Thanks a billion for sharing this information Richard..... it's people like u that sustain open source. Thanks to the other guys that guide us in this forum, like Gary, Burton and others. Have a blessed day all of u. M.A. TAMON B.Eng, CCNP, CCNA _________________________ "A man owns nothing, not land or money, only his character, the loyalty & courage in his heart" - Commander Chakotay - StarTrek Voyager My BLOGs: [ICT Business Integration] - http://ibiztech.wordpress.com [Leadership Lessons from Movies] - http://thbs.wordpress.com [In Search of Excellence & Perfection] - http://perfexcellence.wordpress.com [Technical How-Tos & Stuff-at-a-Glance] - http://techowto.wordpress.com
2009/2/24 Jim Richard <[email protected]> > All: > > I've been running ntop for 3 weeks. Overall I'm very pleased. I'm running > on RHEL 5, on switch a port mirrored from my internet firewall's internal > nic ( just picking up wire traffic). I am currently running 3.3.6 sourced as > an rpm from the RedHat EPEL yum repository. I've also down loaded the > sources for ntop 3.3.6. When setting up Os Fingerprinting I noticed in my > log that 0 finger prints were loaded. gzcatting the file etter.finger.os.gz > in both /etc/ntop and in my source directory resulted in "gzcat: > etter.finger.os.gz: not in gzip format". I downloaded ettercap sources and > replaced my /etc/ntop/etter.finger.os.gz but the fingerprints were years out > of date. > > I ran autogen.sh in my source tree, and resolved a few issues then checked > the make file for the dnetter target. And found that the URL for the > ettercap fingerprint file is broken "* > http://cvs.sourceforge.net/viewcvs.py/ettercap/ettercap_ng/share*<http://cvs.sourceforge.net/viewcvs.py/ettercap/ettercap_ng/share>", > I did some more digging and located the current url and built it with the > dnetter makefile target. The current URL is: > > "*http://ettercap.cvs.sourceforge.net/viewvc/ettercap/ettercap_ng/share > *<http://ettercap.cvs.sourceforge.net/viewvc/ettercap/ettercap_ng/share> > " > > The makefile variable below should be updated accordingly: > > ETTER_PASSIVE_DOWNLOAD_FROM= > > After making the changes described above I was able to run "make dnetter" > to retrieve, and zip the file. I then copied the fingerprint file to > /etc/ntop. Once that was done I restarted ntop and I'm happy to say that os > fingerprinting is now working as expected, though with some caveats: > > - VmWare Guests fingerprint as Linux, though they are windows. > - UnBuntu Linux shows as Debian > - Some up level windows hosts show as win98. > > … etc. > > But these are ettercap issues not ntop. I hope this helps others with > fingerprinting under ntop. The good news is that except for the Windows > guests under VmWare Windows is reporting as windows and Linux is reporting > as Linux. > > Best Regards, > > Jim Richard > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
