Segment fault with ntopng v3.9.200113

[nopbit]

Hello,

Thanks for the real cool script :) I am getting error from ntopng after i run the python script. Which version of ntopng do you suggest to use?

Best regards

20/Jan/2020 10:00:48 [Ntop.cpp:406] Welcome to ntopng x86_64 v.3.9.200113 - (C) 1998-20 ntop.org 20/Jan/2020 10:00:48 [PeriodicActivities.cpp:101] Started periodic activities loop... 20/Jan/2020 10:00:49 [PeriodicActivities.cpp:149] Each periodic activity script will use 2 threads 20/Jan/2020 10:00:49 [NetworkInterface.cpp:2347] Started packet polling on interface tcp://127.0.0.1:1234 [id: 4]... 20/Jan/2020 10:00:49 [ZMQCollectorInterface.cpp:255] Collecting flows on tcp://127.0.0.1:1234 20/Jan/2020 10:01:02 [ZMQParserInterface.cpp:1041] WARNING: JSON type 5 not supported Segmentation fault

[olivervbk]

I was using the ntopng available in apt for Raspbian at the time, but from the error message it seems that netflow2ntopng was sending invalid data to ntopng in your case: https://github.com/ntop/ntopng/blob/dev/src/ZMQParserInterface.cpp#L1041

Could you add the options you were using with ntopng & netflow2ntopng and a dump of the ZMQ traffic netflow2ntopng was sending (if possible)?

[nopbit]

I uninstalled and installed the lastest stable release which is "3.8.200105" and it worked very well. Seems they changed something in version 3.9. I can share my dump with you, but could you tell me how can i record it?

Thanks

[olivervbk]

You could try something like: sudo tcpdump -i lo0 -w netflow2ntopng.dump port 1234

This should save all traffic on the loopback interface and port 1234 (your example says tcp://127.0.0.1:1234) and will save the dump in the working directory.