[tor-talk] tor-exit running ntop

Fabio Pietrosanti (naif) lists at infosecurity.ch
Mon Dec 19 23:32:29 UTC 2011

On 12/19/11 7:15 PM, John Case wrote:
> First of all, your test is for servers that are answering on TCP 3000,
> which could very well be anything.  Perhaps ntop, perhaps nethack.  Who
> knows.
The IP show are running Ntop, detected from HTTP User Agent by nmap:

root at server /tmp # grep -i ntop ntop.out
Host: (vps18077.ovh.net)	Ports:
3000/open/tcp//ntop-http//Ntop web interface 4.0.3/

It detect also the Ntop version.

However you are right, it doesn't mean it's running a sniffer to
"extract" the content, maybe it's just statistical network analysis.


More information about the tor-talk mailing list