# [solved] ntop starts, but doesn't work

## Starfire

Hi,

I've been trying to get ntop start working.

after I emerged ntop, I read the manpage which said that by starting ntop without any arguments it will monitor eth0 and start a http server at port 3000. If i nc localhost 3000, I can estabilish a connection, but the httpd won't send any data. I tried different browsers, from localhost and remote after I openened the corresponding port with iptables.

The browser simply gets no data. :'(

Here the ntop startup output:

```

0x711 ~ # ntop

Thu Jan 26 09:17:15 2006  NOTE: Interface merge enabled by default

Thu Jan 26 09:17:15 2006  Initializing gdbm databases

Thu Jan 26 09:17:15 2006  ntop will be started as user nobody

Thu Jan 26 09:17:15 2006  ntop v.3.2 SourceForge .tgz

Thu Jan 26 09:17:15 2006  Configured on Jan 25 2006 17:02:08, built on Jan 25 2006 17:04:11.

Thu Jan 26 09:17:15 2006  Copyright 1998-2005 by Luca Deri <deri@ntop.org>

Thu Jan 26 09:17:15 2006  Get the freshest ntop from http://www.ntop.org/

Thu Jan 26 09:17:15 2006  NOTE: ntop is running from 'ntop'

Thu Jan 26 09:17:15 2006  NOTE: (but see warning on man page for the --instance parameter)

Thu Jan 26 09:17:15 2006  NOTE: ntop libraries are in '/usr/lib'

Thu Jan 26 09:17:15 2006  Initializing ntop

Thu Jan 26 09:17:15 2006  Checking eth0 for additional devices

Thu Jan 26 09:17:15 2006  Resetting traffic statistics for device eth0

Thu Jan 26 09:17:15 2006  DLT: Device 0 [eth0] is 1, mtu 1514, header 14

Thu Jan 26 09:17:15 2006  Initializing gdbm databases

Thu Jan 26 09:17:15 2006  VENDOR: Loading MAC address table.

Thu Jan 26 09:17:15 2006  VENDOR: Checking for MAC address table file

Thu Jan 26 09:17:15 2006  **WARNING** VENDOR: Unable to open file 'specialMAC.txt'

Thu Jan 26 09:17:15 2006  VENDOR: ntop continues ok

Thu Jan 26 09:17:15 2006  VENDOR: Checking for MAC address table file

Thu Jan 26 09:17:15 2006  **WARNING** VENDOR: Unable to open file 'oui.txt'

Thu Jan 26 09:17:15 2006  VENDOR: ntop continues ok

Thu Jan 26 09:17:15 2006  Fingeprint: Loading signature file.

Thu Jan 26 09:17:15 2006  ASN: Checking for Autonomous System Number table file

Thu Jan 26 09:17:15 2006  **WARNING** ASN: Unable to open file 'AS-list.txt'

Thu Jan 26 09:17:15 2006  I18N: Default language (from ntop host) is 'C'

Thu Jan 26 09:17:15 2006  I18N: This instance of ntop supports 0 additional language(s)

Thu Jan 26 09:17:15 2006  IP2CC: Checking for IP address <-> Country Code mapping file

Thu Jan 26 09:17:15 2006  **WARNING** IP2CC: Unable to open file 'p2c.opt.table'

Thu Jan 26 09:17:15 2006  **WARNING** IP2CC: Unable to read IP address <-> Country code mapping file (non-existant or no data)

Thu Jan 26 09:17:15 2006  IP2CC: ntop will perform correctly but without this minor feature

Thu Jan 26 09:17:15 2006  GDVERCHK: Guessing at libgd version

Thu Jan 26 09:17:15 2006  GDVERCHK: ... as 2.0.21+

Thu Jan 26 09:17:15 2006  Initializing external applications

Thu Jan 26 09:17:15 2006  THREADMGMT[t16386]: NPA: Started thread for network packet analyzer

Thu Jan 26 09:17:15 2006  THREADMGMT[t32771]: SFP: Started thread for fingerprinting

Thu Jan 26 09:17:15 2006  THREADMGMT[t49156]: SIH: Started thread for idle hosts detection

Thu Jan 26 09:17:15 2006  THREADMGMT[t16386]: NPA: network packet analyzer (packet processor) thread running [p21232]

Thu Jan 26 09:17:15 2006  THREADMGMT[t32771]: SFP: Fingerprint scan thread starting [p21233]

