[prev in list] [next in list] [prev in thread] [next in thread]
List: ntop
Subject: RE: [Ntop] Suspicious FTP message from ntop
From: "patrick wong" <mauddib888 () hotmail ! com>
Date: 2002-05-31 14:09:51
Message-ID: LAW2-F89utJLtosJ3Ih00003eff () hotmail ! com
[Download RAW message or body]
<html><div style='background-color:'><DIV>
<P>Hello,</P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt">I am not to familiar with the gab \
procedure, so please bear with me. Attach is the continuation of the frame and list \
commands from gdb.</P> <P>Thanks, Patrick</P>
<P>[root@localhost root]# cd ~ntopusers<BR>bash: cd: ~ntopusers: No such file or \
directory<BR>[root@localhost root]# cd ~ntopuser<BR>[root@localhost ntopuser]# \
ls<BR>addressCache.db dnsCache.db hostsInfo.db LsWatch.db \
ntop_pw.db prefsCache.db startntop<BR>[root@localhost ntopuser]# gdb \
/usr/local/bin/ntop<BR>GNU gdb Red Hat Linux 7.x (5.0rh-15) (MI_OUT)<BR>Copyright \
2001 Free Software Foundation, Inc.<BR>GDB is free software, covered by the GNU \
General Public License, and you are<BR>welcome to change it and/or distribute copies \
of it under certain conditions.<BR>Type "show copying" to see the \
conditions.<BR>There is absolutely no warranty for GDB. Type "show warranty" \
for details.<BR>This GDB was configured as "i386-redhat-linux"...<BR>(gdb) set args \
-u root -P /home/ntopuser -i eth0 -K<BR>(gdb) run<BR>Starting program: \
/usr/local/bin/ntop -u root -P /home/ntopuser -i eth0 -K<BR>[New Thread 1024 (LWP \
13670)]<BR>Wait please: ntop is c! oming up...<BR>30/May/2002 11:08:45 Initializing \
IP services...<BR>SSL is present but https is disabled: use -W <https port> for \
enabling it<BR>30/May/2002 11:08:45 Initializing GDBM...<BR>30/May/2002 11:08:45 \
Initializing network devices...<BR>30/May/2002 11:08:45 ntop v.2.0.99 MT (SSL) \
[i686-pc-linux-gnu] (05/30/02 09:39:29 AM build)<BR>30/May/2002 11:08:45 Listening on \
[eth0]<BR>30/May/2002 11:08:45 Copyright 1998-2002 by Luca Deri <<A \
href="mailto:deri@ntop.org">deri@ntop.org</A>><BR>30/May/2002 11:08:45 Get the \
freshest ntop from <A \
href="http://www.ntop.org/">http://www.ntop.org/</A><BR>30/May/2002 11:08:45 \
Initializing...<BR>30/May/2002 11:08:45 Truncated network size to 1024 hosts (real \
netmask 255.255.0.0)<BR>30/May/2002 11:08:45 Loading plugins (if \
any)...<BR>30/May/2002 11:08:45 Searching plugins in \
/usr/local/lib/ntop/plugins<BR>30/May/2002 11:08:47 Welcome to icmpWatchPlugin. (C) \
1999 by Luca Deri.<BR>30/May/2002 11:08:48 Welcome to LastSeenWatchPlug! in. (C) 1999 \
by Andrea Marangoni.<BR>30/May/2002 11:08:50 Welcome to NetFlow. (C) 2002 by Luca \
Deri.<BR>30/May/2002 11:08:53 Welcome to nfsWatchPlugin. (C) 1999 by Luca \
Deri.<BR>30/May/2002 11:08:55 Welcome to PDAPlugin. (C) 2001-2002 by L.Deri and \
W.Brock<BR>30/May/2002 11:08:57 Welcome to sFlowPlugin. (C) 2002 by Luca \
Deri.<BR>30/May/2002 11:08:57 Resetting traffic statistics...<BR>[New Thread 2049 \
(LWP 13678)]<BR>[New Thread 1026 (LWP 13679)]<BR>30/May/2002 11:08:58 Started thread \
(1026) for network packet analyser.<BR>[New Thread 2051 (LWP 13680)]<BR>30/May/2002 \
11:08:58 Started thread (2051) for idle hosts detection.<BR>[New Thread 3076 (LWP \
13681)]<BR>30/May/2002 11:08:59 Started thread (3076) for DNS address \
resolution.<BR>[New Thread 4101 (LWP 13682)]<BR>30/May/2002 11:08:59 Started thread \
(4101) for address purge.<BR>30/May/2002 11:08:59 Initializing plugins (if \
any)...<BR>30/May/2002 11:08:59 NetFlow export disabled<BR>30/May/2002 11:08:59 \
Waiting for HTTP connecti! ons on port 3000...<BR>[New Thread 5126 (LWP \
13683)]<BR>30/May/2002 11:08:59 Started thread (5126) for web server.<BR>30/May/2002 \
11:08:59 Sniffying...<BR>[New Thread 6151 (LWP 13684)]<BR>30/May/2002 11:08:59 \
Extending hash size [newSize=512][deviceId=0]<BR>30/May/2002 11:09:00 Started thread \
(6151) for network packet sniffing on eth0.<BR>30/May/2002 11:09:24 Extending hash \
size [newSize=1024][deviceId=0]<BR>30/May/2002 11:10:04 Extending hash size \
[newSize=2048][deviceId=0]<BR>30/May/2002 11:11:34 Extending hash size \
[newSize=4096][deviceId=0]<BR>30/May/2002 11:14:34 Extending hash size \
[newSize=8192][deviceId=0]</P> <P>Program received signal SIGSEGV, Segmentation \
fault.<BR>[Switching to Thread 2051 (LWP 13680)]<BR>0x4055ee9c in chunk_free \
(ar_ptr=0x40612620, p=0x8793968) at malloc.c:3228<BR>3228 malloc.c: \
No such file or directory.<BR> in \
malloc.c<BR>(gdb)<BR>(gdb)<BR>(gdb) info stack<BR>#0 0x4055ee9c in chunk_free \
(ar_ptr=0x40612620, p=0x8793968) at malloc.c:3228<BR>#1 0x4055ebf4 in \
__libc_free (mem=0x8793970) at malloc.c:3154<BR>#2 0x40284c55 in ntop_safefree \
(ptr=0x41ad29dc, file=0x402a55b9 "sessions.c", line=246) at leaks.c:485<BR>#3 \
0x402905cf in freeSession (sessionToPurge=0x8793970, actualDeviceId=0, \
allocateMemoryIfNeeded=1 '\001')<BR> at sessions.c:246<BR>#4 \
0x40290784 in scanTimedoutTCPSessions (actualDeviceId=0) at \
sessions.c:310<BR>#5 0x4028107e in purgeIdleHosts (actDevice=0) at \
hash.c:471<BR>#6 0x40286909 in scanIdleLoop (notUsed=0x0) at ntop.c:619<BR>#7! \
0x4022fb9c in pthread_start_thread (arg=0x41ad2be0) at \
manager.c:274<BR>#8 0x4022fc7f in pthread_start_thread_event (arg=0x41ad2be0) \
at manager.c:298<BR>(gdb) frame<BR>#0 0x4055ee9c in chunk_free \
(ar_ptr=0x40612620, p=0x8793968) at malloc.c:3228<BR>3228 in \
malloc.c<BR>(gdb) list<BR>3223 in malloc.c<BR>(gdb) print \
ar_ptr<BR>$1 = (arena *) 0x40612620<BR>(gdb) print p<BR>$2 = 0x8793968<BR>(gdb)<BR>$3 \
