for download information.

Please provide feedback on any problems you encounter.

Regards

--

-- 
Anthony David

Gambling(n): A discretionary tax on those asleep during high school maths
http://adavid.com.au/
0xA72CE1ED fingerprint = EA1E C69E FE59 BBE1 AA4B  F354 BD09 9765 A72C E1ED

Re: New ntop beta

On Tue, Oct 02, 2001 at 07:08:55PM +0200, Luca Deri wrote:
> Hi all,
> I have changed several components of ntop and I hope to have solved some
> (if not all) the stability problems some of you experienced.
> 
> You can either:
> - get the new snapshot from http://luca.ntop.org/ntop-beta-2.tgz
this one still includes config.cache files :(

> - (better) resync with CVS
normally all Makefile.in and configure files wich are generated
through autoconf automake e.g. in ntop/plugins/ should not be
include in CVS, rather should the Makefile.am and configure.in files
be changed.

also note that the file ntop/plugins/Makefile.in contains cvs diff
stuff like:

<<<<<<< Makefile.am
>>>>>>> 1.7

<<<<<<< Makefile.am
>>>>>>> 1.7

and is therefor unusable :(

Dennis 
--

-- 
"The Idea Is Good But The World Isn't Ready Yet"

Re: Adding protocols

Hello,

Is it correct to say that all protocol identification is done by port
numbers. As such, this means that ntop is basically useless in analyzing
protocol distribution with accurate data rates. Even if as someone on
the list pointed out, that you could add other well known ports. As most
protocols will respond back to the client on a non well known port. 

I had initially been very excited by that capability (protocol dist.
with bandwith usage) in doing WAN link analysis with ntop. To verify if
the link would benefit from protocol specific rate limiting (traffic
shaping).

Right now, for those interested, and I am seeing quite a few requests
going on this list any type of protocol breakdown would have to be done
with a sniffer that can decode and identify the different protocols.
tcpdump comes to mind.

Surprisingly, I have researched this and have only come up with a single
tool (ttt by Kenjiro Cho) that takes tcpdump trace files and generates
protocol bandwith usage breakdowns. I will be trying it out later today,
so if anyone is interested I will share what I find out. Another tool I
haven't tried which may do that is flstats by Greg Minshall.

Correct me if I am wrong, maybe ethereal does this, but I have not read
anywhere that ethereal can export summarized data to something like RRD
for short/mid/long term trending. 

Here is my dream tool. A tool that will integrate with tcpdump and then
export the accurate flow data to RRD which can then integrated in data
gathered from cricket/mrtg. For a better visibility of critical links.
Then, one can make an informed decision on implementing traffic shaping,
beefing up the link or beating up users that complain for nothing. 

I hope to get your views.

Francois Mikus
Network Architect - Acktomic Network Architects Inc.
fmikus <at> acktomic.com

<snip, sorry I failed to copy the persons name>
I'm not entirely sure, but as this also relates to what I'm trying to do
with NTOP I'm going to put this on the mailing list in the hope of
getting
some feedback. AFAIK NTOP distinguishes between protocols by using the
port
number, so if your FTP traffic is not using the standard port numbers
(20 &
21 if I'm not mistaken) it will not be counted as FTP, but as unknown
TCP.
Please correct me if I'm wrong :)

What I'm trying to do is add other protocols, which is not difficult if
they
are at a standard port, but the problem is a lot of protocols used by
for
example peer-to-peer applications use random port numbers, so you really
need to analyze the packets. I've taken a glance at the source code and
this
seems almost impossible to do this, or am I wrong? The only easy way I
see
is by using a plugin, but I don't think a plugin can report back to the
"main" database (which is used for creating the IP stats). If any one
has
suggestions, please let me know.
<snip>