Is there an ntop virus for Linux?

Wed Jul 29 11:19:07 MST 2009

No, nothing that I am aware of.

I disabled ntop from init.d, rebooted, and the world did not come to an
end...;-).

Does VMware or VirtualBox depend on ntop in some way? I have those installed
for my Windows partition, but I don't use them because my po' lil' Pentium
IV has a hard time keeping up with both Linux and XP at the same time. I
also couldn't get USB and network to work with them, so my dream of running
iTunes on Linux (via VMware/VirtualBox and XP) did not come to fruition.
Perhaps they installed ntop?

Mark

On Wed, Jul 29, 2009 at 10:46 AM, Bob Elzer <bob.elzer at gmail.com> wrote:

>  I agree with Hans, did you turn on any monitoring programs ? Stat
> gathering, big brother, hobbit, nagios anything of this nature ?
>
>
>  ------------------------------
> *From:* plug-discuss-bounces at lists.plug.phoenix.az.us [mailto:
> plug-discuss-bounces at lists.plug.phoenix.az.us] *On Behalf Of *Mark
> Phillips
> *Sent:* Wednesday, July 29, 2009 9:59 AM
> *To:* Main PLUG discussion list
> *Subject:* Re: Is there an ntop virus for Linux?
>
>
>
> On Wed, Jul 29, 2009 at 9:40 AM, Ryan Rix <phrkonaleash at gmail.com> wrote:
>
>>  Mark Phillips wrote:
>> > Whenever I start my Debian Lenny testing laptop a process called ntop
>> starts
>> > and quickly consumes 99% of my cpu. If I kill the process, nothing
>> happens.
>> > If I run ntop from the command line, it does what the man page says it
>> does,
>> > and hardly consumes any resources at all. There is an ntop in
>> /etc/init.d/,
>> > and when I run /etc/init.s/ntop it consumes very few resources - the
>> script
>> > calls /usr/sbin/ntop. There are no entries in the
>> /var/log/ntop/access.log
>> > file.
>> >
>> > My questions are:
>> >
>> > Do I have a virus masquerading as ntop, and if so how do I remove it? I
>> > googled "linux ntop virus" and did not come up with anything useful.
>> >
>> > Can I just remove ntop from /etc/init.d/ ?
>> >
>> > How do I find out if another startup program needs ntop?
>> >
>> > Is ntop necessary at startup?
>> >
>>
>> Are you monitoring your network usage?
>> if not, probably safe to remove the /etc/rc.d/ hooks for it for the
>> runlevel you are booting into.
>>
>> /etc/rc.d/rc5/XX-ntop <-- look for something like that if you are
>> booting into runlevel 5 (full desktop)
>>
>> all in all, removing init.d scripts is a bad idea.
>>
>> If the init scripts in debian use LSB, the headers will tell you which
>> (if any) require ntop.
>>
>> Does ps -aux list any options for ntop when it's run from init?
>>
>> Ryan
>
>
> Ryan,
>
> I am not monitoring network usage. This weird behavior just started a week
> or so ago.
>
> Here is what ps says when I start ntop:
>
> narwhale:/home/mark# ps aux | grep ntop
> ntop     10943  4.5  2.6 197824 27136 ?        Ssl  09:49   0:00
> /usr/sbin/ntop -d -L -u ntop -P /var/lib/ntop --access-log-file
> /var/log/ntop/access.log -i eth0,eth1 -p /etc/ntop/protocol.list -O
> /var/log/ntop
>
> I ran grep -nr "ntop" /etc/init.d and all references to ntop are from the
> ntop script, so I assume none of the other init.d scripts are calling ntop.
>
> Any other thoughts, or should I just disable ntop from init.d:
>
> update-rc.d -f  ntop remove
>
> Mark
>
> P.S. Since I started ntop to check the output from ps, I let it run. And
> sure enough, after a few minutes, the fan started blowing hard and CPU usage
> went over 90% for ntop. Now I am really confused....I guess the real
> question is why do I need ntop to start my laptop?
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090729/ac73cf2e/attachment.htm 