= 0x8793968<BR>(gdb)<BR>$4 = 0x8793968<BR>(gdb)<BR>$5 = 0x8793968<BR>(gdb)<BR>$6 = \
0x8793968<BR>(gdb)<BR>$7 = 0x8793968<BR>(gdb)<BR>$8 = 0x8793968<BR>(gdb)<BR>$9 = \
0x8793968<BR>(gdb) list<BR>3223 in malloc.c<BR>(gdb) info \
stack<BR>#0 0x4055ee9c in chunk_free (ar_ptr=0x40612620, p=0x8793968) at \
malloc.c:3228<BR>#1 0x4055ebf4 in __libc_free (mem=0x8793970) at \
malloc.c:3154<BR>#2 0x40284c55 in ntop_safefree (ptr=0x41ad29dc, \
file=0x402a55b9 "sessions.c", line=246) at leaks.c:485<BR>#3 0x402! 905cf in \
freeSession (sessionToPurge=0x8793970, actualDeviceId=0, allocateMemoryIfNeeded=1 \
'\001')<BR> at sessions.c:246<BR>#4 0x40290784 in \
scanTimedoutTCPSessions (actualDeviceId=0) at sessions.c:310<BR>#5 0x4028107e \
in purgeIdleHosts (actDevice=0) at hash.c:471<BR>#6 0x40286909 in scanIdleLoop \
(notUsed=0x0) at ntop.c:619<BR>#7 0x4022fb9c in pthread_start_thread \
(arg=0x41ad2be0) at manager.c:274<BR>#8 0x4022fc7f in \
pthread_start_thread_event (arg=0x41ad2be0) at manager.c:298<BR>(gdb) print \
ar_ptr<BR>$10 = (arena *) 0x40612620<BR>(gdb) print p<BR>$11 = 0x8793968<BR>(gdb) \
frame<BR>#0 0x4055ee9c in chunk_free (ar_ptr=0x40612620, p=0x8793968) at \
malloc.c:3228<BR>3228 in malloc.c<BR>(gdb) info stack<BR>#0 \
0x4055ee9c in chunk_free (ar_ptr=0x40612620, p=0x8793968) at \
malloc.c:3228<BR>#1 0x4055ebf4 in __libc_free (mem=0x8793970) at \
malloc.c:3154<BR>#2 0x40284c55 in ntop_safefree (ptr=0x41ad29! dc, \
file=0x402a55b9 "sessions.c", line=246) at leaks.c:485<BR>#3 0x402905cf in \
freeSession (sessionToPurge=0x8793970, actualDeviceId=0, allocateMemoryIfNeeded=1 \
'\001')<BR> at sessions.c:246<BR>#4 0x40290784 in \
scanTimedoutTCPSessions (actualDeviceId=0) at sessions.c:310<BR>#5 0x4028107e \
in purgeIdleHosts (actDevice=0) at hash.c:471<BR>#6 0x40286909 in scanIdleLoop \
(notUsed=0x0) at ntop.c:619<BR>#7 0x4022fb9c in pthread_start_thread \
(arg=0x41ad2be0) at manager.c:274<BR>#8 0x4022fc7f in \
pthread_start_thread_event (arg=0x41ad2be0) at manager.c:298<BR>(gdb) frame \
3<BR>#3 0x402905cf in freeSession (sessionToPurge=0x8793970, actualDeviceId=0, \
allocateMemoryIfNeeded=1 '\001')<BR> at \
sessions.c:246<BR>246 free(sessionToPurge); /* No \
inner pointers to free */<BR>(gdb) \
list<BR>241 &nb!
sp; _intoa(sessionToPurge->remotePeerRealIp, buf1, \
sizeof(buf1)), sessionToPurge->dport,<BR>242 \
sessionToPurge->lastSeen, \
myGlobals.device[actualDeviceId].numTcpSessions);<BR>243 \
}<BR>244 \
#endif<BR>245<BR>246 free(sessionToPurge); /* No \
inner pointers to free */<BR>247 \
}<BR>248<BR>249 /* ************************************ \
*/<BR>250<BR>(gdb) print sessionToPurge<BR>$12 = (IPSession *) 0x8793970<BR>(gdb) \
print *sessionToPurge<BR>$13 = {magic = 0, initiatorIdx = 2, initiatorRealIp = \
{s_addr = 2887190290}, sport = 4260, remotePeerIdx = 43,<BR> remotePeerRealIp = \
{s_addr = 3507473923}, dport = 80, firstSeen = 1022771354, lastSeen = 1022771359, \
pktSent = 5,<BR> pktRcvd = 0, bytesSe! nt = 590, bytesRcvd = 0, bytesProtoSent \
= 382, bytesProtoRcvd = 0, bytesFragmentedSent = 0,<BR> bytesFragmentedRcvd = \
0, minWindow = 64, maxWindow = 55359, nwLatency = {tv_sec = 0, tv_usec = 0}, numFin = \
1,<BR> numFinAcked = 0, lastAckIdI2R = 1464555384, lastAckIdR2I = 0, \
numDuplicatedAckI2R = 0, numDuplicatedAckR2I = 0,<BR> bytesRetranI2R = 0, \
bytesRetranR2I = 0, finId = {3907093120, 0, 0, 0}, lastFlags = 17, lastCSAck = 0, \
lastSCAck = 0,<BR> lastCSFin = 3907093120, lastSCFin = 0, \
lastInitiator2RemFlags = "\000\000\000", lastRem2InitiatorFlags = \
"\000\000\000",<BR> sessionState = 3 '\003', passiveFtpSession = 0 '\000', next \
= 0x0}<BR>(gdb)<BR>$14 = {magic = 0, initiatorIdx = 2, initiatorRealIp = {s_addr = \
2887190290}, sport = 4260, remotePeerIdx = 43,<BR> remotePeerRealIp = {s_addr = \
3507473923}, dport = 80, firstSeen = 1022771354, lastSeen = 1022771359, pktSent = \
5,<BR> pktRcvd = 0, bytesSent = 590, bytesRcvd = 0, bytesProtoSent = ! 382, \
bytesProtoRcvd = 0, bytesFragmentedSent = 0,<BR> bytesFragmentedRcvd = 0, \
minWindow = 64, maxWindow = 55359, nwLatency = {tv_sec = 0, tv_usec = 0}, numFin = \
1,<BR> numFinAcked = 0, lastAckIdI2R = 1464555384, lastAckIdR2I = 0, \
numDuplicatedAckI2R = 0, numDuplicatedAckR2I = 0,<BR> bytesRetranI2R = 0, \
bytesRetranR2I = 0, finId = {3907093120, 0, 0, 0}, lastFlags = 17, lastCSAck = 0, \
lastSCAck = 0,<BR> lastCSFin = 3907093120, lastSCFin = 0, \
lastInitiator2RemFlags = "\000\000\000", lastRem2InitiatorFlags = \
"\000\000\000",<BR> sessionState = 3 '\003', passiveFtpSession = 0 '\000', next \
= 0x0}<BR>(gdb)<BR>$15 = {magic = 0, initiatorIdx = 2, initiatorRealIp = {s_addr = \
2887190290}, sport = 4260, remotePeerIdx = 43,<BR> remotePeerRealIp = {s_addr = \
3507473923}, dport = 80, firstSeen = 1022771354, lastSeen = 1022771359, pktSent = \
5,<BR> pktRcvd = 0, bytesSent = 590, bytesRcvd = 0, bytesProtoSent = 382, \
bytesProtoRcvd = 0, bytesFragmentedSe! nt = 0,<BR> bytesFragmentedRcvd = 0, \
minWindow = 64, maxWindow = 55359, nwLatency = {tv_sec = 0, tv_usec = 0}, numFin = \
1,<BR> numFinAcked = 0, lastAckIdI2R = 1464555384, lastAckIdR2I = 0, \
numDuplicatedAckI2R = 0, numDuplicatedAckR2I = 0,<BR> bytesRetranI2R = 0, \
bytesRetranR2I = 0, finId = {3907093120, 0, 0, 0}, lastFlags = 17, lastCSAck = 0, \
lastSCAck = 0,<BR> lastCSFin = 3907093120, lastSCFin = 0, \
lastInitiator2RemFlags = "\000\000\000", lastRem2InitiatorFlags = \
"\000\000\000",<BR> sessionState = 3 '\003', passiveFtpSession = 0 '\000', next \
