Same answer - no raw packet data. Nothing to drive
fingerprinting.
-----Burton
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Beck
Sent: Monday, March 21, 2005 2:14 PM
To: [email protected]
Subject: RE: [Ntop] NTOP and NetFlow
One other question that I forgot to
include:
Not a single host fingerprint is determined using NetFlow,
but with libpcap, I got at least those hosts that were local to the monitoring
interface. Is this determined via layer 2 info?
Thanks,
Chris
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Beck
Sent: Monday, March 21, 2005 12:10 PM
To: [email protected]
Subject: [Ntop] NTOP and NetFlow
I know the NetFlow
is a sore subject lately. I just have a couple questions/observations now that
I've switched from using libpcap to NetFlows.
1. Is all layer 2
information ignored with respect to the IP flows? I no longer get the MAC
addresses of the machines that I have the traffic stats for. I'm figuring this
is the case since the NetFlow is layer 3 info, but just thought I'd bounce it
off of the list.
2. Is NetBIOS
name resolution not used when using NetFlow? I've noticed that I only have names
resolved for those nodes that have DNS entries. Why would this get lost? Am I
missing something?
I have done a bit of
poking around, so forgive me if it's been covered. If it has, just kick me in
the right direction please.
-Chris
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
