Results 1 to 9 of 9

Thread: NTOP **WARNING** gzflush error -2(stream error)

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    13

    Default NTOP **WARNING** gzflush error -2(stream error)

    Hi all,

    im experiencing an error with ntop. I launch it in that way :

    ntop -i <myinterface> and i go with firefox to localhost:3000

    in the terminal i can see that error **WARNING** gzflush error -2(stream error)
    and in the browser i see only a blank page.

    Im being crazy, already tried to reinstall ntop without resolve the problem. I really need ntop so now i really need your help. Cany you guys please help me?

    Thanks
    Larika

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    What's with your post in the Italian section and the 3 responses?
    http://forums.remote-exploit.org/sup...-funziona.html
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    13

    Default

    Nothing, Nemesis tested it and wrote that ntop work fine for him. But i still have the problem so i posted it here in the hope to find a solution. Can you help please?

    Thanks,
    Larika

  4. #4
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Post the exact commands you are using to start ntop and we can go from there.
    Generally speaking one needs to start the service deamon by doing something like:
    # /etc/init.d/ntopd start
    Then you can use the web interface like lynx Remote Exploit Forums - Home of BackTrack
    But as I said post the commands that you used and if possible the output.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  5. #5
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    13

    Default

    Quote Originally Posted by archangel.amael View Post
    Post the exact commands you are using to start ntop and we can go from there.
    Generally speaking one needs to start the service deamon by doing something like:
    # /etc/init.d/ntopd start
    Then you can use the web interface like lynx 127.0.0.1:3000
    But as I said post the commands that you used and if possible the output.
    i start ntop with :

    ntop -i eth1

    or

    ntop -i eth0

    or

    /etc/init.d/ntop start

    or

    service ntop start

    when i go to the localhost:3000 address with firefox or konqueror or lynx i see a blank page, and if i look at the terminal or the ntop log i see that error :

