Burton et al: I apologize for the delay in responding -- I was out of town for the Holidays. I hope the Holidays were pleasant for you and yours.
I believe I understand your response correctly; however, I would like to break apart my original request. First, the request to display the MAC address without trusting it when -o | --no-mac is specified. I really think this part is trivial since it is about 5 minutes of work. I have attached a patch that produces the desired behavior and doesn't adversely affect any other features in my brief testing. I offer it for you and others to determine the usefulness and efficacy of this approach. Second, I concede that the desired "tweaks" and supporting analysis certainly rise above trivial changes. I have reviewed the information at shop.ntop.org and understand the options. Please send me (off-line) your SOR template or RFIs so that I can give you sufficient information to give me an educated guess at the level of effort. Regards, Ken Beaty -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton M. Strauss III Sent: Tuesday, December 30, 2003 16:59 To: [EMAIL PROTECTED] Subject: RE: [Ntop-dev] Feature request: MAC addresses with --no-mac These are the kind of features for which we solicit development support. Especially if it's valuable to a particular company or organization, it's a great way to support ntop and ensure it has a future. You should probably contact Luca or myself off-line to further discuss it. -----Burton > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf > Of Ken > Sent: Tuesday, December 30, 2003 1:30 PM > To: [EMAIL PROTECTED] > Subject: [Ntop-dev] Feature request: MAC addresses with --no-mac > > > Greetings Luca et al: > > I've been testing NTOP CVS 2.2.98 on a large network. I appreciate your > work on this project -- I find it very useful. I also appreciate the > changes you have made for finer grain control of features for large > networks (e.g., breaking apart -j, adding remote hosts when using > -g, etc.). > > However, when using -o | --no-mac for the reasons discussed in your > documentation, I would still like ntop to report/track the MAC address > associated with the IP. In other words, "Don't trust MAC addresses", > but still report them for local hosts. Perhaps this could be an option > to --no-mac which could be enabled/disabled. > > With some tweaking, this would be useful in circumstances where a host > inside the network is generating random, non-local, source IP addresses > (recent malware feature), i.e., the source IP is not in -m (effective) > but the source MAC address matches one that is. Or, it would be useful > in a large, flat network in other circumstances. Obviously, I understand > that the MAC displayed could be an intermediate router or switch rather > than the actual host, but it is still valuable information. I also > believe others who use port/VLAN mirroring (with somewhat reliable Layer > 2 information) would appreciate this feature. > > Regards, > Ken Beaty > > _______________________________________________ > Ntop-dev mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop-dev > _______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev begin 666 showmac-ntop-2.2.98.patch M+2TM(&YT;W O=F5N9&]R+F,N;W)I9PDR,# T+3 Q+3 U(#$U.C0V.C4P+C P M,# P,# P," M,#4P, HK*RL@;G1O<"]V96YD;W(N8PDR,# T+3 Q+3 U(#$U M.C0W.C0Y+C P,# P,# P," M,#4P, I 0" M,S8R+#@@*S,V,BPW($! "B!C M:&%R*B!G971696YD;W));F9O*'5?8VAA<[EMAIL PROTECTED]<F5S<RP@<VAO<G0@ M96YC;V1E4W1R:6YG*2!["B @(&-H87(J(')E=#L*( HM("!I9BAM>4=L;V)A M;',N9&]N=%1R=7-T34%#861D<@HM(" @("!