These are the kind of features for which we solicit development support. Especially if it's valuable to a particular company or organization, it's a great way to support ntop and ensure it has a future. You should probably contact Luca or myself off-line to further discuss it.
-----Burton > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf > Of Ken > Sent: Tuesday, December 30, 2003 1:30 PM > To: [EMAIL PROTECTED] > Subject: [Ntop-dev] Feature request: MAC addresses with --no-mac > > > Greetings Luca et al: > > I've been testing NTOP CVS 2.2.98 on a large network. I appreciate your > work on this project -- I find it very useful. I also appreciate the > changes you have made for finer grain control of features for large > networks (e.g., breaking apart -j, adding remote hosts when using > -g, etc.). > > However, when using -o | --no-mac for the reasons discussed in your > documentation, I would still like ntop to report/track the MAC address > associated with the IP. In other words, "Don't trust MAC addresses", > but still report them for local hosts. Perhaps this could be an option > to --no-mac which could be enabled/disabled. > > With some tweaking, this would be useful in circumstances where a host > inside the network is generating random, non-local, source IP addresses > (recent malware feature), i.e., the source IP is not in -m (effective) > but the source MAC address matches one that is. Or, it would be useful > in a large, flat network in other circumstances. Obviously, I understand > that the MAC displayed could be an intermediate router or switch rather > than the actual host, but it is still valuable information. I also > believe others who use port/VLAN mirroring (with somewhat reliable Layer > 2 information) would appreciate this feature. > > Regards, > Ken Beaty > > _______________________________________________ > Ntop-dev mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > _______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