    root@bt:~# ntop -i eth1
    Fri Jul 17 17:24:37 2009 NOTE: Interface merge enabled by default
    Fri Jul 17 17:24:37 2009 Initializing gdbm databases
    Fri Jul 17 17:24:37 2009 ntop will be started as user nobody
    Fri Jul 17 17:24:37 2009 ntop v.3.3
    Fri Jul 17 17:24:37 2009 Configured on Jun 17 2008 8:01:42, built on Jun 17 2008 08:02:09.
    Fri Jul 17 17:24:37 2009 Copyright 1998-2007 by Luca Deri <deri@ntop.org>
    Fri Jul 17 17:24:37 2009 Get the freshest ntop from
    Fri Jul 17 17:24:37 2009 NOTE: ntop is running from 'ntop'
    Fri Jul 17 17:24:37 2009 NOTE: (but see warning on man page for the --instance parameter)
    Fri Jul 17 17:24:37 2009 NOTE: ntop libraries are in '/usr/lib'
    Fri Jul 17 17:24:37 2009 Initializing ntop
    Fri Jul 17 17:24:37 2009 Checking eth1 for additional devices
    Fri Jul 17 17:24:37 2009 Resetting traffic statistics for device eth1
    Fri Jul 17 17:24:37 2009 Initializing device eth1 (0)
    Fri Jul 17 17:24:37 2009 DLT: Device 0 [eth1] is 1, mtu 1514, header 14
    Fri Jul 17 17:24:37 2009 Initializing gdbm databases
    Fri Jul 17 17:24:37 2009 VENDOR: Loading MAC address table.
    Fri Jul 17 17:24:37 2009 VENDOR: Checking for MAC address table file
    Fri Jul 17 17:24:37 2009 VENDOR: File '/etc/ntop/specialMAC.txt' does not need to be reloaded
    Fri Jul 17 17:24:37 2009 VENDOR: ntop continues ok
    Fri Jul 17 17:24:37 2009 VENDOR: Checking for MAC address table file
    Fri Jul 17 17:24:37 2009 VENDOR: File '/etc/ntop/oui.txt' does not need to be reloaded
    Fri Jul 17 17:24:37 2009 VENDOR: ntop continues ok
    Fri Jul 17 17:24:37 2009 Fingerprint: Loading signature file
    Fri Jul 17 17:24:37 2009 Fingerprint: Checking for Fingerprint file... file
    Fri Jul 17 17:24:37 2009 Fingerprint: Loading file '/etc/ntop/etter.finger.os'
    Fri Jul 17 17:24:37 2009 Fingerprint: ...loaded 1765 records
    Fri Jul 17 17:24:37 2009 ASN: Checking for Autonomous System Number table file
    Fri Jul 17 17:24:37 2009 ASN: Loading file '/etc/ntop/AS-list.txt'
    Fri Jul 17 17:24:37 2009 ASN: ...found 111435 lines
    Fri Jul 17 17:24:37 2009 ASN: ....Used 3780 KB of memory (12 per entry)
    Fri 17 Jul 2009 05:24:37 PM CEST I18N: Default language (from ntop host) is 'en_US'
    Fri 17 Jul 2009 05:24:37 PM CEST I18N: This instance of ntop supports 0 additional language(s)
    Fri 17 Jul 2009 05:24:37 PM CEST IP2CC: Checking for IP address <-> Country Code mapping file
    Fri 17 Jul 2009 05:24:37 PM CEST IP2CC: Loading file '/etc/ntop/p2c.opt.table'
    Fri 17 Jul 2009 05:24:37 PM CEST IP2CC: ...found 52395 lines
    Fri 17 Jul 2009 05:24:37 PM CEST Database support not compiled into ntop
    Fri 17 Jul 2009 05:24:37 PM CEST Initializing external applications
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t3048381328]: NPA: network packet analyzer (packet processor) thread running [p2781]
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t3048381328]: NPA: Started thread for network packet analyzer (eth1)
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t3039988624]: SFP: Fingerprint scan thread starting [p2781]
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t3039988624]: SFP: Started thread for fingerprinting
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t3031595920]: SIH: Idle host scan thread starting [p2781]
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t3031595920]: SIH: Started thread for idle hosts detection
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t3023203216]: DNSAR(1): Address resolution thread running
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t3023203216]: DNSAR(1): Started thread for DNS address resolution
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t3014810512]: DNSAR(2): Address resolution thread running
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t3014810512]: DNSAR(2): Started thread for DNS address resolution
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t3006417808]: DNSAR(3): Address resolution thread running
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t3006417808]: DNSAR(3): Started thread for DNS address resolution
    Fri 17 Jul 2009 05:24:37 PM CEST Calling plugin start functions (if any)
    Fri 17 Jul 2009 05:24:37 PM CEST SSL is present but https is disabled: use -W <https port> for enabling it
    Fri 17 Jul 2009 05:24:37 PM CEST INITWEB: Initializing web server
    Fri 17 Jul 2009 05:24:37 PM CEST INITWEB: Initializing TCP/IP socket connections for web server
    Fri 17 Jul 2009 05:24:37 PM CEST INITWEB: Initialized socket, port 3000, address (any)
    Fri 17 Jul 2009 05:24:37 PM CEST INITWEB: Waiting for HTTP connections on port 3000
    Fri 17 Jul 2009 05:24:37 PM CEST INITWEB: Starting web server
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t2998025104]: WEB: Server connection thread starting [p2781]
    Fri 17 Jul 2009 05:24:37 PM CEST Note: SIGPIPE handler set (ignore)
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t2998025104]: WEB: Server connection thread running [p2781]
    Fri 17 Jul 2009 05:24:37 PM CEST WEB: ntop's web server is now processing requests
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t2998025104]: INITWEB: Started thread for web server
    Fri 17 Jul 2009 05:24:37 PM CEST Listening on [eth1]
