Got the CVS ntop announced today by Burton, and immediately installed it on my test box (Linux, not the Mac I was previously talking about). First thing I did (once I got it up and running) was to run a capture file which I have previously used with the 3.0 stable version. To my surprise, the data in the Host fingerprints (Local + Remote) section is different between the two versions, and not in regards to the OS's identified (which would be normal, if the signatures were newer), but rather in regards to the content of the cells corresponding to identified hosts - for example:
ntop 3.0 stable: host with IP1, identified as Windows XP/ME/2K, has as entries all usernames attempted in various sessions (2 SMTP, 5 FTP) ntop 3.1 from CVS: host with IP1, identified as "precisely" Windows 2K (more specific - good thing, I guess) has only a few entries in the cell (only 1 FTP and 2 SMTP entries) Doing an ngrep for the strings (usernames) identified with ntop 3.0 ==> found them all in the capture file. So the question is: what changed in 3.1 that leaves such entries out?!? TIA, Stef _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