= 0x0}<BR>(gdb)<BR>$16 = {magic = 0, initiatorIdx = 2, initiatorRealIp = {s_addr = \
2887190290}, sport = 4260, remotePeerIdx = 43,<BR> remotePeerRealIp = {s_addr = \
3507473923}, dport = 80, firstSeen = 1022771354, lastSeen = 1022771359, pktSent = \
5,<BR> pktRcvd = 0, bytesSent = 590, bytesRcvd = 0, bytesProtoSent = 382, \
bytesProtoRcvd = 0, bytesFragmentedSent = 0,<BR> bytesFragmentedRcvd = 0,! \
minWindow = 64, maxWindow = 55359, nwLatency = {tv_sec = 0, tv_usec = 0}, numFin = \
1,<BR> numFinAcked = 0, lastAckIdI2R = 1464555384, lastAckIdR2I = 0, \
numDuplicatedAckI2R = 0, numDuplicatedAckR2I = 0,<BR> bytesRetranI2R = 0, \
bytesRetranR2I = 0, finId = {3907093120, 0, 0, 0}, lastFlags = 17, lastCSAck = 0, \
lastSCAck = 0,<BR> lastCSFin = 3907093120, lastSCFin = 0, \
lastInitiator2RemFlags = "\000\000\000", lastRem2InitiatorFlags = \
"\000\000\000",<BR> sessionState = 3 '\003', passiveFtpSession = 0 '\000', next \
= 0x0}<BR>(gdb)<BR>$17 = {magic = 0, initiatorIdx = 2, initiatorRealIp = {s_addr = \
2887190290}, sport = 4260, remotePeerIdx = 43,<BR> remotePeerRealIp = {s_addr = \
3507473923}, dport = 80, firstSeen = 1022771354, lastSeen = 1022771359, pktSent = \
5,<BR> pktRcvd = 0, bytesSent = 590, bytesRcvd = 0, bytesProtoSent = 382, \
bytesProtoRcvd = 0, bytesFragmentedSent = 0,<BR> bytesFragmentedRcvd = 0, \
minWindow = 64, maxWindow = 55359, nwLate! ncy = {tv_sec = 0, tv_usec = 0}, numFin = \
1,<BR> numFinAcked = 0, lastAckIdI2R = 1464555384, lastAckIdR2I = 0, \
numDuplicatedAckI2R = 0, numDuplicatedAckR2I = 0,<BR> bytesRetranI2R = 0, \
bytesRetranR2I = 0, finId = {3907093120, 0, 0, 0}, lastFlags = 17, lastCSAck = 0, \
lastSCAck = 0,<BR> lastCSFin = 3907093120, lastSCFin = 0, \
lastInitiator2RemFlags = "\000\000\000", lastRem2InitiatorFlags = \
"\000\000\000",<BR> sessionState = 3 '\003', passiveFtpSession = 0 '\000', next \
= 0x0}<BR>(gdb) frame 4<BR>#4 0x40290784 in scanTimedoutTCPSessions \
(actualDeviceId=0) at \
sessions.c:310<BR>310 \
freeSession(thisSession, actualDeviceId, 1);<BR>(gdb) print thisSession<BR>$18 = \
(IPSession *) 0x8793970<BR>(gdb) print *thisSession<BR>$19 = {magic = 0, initiatorIdx \
= 2, initiatorRealIp = {s_addr = 2887190290}, sport = 4260, remotePeerIdx = \
43,<BR> remotePeerRealIp = {s_addr = 3507473923}, dport! = 80, firstSeen = \
1022771354, lastSeen = 1022771359, pktSent = 5,<BR> pktRcvd = 0, bytesSent = \
590, bytesRcvd = 0, bytesProtoSent = 382, bytesProtoRcvd = 0, bytesFragmentedSent = \
0,<BR> bytesFragmentedRcvd = 0, minWindow = 64, maxWindow = 55359, nwLatency = \
{tv_sec = 0, tv_usec = 0}, numFin = 1,<BR> numFinAcked = 0, lastAckIdI2R = \
1464555384, lastAckIdR2I = 0, numDuplicatedAckI2R = 0, numDuplicatedAckR2I = \
0,<BR> bytesRetranI2R = 0, bytesRetranR2I = 0, finId = {3907093120, 0, 0, 0}, \
lastFlags = 17, lastCSAck = 0, lastSCAck = 0,<BR> lastCSFin = 3907093120, \
lastSCFin = 0, lastInitiator2RemFlags = "\000\000\000", lastRem2InitiatorFlags = \
"\000\000\000",<BR> sessionState = 3 '\003', passiveFtpSession = 0 '\000', next \
= 0x0}<BR>(gdb) frame 5<BR>#5 0x4028107e in purgeIdleHosts (actDevice=0) at \
hash.c:471<BR>471 \
scanTimedoutTCPSessions(actDevice); /* let's check timedout sessions too */<BR>(gdb) \
print ac! tDevice<BR>$20 = 0<BR>(gdb) print *actDevice<BR>Cannot access memory at \
address 0x0<BR>(gdb) frame 6<BR>#6 0x40286909 in scanIdleLoop (notUsed=0x0) at \
ntop.c:619<BR>619 \
purgeIdleHosts(i);<BR>(gdb) print i<BR>$21 = 0<BR>(gdb) print *i<BR>Cannot access \
memory at address 0x0<BR>(gdb) frame 7<BR>#7 0x4022fb9c in pthread_start_thread \
(arg=0x41ad2be0) at manager.c:274<BR>274 manager.c: No such \
file or directory.<BR> in \
manager.c<BR>(gdb) frame 8<BR>#8 0x4022fc7f in pthread_start_thread_event \
(arg=0x41ad2be0) at manager.c:298<BR>298 in \
manager.c<BR>(gdb) list<BR>293 in manager.c<BR>(gdb) info \
stack<BR>#0 0x4055ee9c in chunk_free (ar_ptr=0x40612620, p=0x8793968) at \
malloc.c:3228<BR>#1 0x4055ebf4 in __libc_free (mem=0x8793970) at \
malloc.c:3154<BR>#2 0x40284c55 in nt! op_safefree (ptr=0x41ad29dc, \
file=0x402a55b9 "sessions.c", line=246) at leaks.c:485<BR>#3 0x402905cf in \
freeSession (sessionToPurge=0x8793970, actualDeviceId=0, allocateMemoryIfNeeded=1 \
'\001')<BR> at sessions.c:246<BR>#4 0x40290784 in \
<BR>(gdb) frame 1<BR>#1 0x4055ebf4 in __libc_free (mem=0x8793970) at \
malloc.c:3154<BR>3154 malloc.c: No such file or \
directory.<BR> in malloc.c<BR>(gdb) frame \
0<BR>#0 0x4055ee9c in chunk_free (ar_ptr=0x40612620, p=0x8793968) at \
malloc.c:3228<BR>3228 in malloc.c<BR>(gdb) print at_ptr<BR>No \
symbol "at_ptr" in current context.<BR>(gdb) print ar_pt<BR>No symbol "ar_pt" in \
current context.<BR>(gdb) print ar_ptr<BR>$24 = (arena *) 0x40612620<BR>(gdb) print \
*ar_ptr<BR>$25 = {av = {0x0, 0xff0717ff, 0xad237d8, 0x40612620, 0x88d9150, 0x88d9150, \
0x8411070, 0x8461238, 0x8ba40d0, 0x8ba40d0,<BR> 0x87b73a0, \
0x8410ff0, 0x8a99df8, 0xaa05c10, 0x89600e8, 0x8a90c58, 0x40612658, 0x40612658, \
0x40612660, 0x40612660,<BR> 0x40612668, 0x40612668, 0x8483790, \
0x8866008, 0x40612678, 0x40612678, 0x87cbbd8, 0x87cbbd8, 0x87d6c70, \
0x8bc9948,<BR> 0x846f0c8, 0x8457e10! , 0x87dd370, 0x87dd370, \
0x406126a0, 0x406126a0, 0x406126a8, 0x406126a8, 0x868d1a8, \
0x868d1a8,<BR> 0x406126b8, 0x406126b8, 0x8875608, 0x841e778, \
0x406126c8, 0x406126c8, 0x406126d0, 0x406126d0, 0x8b377b0, \
0x887a510,<BR> 0x8962b28, 0x8962b28, 0x86785b0, 0xa8ff8c0, \
0xad236a0, 0xad236a0, 0x406126f8, 0x406126f8, 0x868d0b0, \
0x868d0b0,<BR> 0x87ed6a0, 0x8ba81a8, 0x40612710, 0x40612710, \
0x40612718, 0x40612718, 0x40612720, 0x40612720, 0x40612728, \
0x40612728,<BR> 0x40612730, 0x40612730, 0x40612738, 0x40612738, \
0x40612740, 0x40612740, 0x40612748, 0x40612748, 0x83f5368, \
0x83f5368,<BR> 0x40612758, 0x40612758, 0x40612760, 0x40612760, \
0x40612768, 0x40612768, 0x885e828, 0x847c9e0, 0x40612778, \
0x40612778,<BR> 0x40612780, 0x40612780, 0x40612788, 0x40612788, \
0x40612790, 0x40612790, 0x40612798, 0x40612798, 0x406127a0,<BR> \
0x406127a0, 0x406127a8, 0x406127a8, 0x862de30, 0x84! 0cbc0, 0x406127b8, 0x406127b8, \
0x406127c0, 0x406127c0, 0x406127c8,<BR> 0x406127c8, 0x406127d0, \
0x406127d0, 0x406127d8, 0x406127d8, 0x406127e0, 0x406127e0, 0x406127e8, \
0x406127e8,<BR> 0x406127f0, 0x406127f0, 0x406127f8, 0x406127f8, \
0x40612800, 0x40612800, 0x40612808, 0x40612808, 0x40612810,<BR> \
0x40612810, 0x40612818, 0x40612818, 0x87d69b0, 0x87d69b0, 0x83f5010, 0x83f5010, \
0x40612830, 0x40612830, 0x8236530,<BR> 0x8236530, 0x40612840, \
0x40612840, 0x40612848, 0x40612848, 0x40612850, 0x40612850, 0x40612858, 0x40612858, \
0x8b47ae0,<BR> 0x8b47ae0, 0x40612868, 0x40612868, 0x40612870, \
0x40612870, 0x40612878, 0x40612878, 0x40612880, 0x40612880, \
0x40612888,<BR> 0x40612888, 0x40612890, 0x40612890, 0x40612898, \
0x40612898, 0x406128a0, 0x406128a0, 0x406128a8, 0x406128a8,<BR> \
0x406128b0, 0x406128b0, 0x406128b8, 0x406128b8, 0x406128c0, 0x406128c0, 0x406128c8, \
0x406128! c8, 0x406128d0,<BR> 0x406128d0, 0x406128d8, 0x406128d8, \
0x406128e0, 0x406128e0, 0x406128e8, 0x406128e8, 0x406128f0, \
0x406128f0,<BR> 0x406128f8, 0x406128f8, 0x40612900, 0x40612900, \
0x40612908, 0x40612908, 0x40612910, 0x40612910, 0x40612918,<BR> \
0x40612918, 0x40612920, 0x40612920, 0x8b481b8, 0x8b481b8, 0x8479f18, 0x8b342d0...}, \
next = 0x40612620,<BR> size = 45112412, mutex = {__m_reserved = 0, __m_count = \
0, __m_owner = 0x0, __m_kind = 0, __m_lock = {__status = \
1,<BR> __spinlock = 0}}}<BR>(gdb)<BR>$26 = {av = {0x0, \
0xff0717ff, 0xad237d8, 0x40612620, 0x88d9150, 0x88d9150, 0x8411070, 0x8461238, \
0x8ba40d0, 0x8ba40d0,<BR> 0x87b73a0, 0x8410ff0, 0x8a99df8, \
0xaa05c10, 0x89600e8, 0x8a90c58, 0x40612658, 0x40612658, 0x40612660, \
0x40612660,<BR> 0x40612668, 0x40612668, 0x8483790, 0x8866008, \
0x40612678, 0x40612678, 0x87cbbd8, 0x87cbbd8, 0x87d6c70, 0x8bc9948,<BR>&nbs! \
p; 0x846f0c8, 0x8457e10, 0x87dd370, 0x87dd370, 0x406126a0, 0x406126a0, \
0x406126a8, 0x406126a8, 0x868d1a8, 0x868d1a8,<BR> 0x406126b8, \
0x406126b8, 0x8875608, 0x841e778, 0x406126c8, 0x406126c8, 0x406126d0, 0x406126d0, \
0x8b377b0, 0x887a510,<BR> 0x8962b28, 0x8962b28, 0x86785b0, \
0xa8ff8c0, 0xad236a0, 0xad236a0, 0x406126f8, 0x406126f8, 0x868d0b0, \
0x868d0b0,<BR> 0x87ed6a0, 0x8ba81a8, 0x40612710, 0x40612710, \
0x40612718, 0x40612718, 0x40612720, 0x40612720, 0x40612728, \
0x40612728,<BR> 0x40612730, 0x40612730, 0x40612738, 0x40612738, \
0x40612740, 0x40612740, 0x40612748, 0x40612748, 0x83f5368, \
0x83f5368,<BR> 0x40612758, 0x40612758, 0x40612760, 0x40612760, \
0x40612768, 0x40612768, 0x885e828, 0x847c9e0, 0x40612778, \
0x40612778,<BR> 0x40612780, 0x40612780, 0x40612788, 0x40612788, \
0x40612790, 0x40612790, 0x40612798, 0x40612798, 0x406127a0,<BR> \
0x406127a0, 0x40! 6127a8, 0x406127a8, 0x862de30, 0x840cbc0, 0x406127b8, 0x406127b8, \
0x406127c0, 0x406127c0, 0x406127c8,<BR> 0x406127c8, 0x406127d0, \
0x406127d0, 0x406127d8, 0x406127d8, 0x406127e0, 0x406127e0, 0x406127e8, \
0x406127e8,<BR> 0x406127f0, 0x406127f0, 0x406127f8, 0x406127f8, \
0x40612800, 0x40612800, 0x40612808, 0x40612808, 0x40612810,<BR> \
0x40612810, 0x40612818, 0x40612818, 0x87d69b0, 0x87d69b0, 0x83f5010, 0x83f5010, \
0x40612830, 0x40612830, 0x8236530,<BR> 0x8236530, 0x40612840, \
0x40612840, 0x40612848, 0x40612848, 0x40612850, 0x40612850, 0x40612858, 0x40612858, \
0x8b47ae0,<BR> 0x8b47ae0, 0x40612868, 0x40612868, 0x40612870, \
0x40612870, 0x40612878, 0x40612878, 0x40612880, 0x40612880, \
0x40612888,<BR> 0x40612888, 0x40612890, 0x40612890, 0x40612898, \
0x40612898, 0x406128a0, 0x406128a0, 0x406128a8, 0x406128a8,<BR> \
0x406128b0, 0x406128b0, 0x406128b8, 0x406128b8, 0x406128c! 0, 0x406128c0, 0x406128c8, \
0x406128c8, 0x406128d0,<BR> 0x406128d0, 0x406128d8, 0x406128d8, \
0x406128e0, 0x406128e0, 0x406128e8, 0x406128e8, 0x406128f0, \
0x406128f0,<BR> 0x406128f8, 0x406128f8, 0x40612900, 0x40612900, \
0x40612908, 0x40612908, 0x40612910, 0x40612910, 0x40612918,<BR> \
0x40612918, 0x40612920, 0x40612920, 0x8b481b8, 0x8b481b8, 0x8479f18, 0x8b342d0...}, \
next = 0x40612620,<BR> size = 45112412, mutex = {__m_reserved = 0, __m_count = \
0, __m_owner = 0x0, __m_kind = 0, __m_lock = {__status = \
1,<BR> __spinlock = 0}}}<BR>(gdb) print p<BR>$27 = \
0x8793968<BR>(gdb) print *p<BR>$28 = {prev_size = 0, size = 200, fd = 0x0, bk = \
0x2}<BR>(gdb)<BR>(gdb) frame 4<BR>#4 0x40290784 in scanTimedoutTCPSessions \
(actualDeviceId=0) at \
sessions.c:310<BR>310 \
freeSession(thisSession, actualDeviceId, 1);<BR>(gdb) print actualDevice! Id<BR>$29 = \
0<BR>(gdb) print actualDeviceId<BR>$30 = 0<BR>(gdb) print *actualDeviceId<BR>Cannot \
access memory at address 0x0<BR><BR><BR></P></DIV> <DIV></DIV>
<DIV></DIV>>From: "Burton M. Strauss III" <BURTON@NTOPSUPPORT.COM>
<DIV></DIV>>To: <NTOP@UNIPI.IT>
<DIV></DIV>>CC: <MAUDDIB888@HOTMAIL.COM>
<DIV></DIV>>Subject: RE: [Ntop] Suspicious FTP message from ntop
<DIV></DIV>>Date: Thu, 30 May 2002 16:00:47 -0500
<DIV></DIV>>
<DIV></DIV>>Nope, you've mostly missed the point of my instructions...
<DIV></DIV>>
<DIV></DIV>>you use the frame command in gdb to set which stack frame is "current" \
so <DIV></DIV>>that commands like list and print work in THAT context... the \
default is <DIV></DIV>>frame 0, where the failure occurred, and that's deep into \
malloc.c <DIV></DIV>>
<DIV></DIV>>You begin to get the point with this:
<DIV></DIV>>
<DIV></DIV>>(gdb) print ar_ptr
<DIV></DIV>>$10 = (arena *) 0x40612620
<DIV></DIV>>(gdb) print p
<DIV></DIV>>$11 = 0x8793968
<DIV></DIV>>
<DIV></DIV>>But they're variables deep in malloc.c and a) I don't have the source \
and b) <DIV></DIV>>don't care - I know what's wrong - it's trying to free \
something that wasn't <DIV></DIV>>allocated. What I don't know is what & why \
- and that's what locked up in <DIV></DIV>>the scanTimedoutTCPSessions() and \
freeSession() variables... <DIV></DIV>>
<DIV></DIV>>Basically, what you have to do is to follow the code and print what \
seems to <DIV></DIV>>be related...
<DIV></DIV>>
<DIV></DIV>>(gdb) info stack
<DIV></DIV>>#0 0x4055ee9c in chunk_free (ar_ptr=0x40612620, p=0x8793968) at
<DIV></DIV>>malloc.c:3228
<DIV></DIV>>#1 0x4055ebf4 in __libc_free (mem=0x8793970) at malloc.c:3154
<DIV></DIV>>#2 0x40284c55 in ntop_safefree (ptr=0x41ad29dc, file=0x402a55b9
<DIV></DIV>>"sessions.c", line=246) at leaks.c:485
<DIV></DIV>>#3 0x402905cf in freeSession (sessionToPurge=0x8793970, \
actualDeviceId=0, <DIV></DIV>>allocateMemoryIfNeeded=1 '\001')
<DIV></DIV>> at sessions.c:246
<DIV></DIV>>#4 0x40290784 in scanTimedoutTCPSessions (actualDeviceId=0) at
<DIV></DIV>>sessions.c:310
<DIV></DIV>>#5 0x4028107e in purgeIdleHosts (actDevice=0) at hash.c:471
<DIV></DIV>>#6 0x40286909 in scanIdleLoop (notUsed=0x0) at ntop.c:619
<DIV></DIV>>#7! 0x4022fb9c in pthread_start_thread (arg=0x41ad2be0) at \
manager.c:274 <DIV></DIV>>#8 0x4022fc7f in pthread_start_thread_event \
(arg=0x41ad2be0) at <DIV></DIV>>manager.c:298
<DIV></DIV>>
<DIV></DIV>>So reversing this gives us:
<DIV></DIV>>
<DIV></DIV>>scanIdleLoop() at ntop.c:619, invokes
<DIV></DIV>> purgeIdleHosts (actDevice=0) at hash.c:471, invokes
<DIV></DIV>> scanTimedoutTCPSessions (actualDeviceId=0) at sessions.c:310,
<DIV></DIV>>invokes
<DIV></DIV>> freeSession (sessionToPurge=0x8793970, actualDeviceId=0,
<DIV></DIV>>allocateMemoryIfNeeded=1 '\001')
<DIV></DIV>>
<DIV></DIV>>OK? Follow me so far?
<DIV></DIV>>
<DIV></DIV>>sure enough, 310 in sessions.c is
<DIV></DIV>>
<DIV></DIV>> freeSession(thisSession, actualDeviceId, 1);
<DIV></DIV>>
<DIV></DIV>>thisSession (called sessionToPurge in freeSession()) is defined as
<DIV></DIV>>"IPSession *". So one question is what's in that session... (it's \
defined <DIV></DIV>>in ntop.h, 1480->1516)
<DIV></DIV>>
<DIV></DIV>>What you should do is
<DIV></DIV>>(gdb) frame 3
<DIV></DIV>>(gdb) list
<DIV></DIV>>
<DIV></DIV>>this will now show you the code in for the call to free() in \
freeSession() <DIV></DIV>>in sessions.c
<DIV></DIV>>
<DIV></DIV>>then do
<DIV></DIV>>
<DIV></DIV>>(gdb) print sessionToPurge
<DIV></DIV>>(gdb) print *sessionToPurge
<DIV></DIV>>
<DIV></DIV>>This should give us the contents of the IPSession variable that's \
being <DIV></DIV>>purged...
<DIV></DIV>>
<DIV></DIV>>then do
<DIV></DIV>>
<DIV></DIV>>(gdb) frame 4
<DIV></DIV>>
<DIV></DIV>>which makes the current frame the one in scanTimedoutTCPSessions, and \
again <DIV></DIV>>you can list and print variable values...
<DIV></DIV>>
<DIV></DIV>>
<DIV></DIV>>
<DIV></DIV>>-----Burton
<DIV></DIV>>
<DIV></DIV>>
<DIV></DIV>>-----Original Message-----
<DIV></DIV>>From: ntop-admin@unipi.it [mailto:ntop-admin@unipi.it]On Behalf Of \
patrick <DIV></DIV>>wong
<DIV></DIV>>Sent: Thursday, May 30, 2002 11:48 AM
<DIV></DIV>>To: ntop@Unipi.IT
<DIV></DIV>>Subject: RE: [Ntop] Suspicious FTP message from ntop
<DIV></DIV>>
<DIV></DIV>>
<DIV></DIV>>Hello,
<DIV></DIV>>Here is the back trace (or info stack) on the thread that's dying and \
the <DIV></DIV>>frame command to point at the last place in ntop code. Also \
included is the <DIV></DIV>>list and print command. I hope this is helpful. \
Please let me know how to <DIV></DIV>>interpret and any assistance would be \
greatly appreciated. <DIV></DIV>>Regards, Patrick
<DIV></DIV>>
<DIV></DIV>>[root@localhost ntopuser]# gdb /usr/local/bin/ntop
<DIV></DIV>>GNU gdb Red Hat Linux 7.x (5.0rh-15) (MI_OUT)
<DIV></DIV>>Copyright 2001 Free Software Foundation, Inc.
<DIV></DIV>>GDB is free software, covered by the GNU General Public License, and \
you are <DIV></DIV>>welcome to change it and/or distribute copies of it under \
certain <DIV></DIV>>conditions.
<DIV></DIV>>Type "show copying" to see the conditions.
<DIV></DIV>>There is absolutely no warranty for GDB. Type "show warranty" for \
details. <DIV></DIV>>This GDB was configured as "i386-redhat-linux"...
<DIV></DIV>>(gdb) set args -u root -P /home/ntopuser -i eth0 -K
<DIV></DIV>>(gdb) run
<DIV></DIV>>Starting program: /usr/local/bin/ntop -u root -P /home/ntopuser -i \
eth0 -K <DIV></DIV>>[New Thread 1024 (LWP 13670)]
<DIV></DIV>>Wait please: ntop is coming up...
<DIV></DIV>>30/May/2002 11:08:45 Initializing IP services...
<DIV></DIV>>SSL is present but https is disabled: use -W <HTTPS port>for enabling \
it <DIV></DIV>>30/May/2002 11:08:45 Initializing GDBM...
<DIV></DIV>>30/May/2002 11:08:45 Initializing network devices...
<DIV></DIV>>30/May/2002 11:08:45 ntop v.2.0.99 MT ! (SSL) [i686-pc-linux-gnu] \
(05/30/02 <DIV></DIV>>09:39:29 AM build)
<DIV></DIV>>30/May/2002 11:08:45 Listening on [eth0]
<DIV></DIV>>30/May/2002 11:08:45 Copyright 1998-2002 by Luca Deri <DERI@NTOP.ORG>
<DIV></DIV>>30/May/2002 11:08:45 Get the freshest ntop from http://www.ntop.org/
<DIV></DIV>>30/May/2002 11:08:45 Initializing...
<DIV></DIV>>30/May/2002 11:08:45 Truncated network size to 1024 hosts (real \
netmask <DIV></DIV>>255.255.0.0)
<DIV></DIV>>30/May/2002 11:08:45 Loading plugins (if any)...
<DIV></DIV>>30/May/2002 11:08:45 Searching plugins in /usr/local/lib/ntop/plugins
<DIV></DIV>>30/May/2002 11:08:47 Welcome to icmpWatchPlugin. (C) 1999 by Luca \
Deri. <DIV></DIV>>30/May/2002 11:08:48 Welcome to LastSeenWatchPlugin. (C) 1999 \
by Andrea <DIV></DIV>>Marangoni.
<DIV></DIV>>30/May/2002 11:08:50 Welcome to NetFlow. (C) 2002 by Luca Deri.
<DIV></DIV>>30/May/2002 11:08:53 Welcome to nfsWatchPlugin. (C) 1999 by Luca Deri. \
<DIV></DIV>>30/May/2002 11:08:55 Welcome to PDAPlugin. (C) 2001-2002 by L.Deri \
and <DIV></DIV>>W.Brock
<DIV></DIV>>30/May/2002 11:08:57 Welcome ! to sFlowPlugin. (C) 2002 by Luca Deri.
<DIV></DIV>>30/May/2002 11:08:57 Resetting traffic statistics...
<DIV></DIV>>[New Thread 2049 (LWP 13678)]
<DIV></DIV>>[New Thread 1026 (LWP 13679)]
<DIV></DIV>>30/May/2002 11:08:58 Started thread (1026) for network packet \
analyser. <DIV></DIV>>[New Thread 2051 (LWP 13680)]
<DIV></DIV>>30/May/2002 11:08:58 Started thread (2051) for idle hosts detection.
<DIV></DIV>>[New Thread 3076 (LWP 13681)]
<DIV></DIV>>30/May/2002 11:08:59 Started thread (3076) for DNS address resolution. \
<DIV></DIV>>[New Thread 4101 (LWP 13682)]
<DIV></DIV>>30/May/2002 11:08:59 Started thread (4101) for address purge.
<DIV></DIV>>30/May/2002 11:08:59 Initializing plugins (if any)...
<DIV></DIV>>30/May/2002 11:08:59 NetFlow export disabled
<DIV></DIV>>30/May/2002 11:08:59 Waiting for HTTP connections on port 3000...
<DIV></DIV>>[New Thread 5126 (LWP 13683)]
<DIV></DIV>>30/May/2002 11:08:59 Started thread (5126) for web server.
<DIV></DIV>>30/May/2002 11:08:59 Sniffying...
<DIV></DIV>>[New Thread 6151 (LWP 13684)]
<DIV></DIV>>30/May/2002 11:08:59 Extending hash size [newSize=512][deviceId=0]
<DIV></DIV>>30/May/2002 11:09:00 Started th! read (6151) for network packet \
sniffing on <DIV></DIV>>eth0.
<DIV></DIV>>30/May/2002 11:09:24 Extending hash size [newSize=1024][deviceId=0]
<DIV></DIV>>30/May/2002 11:10:04 Extending hash size [newSize=2048][deviceId=0]
<DIV></DIV>>30/May/2002 11:11:34 Extending hash size [newSize=4096][deviceId=0]
<DIV></DIV>>30/May/2002 11:14:34 Extending hash size [newSize=8192][deviceId=0]
<DIV></DIV>>Program received signal SIGSEGV, Segmentation fault.
<DIV></DIV>>[Switching to Thread 2051 (LWP 13680)]
<DIV></DIV>>0x4055ee9c in chunk_free (ar_ptr=0x40612620, p=0x8793968) at \
malloc.c:3228 <DIV></DIV>>3228 malloc.c: No such file or directory.