    Fri 17 Jul 2009 05:24:37 PM CEST Loading Plugins
    Fri 17 Jul 2009 05:24:37 PM CEST Searching for plugins in /usr/lib/ntop/plugins
    Fri 17 Jul 2009 05:24:37 PM CEST NETFLOW: Welcome to NetFlow.(C) 2002-07 by Luca Deri
    Fri 17 Jul 2009 05:24:37 PM CEST RRD: Welcome to Round-Robin Databases. (C) 2002-07 by Luca Deri.
    Fri 17 Jul 2009 05:24:37 PM CEST LASTSEEN: Welcome to Host Last Seen. (C) 1999 by Andrea Marangoni
    Fri 17 Jul 2009 05:24:37 PM CEST SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri
    Fri 17 Jul 2009 05:24:37 PM CEST Remote: Welcome to Remote. (C) 2006-07 by L.Deri
    Fri 17 Jul 2009 05:24:37 PM CEST PDA: Welcome to PDA. (C) 2001-2005 by L.Deri and W.Brock
    Fri 17 Jul 2009 05:24:37 PM CEST ICMP: Welcome to ICMP Watch. (C) 1999-2005 by Luca Deri
    Fri 17 Jul 2009 05:24:37 PM CEST Calling plugin start functions (if any)
    Fri 17 Jul 2009 05:24:37 PM CEST RRD: Welcome to the RRD plugin
    Fri 17 Jul 2009 05:24:37 PM CEST RRD: Mask for new directories is 0700
    Fri 17 Jul 2009 05:24:37 PM CEST RRD: Mask for new files is 0066
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: Parameters:
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: dumpInterval 300 seconds
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: dumpShortInterval 10 seconds
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: dumpHours 72 hours by 300 seconds
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: dumpDays 90 days by hour
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: dumpMonths 36 months by day
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: dumpDomains no
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: dumpFlows no
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: dumpHosts no
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: dumpInterfaces yes
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: dumpASs yes
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: dumpMatrix no
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: dumpDetail high
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: hostsFilter
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: rrdPath /var/lib/ntop/rrd
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: umask 0066
    Fri 17 Jul 2009 05:24:37 PM CEST RRD_DEBUG: DirPerms 0700
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t2989427600]: RRD: Data collection thread starting [p2781]
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT: RRD: Started thread (t2989427600) for data collection
    Fri 17 Jul 2009 05:24:37 PM CEST INIT: Created pid file (/var/run/ntop.pid)
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t3068995248]: ntop RUNSTATE: INITNONROOT(3)
    Fri 17 Jul 2009 05:24:37 PM CEST Now running as requested user 'nobody' (65534:65534)
    Fri 17 Jul 2009 05:24:37 PM CEST Note: Reporting device initally set to 0 [eth1] (merged)
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t3068995248]: ntop RUNSTATE: RUN(4)
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t2981034896]: NPS(eth1): pcapDispatch thread starting [p2781]
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t3031595920]: SIH: Idle host scan thread running [p2781]
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t3039988624]: SFP: Fingerprint scan thread running [p2781]
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t2981034896]: NPS(eth1): pcapDispatch thread running [p2781]
    Fri 17 Jul 2009 05:24:37 PM CEST THREADMGMT[t2981034896]: NPS(1): Started thread for network packet sniffing [eth1]
    Fri 17 Jul 2009 05:24:47 PM CEST **ERROR** RRD: Disabled - unable to create directory (err 13, /var/lib/ntop/rrd/graphics)
    Fri 17 Jul 2009 05:25:29 PM CEST **WARNING** gzflush error -2(stream error)

    Thanks for the attention
    Larika

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Not sure what the problem is on your end. I have been running it for about an hour now and have not seen one problem like you are encountering.
    Actually I had no problems at all.
    All I did was start ntop from the command line using just # ntop
    All the interfaces should be merged this way. I was of course running as root, if that makes a difference. In addition it was also running on a vmware image as well as on my actual bt box. A link to a picture of my web interface.
    Since I don't really know your setup it might be problem with an adapter not being supported. But I am not sure if this is a real issue.
    Might want to check on the ntop page for more info.
    I googled a bit further on this and there are references to it not working and giving the same error.
    There was on message about recompiling it without zlibs support. Basically zlib is used to compress the data from ntop on the fly.
    But since it is working for me I would suspect that that is not the real problem.
    Do you have a lot of memory on the box? And are you using a lot of it in conjunction to ntop?
    Also is this a usb stick or hdd or what?
    That may be making a difference.
    Especially a live cd. Might not be able to save data and as such it is crashing.
    Google link on the error.
    Link to mailing list with info on the error.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •