[tor-talk] tor-exit running ntop
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Mon Dec 19 23:32:29 UTC 2011
On 12/19/11 7:15 PM, John Case wrote:
> First of all, your test is for servers that are answering on TCP 3000,
> which could very well be anything. Perhaps ntop, perhaps nethack. Who
The IP show are running Ntop, detected from HTTP User Agent by nmap:
root at server /tmp # grep -i ntop ntop.out
Host: 126.96.36.199 (vps18077.ovh.net) Ports:
3000/open/tcp//ntop-http//Ntop web interface 4.0.3/
It detect also the Ntop version.
However you are right, it doesn't mean it's running a sniffer to
"extract" the content, maybe it's just statistical network analysis.
More information about the tor-talk