\?" H;65M8VUP*&5T:$%D9')E M<W,L(&UY1VQO8F%L<RYO=&AE<DAO<W1%;G1R>2T^971H061D<F5S<[EMAIL PROTECTED] M7T542$523D547T%$1%)%4U,I(#T](# I*0HK("!I9BAM96UC;7 H971H061D M<F5S<RP@;7E';&]B86QS+F]T:&5R2&]S=$5N=')Y+3YE=&A!9&1R97-S+"!, M14Y?151(15).151?041$4D534RD@/3T@,"D*(" @("!R971U<FXH(B(I.PH@ M"B @(')E=" ](&=E=$U!0TEN9F\H,[EMAIL PROTECTED]<F5S<[EMAIL PROTECTED];V1E4W1R M:6YG*3L*+2TM(&YT;W O<F5P;W)T+F,N;W)I9PDR,# T+3 Q+3 U(#$U.C0V M.C(Y+C P,# P,# P," M,#4P, HK*RL@;G1O<"]R97!O<G0N8PDR,# T+3 Q M+3 U(#$V.C R.C,Q+C P,# P,# P," M,#4P, I 0" M,34Y-2PW("LQ-3DU M+#<@0$ *(" @(" @('1H94%N8VAO<ELP72 ](&AT;6Q!;F-H;W(Q.PH@(" @ M('T*( HM(" @(&EF*"$H;7E';&]B86QS+F1O;G14<G5S=$U!0V%D9'(@?'P@ M;7E';&]B86QS+F1E=FEC95MM>4=L;V)A;',N86-T=6%L4F5P;W)T1&5V:6-E M261=+F1U;6UY1&5V:6-E*2D@>PHK(" @(&EF*"$H;7E';&]B86QS+F1E=FEC M95MM>4=L;V)A;',N86-T=6%L4F5P;W)T1&5V:6-E261=+F1U;6UY1&5V:6-E M*2D@>PH@(" @(" @:68H<VYP<FEN=&8H8G5F+"!S:7IE;V8H8G5F*2P@(CQ# M14Y415(^(E1!0DQ%7T].(CQ404),12!"3U)$15(],3Y<;CQ44B B5%)?3TXB M(")$05)+7T)'(CXB"B )"2 @(CQ42" B5$A?0D<B/B5S,3Y(;W-T)7,\+T$^ M/"]42#XB"B )"2 @(CQ42" B5$A?0D<B/B5S(D9,04=?1$]-04E.7T1534U9 M7TE$6%]35%(B/D1O;6%I;B5S/"]!/[EMAIL PROTECTED](@I 0" M,38V,RPW("LQ-C8S M+#<@0$ *( [EMAIL PROTECTED]&UP3F%M93%;,%T@/3T@)UPP)[EMAIL PROTECTED]'[EMAIL PROTECTED]'-T<F-M<"AT M;7!.86UE,2P@(C N,"XP+C B*2 ]/2 P*2D*( D@('1M<$YA;64Q(#T@;7E' M;&]B86QS+G-E<&%R871O<CL*( HM"6EF*"$H;7E';&]B86QS+F1O;G14<G5S M=$U!0V%D9'(@?'P@;7E';&]B86QS+F1E=FEC95MM>4=L;V)A;',N86-T=6%L M4F5P;W)T1&5V:6-E261=+F1U;6UY1&5V:6-E*2D@>PHK"6EF*"$H;7E';&]B M86QS+F1E=FEC95MM>4=L;V)A;',N86-T=6%L4F5P;W)T1&5V:6-E261=+F1U M;6UY1&5V:6-E*2D@>PH@"2 @=&UP3F%M93(@/2!G971696YD;W));F9O*&5L M+3YE=&A!9&1R97-S+" Q*3L*( D@(&EF*'1M<$YA;64R6S!=(#T]("=<,"<I M"B )(" @('1M<$YA;64R(#T@;7E';&]B86QS+G-E<&%R871O<CL*0$ @+3$W M,#4L-R K,3<P-2PW($! "B *( ES96YD4W1R:6YG*&UA:V5(;W-T3&EN:RAE M;"[EMAIL PROTECTED](3U-43$E.2U](5$U,7T9/4DU!5"P@,"P@,2P@:&]S=$QI;FM" M=68L('-I>F5O9BAH;W-T3&EN:T)U9BDI*3L*( HM"6EF*"$H;7E';&]B86QS M+F1O;G14<G5S=$U!0V%D9'(@?'P@;7E';&]B86QS+F1E=FEC95MM>4=L;V)A M;',N86-T=6%L4F5P;W)T1&5V:6-E261=+F1U;6UY1&5V:6-E*2D@>PHK"6EF M*"$H;7E';&]B86QS+F1E=FEC95MM>4=L;V)A;',N86-T=6%L4F5P;W)T1&5V M:6-E261=+F1U;6UY1&5V:6-E*2D@>PH@"2 @:68H<VYP<FEN=&8H8G5F+"!S M:7IE;V8H8G5F*2P@(CQ41" B5$1?0D<B($%,24=./5))1TA4/B5S/"]41#XB M"B )"2 @(" @("(\5$0@(E1$7T)'(B!!3$E'3CU224=(5#XE<SPO5$0^(BP* M( D)(" @(" @=&UP3F%M93$L('1M<$YA;64S*2 \(# I"D! ("TQ.#,Q+#<@ M*S$X,S$L-R! 0 H@"7-E;F13=')I;F<H(B9N8G-P.SPO5$0^(BD["B )<')I M;G1"87(H8G5F+"!S:7IE;[EMAIL PROTECTED]/F%C=$)A;F1W:61T:%5S86=E M+"!M87A"86YD=VED=&A5<V%G92P@,RD["B [EMAIL PROTECTED]&UY1VQO8F%L<RYD M;VYT5')U<W1-04-A9&1R('Q\(&UY1VQO8F%L<RYD979I8V5;;7E';&]B86QS M+F%C='5A;%)E<&]R=$1E=FEC94ED72YD=6UM>41E=FEC92DI('[EMAIL PROTECTED] M*&UY1VQO8F%L<RYD979I8V5;;7E';&]B86QS+F%C='5A;%)E<&]R=$1E=FEC M94ED72YD=6UM>41E=FEC92DI('L*( D@(&EF*'-N<')I;G1F*&)U9BP@<VEZ M96]F*&)U9BDL("(\5$0@(E1$7T)'(B!!3$E'3CU224=(5"!.3U=205 ^)7,\ M+U1$/B(L('1M<$YA;64R*2 \(# I"B )(" @($)U9F9E<E1O;U-H;W)T*"D[ M"B )("!S96YD4W1R:6YG*&)U9BD["BTM+2!N=&]P+W)E<&]R=%5T:6QS+F,N M;W)I9PDR,# T+3 Q+3 U(#$U.C0V.C0S+C P,# P,# P," M,#4P, HK*RL@ M;G1O<"]R97!O<G15=&EL<RYC"3(P,#0M,#$M,#4@,[EMAIL PROTECTED],3,N,# P,# P M,# P("TP-3 P"D! ("TS,SDS+#@@*S,S.3,L-R! 0 H@(" @('-E;F13=')I M;F<H8G5F*3L*(" @?0H@"BT@(&EF*"@A;7E';&]B86QS+F1O;G14<G5S=$U! M0V%D9'(I"BT@(" @("8F("AE;"T^971H061D<F5S<U-T<FEN9ULP72 A/2 G M7# G*0HK("[EMAIL PROTECTED]/F5T:$%D9')E<W-3=')I;F=;,%T@(3T@)UPP)RD* M(" @(" @)B8@<W1R8VUP*&5L+3YE=&A!9&1R97-S4W1R:6YG+" B,# Z,# Z M,# Z,# Z,# Z,# B*0H@(" @(" F)B!S=')C;7 H96PM/F5T:$%D9')E<W-3 M=')I;F<L("(P,#HP,3HP,CHP,SHP-#HP-2(I("\J(&1U;6UY(&%D9')E<W,@ =*B\I('L*(" @("!C:&%R("IV96YD;W).86UE.PH` ` end _______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
