@johnpoz The decoded base 64 isn't something I recognise. It's simply "teamspeak5:" and then a random string of numbers/letters/symbols.

@luckman212 Heck yeah! Thanks for the help!

Just thought I'd share my experience, while not on pfsense, using ntopng Community v.6.7.260105 rev.27191 (FreeBSD 14.0), disabling "Active Network Discovery" was all that was needed for the crashes to stop. Since I disabled this, the service has been up and running nonstop for ~3 days now. Before, it wouldn't last longer than 4-12 hours before crashing/stopping with no logs.

@johnpoz said in Arpwatch not downloading vendor ID's: I noticed this - and looked at all of my other interfaces and they all show age of 0. Doc for the underlying ANDwatch query is here. Age is the number of days since the record was last updated.

@tinfoilmatt that os is new to me.

@kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

@Antibiotic No it’s not possible with NtopNG as it is not a Netflow collector. You need nProbe for that which will “translate” recieved netflows into flows that NtopNG understands and can visualize (with very very little detail might I add as Netflows has no additonal information apart from sender/reciever and volume). The NtopNG package and the product in general is more geared towards visualising and recording traffic details from actual packet captures. This contains MUCH more metadata about the sessions than netflows (DNS names, protocol information and myriads of other things). But pffSense Plus has a builtin Netflow exporter if you have an external netflow collector on hand.

@Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

@pulsartiger The database name is vnstat.db and its location is under /var/db/vnstat. With "Backup Files/Dir" we are able to do backup or also with a cron.

@StealthNet said in Outgoing Portscans - ntopng?: Tbh I never thought a default package would do some kind of outbound network discovery based on class C scanning of internet hosts. I don´t think this is ok. I agree. I was rather shocked when I discovered this while diagnosing the same issue with another pfSense user who happens to be a close friend of min. He had also enabled it because ntopng's description made it sound like a good thing. Anyway, I appreciate your, and others, input on this. I believe I will add a set of warning to the next version of the package, to at least have put forth the information/warning. Thank you.

@jonatremoteeyes If ntopng runs fine locally but won't connect to Ntop Cloud, it might indeed be a package limitation or the cloud.conf not being picked up properly by the pfSense package.

I know this thread is old, but this same issue (duplicated November) is reproducible in pfSense 24.03 with Traffic Totals 2.3.2_4. Same as others have reported, vnstat from the command prompt shows the correct dates.

@keyser Because i've seen it can be pretty intensive, I'm going to enable it only when the needs come up. Ive seen folks leave it on which i guess you can do but seems a bit much. I appreciate your advice!