<DIV></DIV>> in malloc.c
<DIV></DIV>>(gdb)
<DIV></DIV>>(gdb)
<DIV></DIV>>(gdb) info stack
<DIV></DIV>>#0 0x4055ee9c in chunk_free (ar_ptr=0x40612620, p=0x8793968) at
<DIV></DIV>>malloc.c:3228
<DIV></DIV>>#1 0x4055ebf4 in __libc_free (mem=0x8793970) at malloc.c:3154
<DIV></DIV>>#2 0x40284c55 in ntop_safefree (ptr=0x41ad29dc, file=0x402a55b9
<DIV></DIV>>"sessions.c", line=246) at leaks.c:485
<DIV></DIV>>#3 0x402905cf in freeSession (sessionToPurge=0x8793970, \
actualDeviceId=0, <DIV></DIV>>allocateMemoryIfNeeded=1 '\001')
<DIV></DIV>> at sessions.c:246
<DIV></DIV>>#4 0x40290784 in scanTimedoutTCPSessions (actualDeviceId=0) at
<DIV></DIV>>sessions.c:310
<DIV></DIV>>#5 0x4028107e in purgeIdleHosts (actDevice=0) at hash.c:471
<DIV></DIV>>#6 0x40286909 in scanIdleLoop (notUsed=0x0) at ntop.c:619
<DIV></DIV>>#7! 0x4022fb9c in pthread_start_thread (arg=0x41ad2be0) at \
manager.c:274 <DIV></DIV>>#8 0x4022fc7f in pthread_start_thread_event \
(arg=0x41ad2be0) at <DIV></DIV>>manager.c:298
<DIV></DIV>>(gdb) frame
<DIV></DIV>>#0 0x4055ee9c in chunk_free (ar_ptr=0x40612620, p=0x8793968) at
<DIV></DIV>>malloc.c:3228
<DIV></DIV>>3228 in malloc.c
<DIV></DIV>>(gdb) list
<DIV></DIV>>3223 in malloc.c
<DIV></DIV>>(gdb) print ar_ptr
<DIV></DIV>>$1 = (arena *) 0x40612620
<DIV></DIV>>(gdb) print p
<DIV></DIV>>$2 = 0x8793968
<DIV></DIV>>(gdb)
<DIV></DIV>>$3 = 0x8793968
<DIV></DIV>>(gdb)
<DIV></DIV>>$4 = 0x8793968
<DIV></DIV>>(gdb)
<DIV></DIV>>$5 = 0x8793968
<DIV></DIV>>(gdb)
<DIV></DIV>>$6 = 0x8793968
<DIV></DIV>>(gdb)
<DIV></DIV>>$7 = 0x8793968
<DIV></DIV>>(gdb)
<DIV></DIV>>$8 = 0x8793968
<DIV></DIV>>(gdb)
<DIV></DIV>>$9 = 0x8793968
<DIV></DIV>>(gdb) list
<DIV></DIV>>3223 in malloc.c
<DIV></DIV>>(gdb) info stack
<DIV></DIV>>#0 0x4055ee9c in chunk_free (ar_ptr=0x40612620, p=0x8793968) at
<DIV></DIV>>malloc.c:3228
<DIV></DIV>>#1 0x4055ebf4 in __libc_free (mem=0x8793970) at malloc.c:3154
<DIV></DIV>>#2 0x40284c55 in ntop_safefree (ptr=0x41ad29dc, file=0x402a55b9
<DIV></DIV>>"sessions.c", line=246) at leaks.c:485
<DIV></DIV>>#3 0x402! 905cf in freeSession (sessionToPurge=0x8793970, \
actualDeviceId=0, <DIV></DIV>>allocateMemoryIfNeeded=1 '\001')
<DIV></DIV>> at sessions.c:246
<DIV></DIV>>#4 0x40290784 in scanTimedoutTCPSessions (actualDeviceId=0) at
<DIV></DIV>>sessions.c:310
<DIV></DIV>>#5 0x4028107e in purgeIdleHosts (actDevice=0) at hash.c:471
<DIV></DIV>>#6 0x40286909 in scanIdleLoop (notUsed=0x0) at ntop.c:619
<DIV></DIV>>#7 0x4022fb9c in pthread_start_thread (arg=0x41ad2be0) at \
manager.c:274 <DIV></DIV>>#8 0x4022fc7f in pthread_start_thread_event \
(arg=0x41ad2be0) at <DIV></DIV>>manager.c:298
<DIV></DIV>>(gdb) print ar_ptr
<DIV></DIV>>$10 = (arena *) 0x40612620
<DIV></DIV>>(gdb) print p
<DIV></DIV>>$11 = 0x8793968
<DIV></DIV>>(gdb)
<DIV></DIV>>
<DIV></DIV>>
<DIV></DIV>>
<DIV></DIV>> >From: "Burton M. Strauss III"
<DIV></DIV>> >To:
<DIV></DIV>> >CC:
<DIV></DIV>> >Subject: RE: [Ntop] Suspicious FTP message from ntop
<DIV></DIV>> >Date: Thu, 30 May 2002 09:37:08 -0500
<DIV></DIV>> >
<DIV></DIV>> >Fine... how about doing the back trace... (info stack) on the \
thread that's <DIV></DIV>> >dying... then use the frame command to point at \
the last place in ntop <DIV></DIV>>code.
<DIV></DIV>> >Then the list will be meaningful. Also, print requires a variable \
name... <DIV></DIV>> >
<DIV></DIV>> >-----Burton
<DIV></DIV>> >
<DIV></DIV>> >
<DIV></DIV>> >-----Original Message-----
<DIV></DIV>> >From: ntop-admin@unipi.it [mailto:ntop-admin@unipi.it]On Behalf \
Of patrick <DIV></DIV>> >wong
<DIV></DIV>> >Sent: Thursday, May 30, 2002 9:23 AM
<DIV></DIV>> >To: Burton@ntopsupport.com; ntop@Unipi.IT
<DIV></DIV>> >Subject: RE: [Ntop] Suspicious FTP message from ntop
<DIV></DIV>> >
<DIV></DIV>> >
<DIV></DIV>> >Hello,
<DIV></DIV>> >I have a new error now. I get the following segmentation fault \
from the <DIV></DIV>> >lastest build of Ntop. Ntop is a compiled build of \
ntop-02-05-30.tgz <DIV></DIV>> >It looks like Ntop is having segmentation \
faults at malloc.c. Any <DIV></DIV>>assistance
<DIV></DIV>> >would appreciated.
<DIV></DIV>> >Regards, Patrick
<DIV></DIV>> >
<DIV></DIV>> >
<DIV></DIV>> >[root@localhost ntopuser]# gdb /usr/local/bin/ntop
<DIV></DIV>> >GNU gdb Red Hat Linux 7.x (5.0rh-15) (MI_OUT)
<DIV></DIV>> >Copyright 2001 Free Software Foundation, Inc.
<DIV></DIV>> >GDB is free software, covered by the GNU General Public License, \
and you <DIV></DIV>>are
<DIV></DIV>> >welcome to change it and/or distribute copies of it under certain \
<DIV></DIV>> >conditions.
<DIV></DIV>> >Type "show copying" to see the conditions.
<DIV></DIV>> >There is absolutely no warranty for GDB. Type "show warranty" for \
details. <DIV></DIV>> >This GDB was configured as "i386-redhat-linux"...
<DIV></DIV>> >(gdb) set args -u root -i eth0 -P /home/ntopuser -K
<DIV></DIV>> >(gdb) run
<DIV></DIV>> >Starting program: /usr/local/bin/ntop -u root -i eth0 -P \
/home/ntopuser -K <DIV></DIV>> >[New Thread 1024 (LWP 13543)]
<DIV></DIV>> >Wait please: ntop is coming up...
<DIV></DIV>> >30/May/2002 10:20:22 Initializing IP services...
<DIV></DIV>> >SSL is present but https is disabled: use -W for enabling it
<DIV></DIV>> >30/May/2002 10:20:22 Initializing GDBM...
<DIV></DIV>> >30/May/2002 10:20:22 Initializing network devices...
<DIV></DIV>> >30/May/2002 10:20:22 ntop v.2.0.99 MT ! (SSL) [i686-pc-linux-gnu] \
(05/30/02 <DIV></DIV>> >09:39:29 AM build)
<DIV></DIV>> >30/May/2002 10:20:22 Listening on [eth0]
<DIV></DIV>> >30/May/2002 10:20:22 Copyright 1998-2002 by Luca Deri
<DIV></DIV>> >30/May/2002 10:20:22 Get the freshest ntop from \
http://www.ntop.org/ <DIV></DIV>> >30/May/2002 10:20:22 Initializing...
<DIV></DIV>> >30/May/2002 10:20:22 Truncated network size to 1024 hosts (real \
netmask <DIV></DIV>> >255.255.0.0)
<DIV></DIV>> >30/May/2002 10:20:22 Loading plugins (if any)...
<DIV></DIV>> >30/May/2002 10:20:22 Searching plugins in \
/usr/local/lib/ntop/plugins <DIV></DIV>> >30/May/2002 10:20:24 Welcome to \
icmpWatchPlugin. (C) 1999 by Luca Deri. <DIV></DIV>> >30/May/2002 10:20:26 \
Welcome to LastSeenWatchPlugin. (C) 1999 by Andrea <DIV></DIV>> >Marangoni.