Thu Jan 26 09:17:15 2006  THREADMGMT[t49156]: SIH: Idle host scan thread starting [p21234]

Thu Jan 26 09:17:15 2006  THREADMGMT[t65541]: DNSAR(1): Started thread for DNS address resolution

Thu Jan 26 09:17:15 2006  Calling plugin start functions (if any)

Thu Jan 26 09:17:15 2006  INITWEB: Initializing web server

ntop startup - waiting for user response!

Please enter the password for the admin user: Thu Jan 26 09:17:15 2006  THREADMGMT[t65541]: DNSAR(1): Address resolution thread running [p21235]

Please enter the password again:

Thu Jan 26 09:17:26 2006  Admin user password has been set

Thu Jan 26 09:17:26 2006  INITWEB: Initializing tcp/ip socket connections for web server

Thu Jan 26 09:17:26 2006  INITWEB: Initialized socket, port 3000, address (any)

Thu Jan 26 09:17:26 2006  INITWEB: Waiting for HTTP connections on port 3000

Thu Jan 26 09:17:26 2006  INITWEB: Starting web server

Thu Jan 26 09:17:26 2006  THREADMGMT[t81926]: INITWEB: Started thread for web server

Thu Jan 26 09:17:26 2006  Listening on [eth0]

Thu Jan 26 09:17:26 2006  Loading Plugins

Thu Jan 26 09:17:26 2006  Searching for plugins in /usr/lib/ntop/plugins

Thu Jan 26 09:17:26 2006  THREADMGMT[t81926]: WEB: Server connection thread starting [p21236]

Thu Jan 26 09:17:26 2006  Note: SIGPIPE handler set (ignore)

Thu Jan 26 09:17:26 2006  THREADMGMT[t81926]: WEB: Server connection thread running [p21236]

Thu Jan 26 09:17:26 2006  WEB: ntop's web server is now processing requests

Thu Jan 26 09:17:26 2006  ICMP: Welcome to ICMP Watch. (C) 1999-2005 by Luca Deri

Thu Jan 26 09:17:26 2006  LASTSEEN: Welcome to Host Last Seen. (C) 1999 by Andrea Marangoni

Thu Jan 26 09:17:26 2006  NETFLOW: Welcome to NetFlow.(C) 2002-05 by Luca Deri

Thu Jan 26 09:17:26 2006  PDA: Welcome to PDA. (C) 2001-2005 by L.Deri and W.Brock

Thu Jan 26 09:17:26 2006  RRD: Welcome to Round-Robin Databases. (C) 2002-04 by Luca Deri.

Thu Jan 26 09:17:26 2006  SNMP: Welcome to SNMP. (C) 2004 by F.Fusco and G.Giardina

Thu Jan 26 09:17:26 2006  SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri

Thu Jan 26 09:17:26 2006  XMLDUMP: Welcome to XML data dump. (C) 2003-2004 by Burton Strauss

Thu Jan 26 09:17:26 2006  Calling plugin start functions (if any)

Thu Jan 26 09:17:26 2006  RRD: Welcome to the RRD plugin

Thu Jan 26 09:17:26 2006  RRD: Mask for new directories is 0700

Thu Jan 26 09:17:26 2006  RRD: Mask for new files is 0066

Thu Jan 26 09:17:26 2006  THREADMGMT[t98311]: RRD: Data collection thread starting [p21237]

Thu Jan 26 09:17:26 2006  THREADMGMT: RRD: Started thread (t98311) for data collection

Thu Jan 26 09:17:26 2006  THREADMGMT[t16384]: ntop RUNSTATE: INITNONROOT(3)

Thu Jan 26 09:17:26 2006  Now running as requested user 'nobody' (65534:65534)

Thu Jan 26 09:17:26 2006  **WARNING** INIT: Unable to create pid file (/var/lib/ntop/ntop.pid)

Thu Jan 26 09:17:26 2006  Note: Reporting device initally set to 0 [eth0] (merged)

Thu Jan 26 09:17:26 2006  THREADMGMT[t16384]: ntop RUNSTATE: RUN(4)

Thu Jan 26 09:17:26 2006  THREADMGMT[t114696]: NPS(1,eth0): pcapDispatch thread starting [p21238]

Thu Jan 26 09:17:26 2006  THREADMGMT[t32771]: SFP: Fingerprint scan thread running [p21233]

Thu Jan 26 09:17:26 2006  THREADMGMT[t49156]: SIH: Idle host scan thread running [p21234]

Thu Jan 26 09:17:26 2006  THREADMGMT[t114696]: NPS(1,eth0): pcapDispatch thread running [p21238]

Killed

0x711 ~ # 

```

After that I had to kill ntop with kill -9 and the first pid from the output of ´pidof ntop´.

