All: I've been running ntop for 3 weeks. Overall I'm very pleased. I'm running on RHEL 5, on switch a port mirrored from my internet firewall's internal nic ( just picking up wire traffic). I am currently running 3.3.6 sourced as an rpm from the RedHat EPEL yum repository. I've also down loaded the sources for ntop 3.3.6. When setting up Os Fingerprinting I noticed in my log that 0 finger prints were loaded. gzcatting the file etter.finger.os.gz in both /etc/ntop and in my source directory resulted in "gzcat: etter.finger.os.gz: not in gzip format". I downloaded ettercap sources and replaced my /etc/ntop/etter.finger.os.gz but the fingerprints were years out of date.
I ran autogen.sh in my source tree, and resolved a few issues then checked the make file for the dnetter target. And found that the URL for the ettercap fingerprint file is broken "http://cvs.sourceforge.net/viewcvs.py/ettercap/ettercap_ng/share";, I did some more digging and located the current url and built it with the dnetter makefile target. The current URL is: "http://ettercap.cvs.sourceforge.net/viewvc/ettercap/ettercap_ng/share"; The makefile variable below should be updated accordingly: ETTER_PASSIVE_DOWNLOAD_FROM= After making the changes described above I was able to run "make dnetter" to retrieve, and zip the file. I then copied the fingerprint file to /etc/ntop. Once that was done I restarted ntop and I'm happy to say that os fingerprinting is now working as expected, though with some caveats: * VmWare Guests fingerprint as Linux, though they are windows. * UnBuntu Linux shows as Debian * Some up level windows hosts show as win98. ... etc. But these are ettercap issues not ntop. I hope this helps others with fingerprinting under ntop. The good news is that except for the Windows guests under VmWare Windows is reporting as windows and Linux is reporting as Linux. Best Regards, Jim Richard
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
