_ _ _
| \ | | |_ ___ _ __
| \| | __/ _ \| '_ \
| |\ | || (_) | |_) |
|_| \_|\__\___/| .__/
|_|
Network Top
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
FAQ (All Platforms)
===================
Q. How can I run ntop without being root?
A. A very simple way of doing this is:
> su
> chown root ntop
> chgrp root ntop
> chmod 6111 ntop
> exit
Do not forget to use the -u flag so that ntop changes user
as soon as it is started.
Q. ntop doesn't report any traffic at all.
A. Please make sure that there's traffic on the interface you're using. You
can select an interface using the '-i' flag.
Q. How do I force configure to build ntop without
lsof support?
A. configure -enable-lsof=no
Q. How do I force configure to build ntop without
thread support?
A. configure -enable-threads=no
Q. Linux: ntop isn't able to capture data.
A. On some Linux distributions, the libpcap package is broken. Please
remove it, get the source (http://www.tcpdump.org),
build libpcap and install it (both the library and the include files).
Then rebuild ntop from scratch.
Q. When I compile ntop I get the following error:
[...]
> libtool: link: CURRENT `-release' is not a nonnegative integer
> libtool: link: `-release' is not valid version information
> make[2]: *** [libntop.la] Error 1
> make[2]: Leaving directory `/usr/local/src/ntop'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/usr/local/src/ntop'
> make: *** [all-recursive-am] Error 2
A. It seems that some versions of GNU autoconf (> 2.13) are broken so
some macros are not expanded and then the compilation fail.
Workarounds:
- downgrade to a stable autoconf version
- edit all the ntop Makefile(s), add "0:0:0" behind any
occurence of "version-info" and "2.0" behind
"-release".
Q. I start ntop with "-S 2" in order to store traffic
statistics. Unfortunately when I restart ntop the
stats are gone. What's wrong?
A. "-S" enables ntop to store on the disk host traffic statistics. This
means that is host XYZ was seen by ntop in a previous run, the host
traffic statistics are stored on disk so that the next time ntop is
restarted (or if the entry was purged from memory and needs to be
resurrected) the host information is not empty but the traffic
statistics start from the data saved on disk. Note that hosts are
resurrected *only* when ntop sees traffic for such hosts. This means
that when you restart ntop you *won't* see all the hosts ntop saw when
it stopped, but ntop populates its memory as usual with the difference
that host statistics won't start from scratch but from the saved data.
FAQ (Platform Specific)
=======================
Q. I can't run ntop on BSD systems. The error is:
ntop: /dev/bpf0: Device not configured
A. This is because bfp0 has not been configured inside the generic
kernel config file. If you use generic kernel config file put
pseudo-device bpfilter 16
to kernel config file and rebuild the kernel.
Q. Where can I find pthreads for IRIX 6.2?
A. Irix 6.2 doesn't support POSIX threads out of the box. You must
install the patch: 2791
Q. How do I install the ntop package on Solaris?
A. For instance do 'pkgadd -d ntop-1.1-solaris.i386'
Q. ntop doesn't seem to collect any data on Digital Unix.
A. Albert Chin-A-Young <china@thewrittenword.com> said:
First, to compile, make sure you don't use '-std1' which will cause problems
compiling pbuf.c. '-std' is ok.
Once ntop is compiled, do the following:
1. Make sure 'options PACKETFILTER' is in your kernel
configuration file under /sys/conf. Recompile the
kernel using 'doconfig -c [config file]' if necessary.
2. % cd /dev
% ./MAKEDEV pfilt
% pfconfig +promisc [interface]
The last part of #2 I didn't do so ntop did not collect any data.
Q. Where can I find neped/queso?
A. You can download neped/queso from http://www.apostols.org/
Q. Where can I find GDBM for Windows?
A. http://www.roth.net/libs/gdbm/
Q. I have experienced problems defining multiple filters: ntop reports
'syntax error'. What shall I do?
A. If you believe the filter is syntactically correct then it's likely
that the libpcap you have used has been compiled using an old
non-reentrant version of flex. Please make sure you're using
version 2.5.4 or above.
Q. AIX: I've linked ntop against the special libcap library that's
available on the ntop sire. Unfortunately ntop doesn't work. It
fails with the following error:
# ./ntop
06/Oct/2000:10:25:55 ntop v.1.3.2 ST (SSL) [powerpc-ibm-aix4.3.2.0]
06/Oct/2000:10:25:55 Listening on [en0]
06/Oct/2000:10:25:55 Copyright 1998-2000 by Luca Deri <deri@ntop.org>
06/Oct/2000:10:25:55 Get the freshest ntop from http://www.ntop.org/
06/Oct/2000:10:25:55 Initialising...
06/Oct/2000:10:25:55 /dev/dlpi/en0: No such file or directory
A: Please configure dlpi.conf int the /etc dir using the command
strload -f /etc/dlpi.conf.
(Courtesy of Chuck Toman <ctoman@Park-Ohio.com>).
Q. I have a problem on AIX. What shall I do?
A. Read below.
=============================================================
From Ciaran.Deignan@bull.net Wed Oct 4 17:07:02 2000
Date: Tue, 3 Oct 2000 10:29:52 +0200 (DFT)
From: Ciaran.Deignan@bull.net
To: Karandeep Singh <kdsingh@ichips.intel.com>
Subject: Re: ntop problems
On Mon, 2 Oct 2000, Karandeep Singh wrote:
> Question I have for you is that if I run "strload -f /etc/dlpi.conf"
> and create special files in /dev/dlpi, do I then have to reboot?
> If not then this will work very well for us on our other servers.
you don;t need to reboot, but you do need to execute the command each
time you *do* reboot....
there's always something...
