-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2009-03-07 at 09:05 -0800, Randall R Schulz wrote:
Then I looked in /var/log/messages and noticed that at the same time that I had shut down the ntop daemon, this was logged:
Mar 7 08:46:44 twain kernel: device eth0 left promiscuous mode
Which strongly suggests that ntop puts interfaces in promiscuous mode, which is something I'd prefer not to do on a permanent or ongoing basis.
Yes, it has to use promiscuous mode in order to sniff the network: that's the way it can learn the connections that are going around in the network besides your own computer. Now, where is ntop configured? There is a directory in "/etc/ntop/", but I don't see configuration files there. I think it is configured directly via the web interface - I'm looking for a way to disable promiscuous mode. On the other hand, if you are connected to a switch, that should cut off the rest of the traffic, so promiscuous mode has no effect.
The ntop daemon also failed to shut down cleantly, with this log entry immediately following the preceding one:
Mar 7 08:46:44 twain kernel: ntop[18742]: segfault at 11c ip b75313fc sp b181d2f0 error 4 in libpcap.so.0.9.8 [b752c000+32000]
Well, that's a bug, you should report that one to bugzilla. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmyxwEACgkQtTMYHG2NR9XK3ACfWl/7iriyGP3FmQCAYdEo+DLi wWYAoJGTCzJBeXAg18CE0Z4ON8UjAnyi =N7tg -----END PGP SIGNATURE-----