Nope.
ntop uses the standard gethostbyname() C library calls, which gets translated into the DNS query. Whatever the DNS returns is what we use - first name for the IP. So if six names resolve to the same IP/MAC address, whichever we see first is what we use. You could try preloading the cache (it's a gdbm database) with the resolutions you want (or you might use a hosts file), but that may not work: We use sniffing of other people's DNS queries to reduce the number we actually make (they are async, naturally and so nasty from a real time perspective). I suppose you could turn off sniffing (and possibly caching), by adding a control flag. That discussion belongs over in ntop-dev. And could be a big performance hit, especially during ntop's first few minutes (which is when it learns most common names). -----Burton _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lindholm Roger Sent: Friday, December 15, 2006 3:36 AM To: [EMAIL PROTECTED] Subject: [Ntop] (no subject) Hi, On my network we use DNS CNAME-aliases to access most services. I have problems with Ntop showing traffic as belonging to the aliases instead of the real computer name. Is there any way to force Ntop to always do a DNS reverse lookup and thereby get the real computername, instead of listening on the conversation for names? In a typical Windows Active Directory environment DNS is used to translate things like which are the domain controllers for a domain etc. This means that when Ntop listens to these kind of requests it will cache the domains' name adress instead of the computer name for the IP adress captured. So this is an issue even if not using aliases. I currently run 3.2.6 on Windows 2003. Best regards Roger Lindholm
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