Do you have any ideas?

Thanks

FrankLast edited by Starfire on Wed Feb 01, 2006 3:52 pm; edited 1 time in total

----------

## Marlo

 *Starfire wrote:*   

> 
> 
> Do you have any ideas?
> 
> 

 

Maybe a permission problem?

Gentoo is great for letting you know what's actually going on underneath the hood. 

Do you have started reading the output of " emerge ntop"? Scroll back and you'll find:

```

************************************************************

  WARNING: This install created a directory for the ntop

           files and databases:

             /var/tmp/portage/ntop-3.2/image///usr/share/ntop

           This directory MUST be owned by the user

           which you are going to use to run ntop.

           The command you must issue is something like:

           chown -R ntop.ntop /var/tmp/portage/ntop-3.2/image///usr/share/ntop

     or    chown -R ntop:users /var/tmp/portage/ntop-3.2/image///usr/share/ntop

           man chown to check the syntax for YOUR system

************************************************************

```

Did you have set the right permission for ntop?

grz

Ma

----------

## Starfire

Marlo, thanks for your answer, but...

in /var/tmp/portage is no dir called ntop*

when i cat /var/log/emerge.log there is no information like the one you posted.

And: what do you mean with the "///"-construct in a path?

like: 

```
tmp/portage/ntop-3.2/image///usr/share/ntop
```

What does that mean?

Greets

Frank

----------

## Marlo

°1

 *Starfire wrote:*   

> 
> 
> in /var/tmp/portage is no dir called ntop*
> 
> 

 

Correctly, that is also on my machine like that.

°2

 *Starfire wrote:*   

> 
> 
> when i cat /var/log/emerge.log there is no information like the one you posted.
> 
> 

 

I mean 

```

cd /var/log/portage

ls -la *ntop*

```

und you'll see like this:

```

-rw-r--r--  1 root portage 157165 27. Jan 15:40 4030-ntop-3.2.log

-rw-r--r--  1 root portage      0 27. Jan 15:40 4031-ntop-3.2.log

```

and if you write

```
cat 4030-ntop-3.2.log
```

 then the report from above appears.

°3

 *Starfire wrote:*   

> 
> 
> And: what do you mean with the "///"-construct in a path?
> 
> like: 
> ...

 

I believes, the Author of Ntop wants to say the following to us:

If you have a directory that names  "/var/tmp/portage/ntop-3.2/image/" or/and "/usr/share/ntop" please change the owner.

 *Quote:*   

>  This directory MUST be owned by the user
> 
>            which you are going to use to run ntop.
> 
> 

 

Go to /usr/share and look to the ntop dir. If the owner like this

```

drwxr-xr-x    3 ntop ntop     72  1. Dez 16:29 ntop

```

it is ok. If not, change the owner with the "chown -R"  command. 

Take the same part with /var/lib  ntop

```

drwxr-xr-x   3 ntop   ntop     344 27. Jan 15:40 ntop

```

If you have done this, read "man ntop" in particular, how do you set the admin password.

```

 -A | --set-admin-password

        This parameter is used to start ntop , set the admin password and quit. It is quite useful for installers that  need

        to automatically set the password for the admin user.

```

Set the password and finally control  the /etc/conf.d/ntop.

I.e. I use these options

```

NTOP_OPTS="-u ntop -P /var/lib/ntop --http-server 3000  --interface eth0"

```

It's really very urgently that you know what the option "-u ntop" mean.

Start ntop, take a Browser(without a proxy), switch on Javascript and klick here http://127.0.0.1:3000

grz

Ma

----------

## Starfire

thank you very much  :Very Happy:  now it works  :Smile: 

----------