Ciaran
+-------------------------------------------------------------------------+
Ciaran Deignan Tel: (France) 04 76 29 79 92
BULL XS-BU (http://www-frec.bull.com) HA and Consolidation
Mail to: Ciaran.Deignan@bull.net Bullcom: 229 79 92
PGP: B1 78 FB 88 FD 86 58 A8 89 7B 22 8C D0 E8 71 FC Fax: 229 75 18
+-------------------------------------------------------------------------+
From Ciaran.Deignan@bull.net Wed Oct 4 17:07:02 2000
Date: Mon, 2 Oct 2000 12:00:18 +0200 (DFT)
From: Ciaran.Deignan@bull.net
To: Karandeep Singh <kdsingh@ichips.intel.com>
Cc: l.deri@tecsiel.it
Subject: Re: ntop problems
On Tue, 26 Sep 2000, Karandeep Singh wrote:
> Hi,
> I installed "successfully" ntop from Bull site and now when I run
> it am getting following errors. Any help would be appreciated.
>
> -KD
>
> <pdxfs30 157> # ntop
> 26/Sep/2000:17:13:01 ntop v.1.3.2 ST (SSL) [powerpc-ibm-aix4.3.2.0] (08/11/00 07:04:32 PM build)
> 26/Sep/2000:17:13:01 Listening on [en2]
> 26/Sep/2000:17:13:01 Copyright 1998-2000 by Luca Deri <deri@ntop.org>
> 26/Sep/2000:17:13:01 Get the freshest ntop from http://www.ntop.org/
> 26/Sep/2000:17:13:01 Initialising...
> 26/Sep/2000:17:13:01 /dev/dlpi/en2: No such file or directory
Anyway, what you've missed (and what I've failed to find a convient way
to communicate) is the command
# strload -f /etc/dlpi.conf
which will create the special files in /dev/dlpi...
This information is given in the mailing-list archives, each time libpcap
is repackaged:
http://www-frec.bull.com/download/Updates.txt
> <pdxfs30 158> # intop
> exec(): 0509-036 Cannot load program intop because of the following errors:
> 0509-150 Dependent module /usr/local/lib/libreadline.a(libreadline.so) could not be loaded.
> 0509-152 Member libreadline.so is not found in archive
intop has a dependence on freeware.gnu.readline.rte
(gnu.readline-4.1.0.1.exe), but intop doesn't work anyway :(
Sorry for the complexity,
Ciaran
+-------------------------------------------------------------------------+
Ciaran Deignan Tel: (France) 04 76 29 79 92
BULL XS-BU (http://www-frec.bull.com) HA and Consolidation
Mail to: Ciaran.Deignan@bull.net Bullcom: 229 79 92
PGP: B1 78 FB 88 FD 86 58 A8 89 7B 22 8C D0 E8 71 FC Fax: 229 75 18
+-------------------------------------------------------------------------+
From Ciaran.Deignan@bull.net Wed Oct 4 17:07:02 2000
Date: Mon, 18 Sep 2000 10:00:41 +0200 (DFT)
From: Ciaran.Deignan@bull.net
To: Bill Kurland <bill@shakespeare-nyc.com>
Subject: Re: Freeware:ntop-1.3.2.0
On Sun, 17 Sep 2000, Bill Kurland wrote:
> I have tried installing ntop-1.3.2 on three different rs6000's running
> AIX 4.3.3 with the same result and was hoping you might be kind enough
> to help me discover my error.
Humm... I don't have a /dev/ent* or /dev/en* on my system either. You live
and learn.
Anyway, what you've missed (and what I've failed to find a convient way
to communicate) is the command
# strload -f /etc/dlpi.conf
which will create the special files in /dev/dlpi...
This information is given in the mailing-list archives, each time libpcap
is repackaged:
http://www-frec.bull.com/download/Updates.txt
Hope this helps
Ciaran
+-------------------------------------------------------------------------+
Ciaran Deignan Tel: (France) 04 76 29 79 92
BULL XS-BU (http://www-frec.bull.com) HA and Consolidation
Mail to: Ciaran.Deignan@bull.net Bullcom: 229 79 92
PGP: B1 78 FB 88 FD 86 58 A8 89 7B 22 8C D0 E8 71 FC Fax: 229 75 18
+-------------------------------------------------------------------------+
From Ciaran.Deignan@bull.net Wed Oct 4 17:07:03 2000
Date: Wed, 6 Sep 2000 11:49:07 +0200 (DFT)
From: Ciaran.Deignan@bull.net
To: ry1481@csag.sbc.com
Subject: Re: NMAP on AIX
On Tue, 5 Sep 2000 ry1481@csag.sbc.com wrote:
> I am receiving the message "/dev/dlpi/en0 does not exist. The
> ethernet adapter en0 is configured but there is no /dev/dlpi/en0
> directory or file. Any suggestions would be appreciated.
as stated in the Updates log ( http://www-frec.bull.com/docs/downlist.htm )
This distribution uses the "dlpi" interface. If the dlpi
stream drivers are not loaded, the command
# strload -f /etc/dlpi.conf
should be executed after every reboot.
have fun
Ciaran
+-------------------------------------------------------------------------+
Ciaran Deignan Tel: (France) 04 76 29 79 92
BULL XS-BU (http://www-frec.bull.com) HA and Consolidation
Mail to: Ciaran.Deignan@bull.net Bullcom: 229 79 92
PGP: B1 78 FB 88 FD 86 58 A8 89 7B 22 8C D0 E8 71 FC Fax: 229 75 18
+-------------------------------------------------------------------------+
==========================================================================