<DIV></DIV>> >30/May/2002 10:20:28 Welcome to NetFlow. (C) 2002 by Luca Deri.
<DIV></DIV>> >30/May/2002 10:20:30 Welcome to nfsWatchPlugin. (C) 1999 by Luca \
Deri. <DIV></DIV>> >30/May/2002 10:20:32 Welcome to PDAPlugin. (C) 2001-2002 \
by L.Deri and <DIV></DIV>> >W.Brock
<DIV></DIV>> >30/May/2002 10:20:35 Welcome ! to sFlowPlugin. (C) 2002 by Luca \
Deri. <DIV></DIV>> >30/May/2002 10:20:35 Resetting traffic statistics...
<DIV></DIV>> >[New Thread 2049 (LWP 13550)]
<DIV></DIV>> >[New Thread 1026 (LWP 13551)]
<DIV></DIV>> >30/May/2002 10:20:36 Started thread (1026) for network packet \
analyser. <DIV></DIV>> >[New Thread 2051 (LWP 13552)]
<DIV></DIV>> >30/May/2002 10:20:36 Started thread (2051) for idle hosts \
detection. <DIV></DIV>> >[New Thread 3076 (LWP 13553)]
<DIV></DIV>> >30/May/2002 10:20:36 Started thread (3076) for DNS address \
resolution. <DIV></DIV>> >[New Thread 4101 (LWP 13554)]
<DIV></DIV>> >30/May/2002 10:20:37 Started thread (4101) for address purge.
<DIV></DIV>> >30/May/2002 10:20:37 Initializing plugins (if any)...
<DIV></DIV>> >30/May/2002 10:20:37 NetFlow export disabled
<DIV></DIV>> >30/May/2002 10:20:37 Waiting for HTTP connections on port 3000... \
<DIV></DIV>> >[New Thread 5126 (LWP 13555)]
<DIV></DIV>> >30/May/2002 10:20:37 Started thread (5126) for web server.
<DIV></DIV>> >30/May/2002 10:20:37 Sniffying...
<DIV></DIV>> >[New Thread 6151 (LWP 13556)]
<DIV></DIV>> >30/May/2002 10:20:37 Extending hash size \
[newSize=512][deviceId=0] <DIV></DIV>> >30/May/2002 10:20:38 Started th! read \
(6151) for network packet sniffing on <DIV></DIV>> >eth0.
<DIV></DIV>> >30/May/2002 10:20:58 Extending hash size \
[newSize=1024][deviceId=0] <DIV></DIV>> >30/May/2002 10:21:28 Extending hash \
size [newSize=2048][deviceId=0] <DIV></DIV>> >30/May/2002 10:22:48 Extending \
hash size [newSize=4096][deviceId=0] <DIV></DIV>> >30/May/2002 10:25:48 \
Extending hash size [newSize=8192][deviceId=0] <DIV></DIV>> >Program received \
signal SIGSEGV, Segmentation fault. <DIV></DIV>> >[Switching to Thread 2051 \
(LWP 13552)] <DIV></DIV>> >0x4055ee9c in chunk_free (ar_ptr=0x40612620, \
p=0x93bcc68) at malloc.c:3228 <DIV></DIV>> >3228 malloc.c: No such file or \
directory. <DIV></DIV>> > in malloc.c
<DIV></DIV>> >(gdb) list
<DIV></DIV>> >3223 in malloc.c
<DIV></DIV>> >(gdb) print
<DIV></DIV>> >The history is empty.
<DIV></DIV>> >(gdb) list
<DIV></DIV>> >3223 in malloc.c
<DIV></DIV>> >(gdb) thread
<DIV></DIV>> >[Current thread is 4 (Thread 2051 (LWP 13552))]
<DIV></DIV>> >(gdb) thread
<DIV></DIV>> >[Current thread is 4 (Thread 2051 (LWP 13552))]
<DIV></DIV>> >(gdb) thread 1
<DIV></DIV>> >[Switching to thread 1 (Thread 1024 (LWP 13543))]#0 0x405989e7 in \
<DIV></DIV>> >__libc_pause () from /lib/i686/libc.so.6
<DIV></DIV>> >(gdb) list
<DIV></DIV>> >3223 in malloc.c
<DIV></DIV>> >(gdb) print
<DIV></DIV>> >The history is empty.
<DIV></DIV>> >(gdb) thread 2
<DIV></DIV>> >[Switching to thread 2 (Thread 2049 (LWP 13550))]#0 0x405c39f7 in \
__poll <DIV></DIV>> >(fds=0x82a99cc, nfds=1, timeout=2000)
<DIV></DIV>> > at ../sysdeps/unix/sysv/linu! x/poll.c:63
<DIV></DIV>> >63 ../sysdeps/unix/sysv/linux/poll.c: No such file or directory.
<DIV></DIV>> > in ../sysdeps/unix/sysv/linux/poll.c
<DIV></DIV>> >(gdb) list
<DIV></DIV>> >58 in ../sysdeps/unix/sysv/linux/poll.c
<DIV></DIV>> >(gdb) list 3
<DIV></DIV>> >1 in ../sysdeps/unix/sysv/linux/poll.c
<DIV></DIV>> >(gdb) list
<DIV></DIV>> >1 in ../sysdeps/unix/sysv/linux/poll.c
<DIV></DIV>> >(gdb) thread 3
<DIV></DIV>> >[Switching to thread 3 (Thread 1026 (LWP 13551))]#0 0x4050caa5 in \
<DIV></DIV>> >__sigsuspend (set=0x412d263c)
<DIV></DIV>> > at ../sysdeps/unix/sysv/linux/sigsuspend.c:45
<DIV></DIV>> >45 ../sysdeps/unix/sysv/linux/sigsuspend.c: No such file or \
directory. <DIV></DIV>> > in ../sysdeps/unix/sysv/linux/sigsuspend.c
<DIV></DIV>> >(gdb) list
<DIV></DIV>> >40 in ../sysdeps/unix/sysv/linux/sigsuspend.c
<DIV></DIV>> >(gdb)
<DIV></DIV>> >40 i! n ../sysdeps/unix/sysv/linux/sigsuspend.c
<DIV></DIV>> >(gdb)
<DIV></DIV>> >40 in ../sysdeps/unix/sysv/linux/sigsuspend.c
<DIV></DIV>> >(gdb) thread 4
<DIV></DIV>> >[Switching to thread 4 (Thread 2051 (LWP 13552))]#0 0x4055ee9c in \
<DIV></DIV>> >chunk_free (ar_ptr=0x40612620, p=0x93bcc68)
<DIV></DIV>> > at malloc.c:3228
<DIV></DIV>> >3228 malloc.c: No such file or directory.
<DIV></DIV>> > in malloc.c
<DIV></DIV>> >(gdb) list
<DIV></DIV>> >3223 in malloc.c
<DIV></DIV>> >(gdb)
<DIV></DIV>> >
<DIV></DIV>> >
<DIV></DIV>> >
<DIV></DIV>> >
<DIV></DIV>> >Send and receive Hotmail on your mobile device: Click Here
<DIV></DIV>> >_______________________________________________ Ntop mailing list \
<DIV></DIV>> >Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
<DIV></DIV>> >
<DIV></DIV>>
<DIV></DIV>>
<DIV></DIV>>
<DIV></DIV>>MSN Photos is the easiest way to share and print your photos: Click \
Here <DIV></DIV>>_______________________________________________ Ntop mailing \
list <DIV></DIV>>Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
<DIV></DIV>>
<DIV></DIV></div><br clear=all><hr>MSN Photos is the easiest way to share and print \
your photos: <a href='http://g.msn.com/1HM301601/43'>Click Here</a><br></html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic