Hi,

I've recently put up a linux box running ntop on our college-to-university uplink and had a few questions to ask.

1) How does the OS detection work in Ntop? I've one remote machine [located on the university network] sending significant amounts of data to various machines on our college network. Ntop shows this machine as running NetBSD, whereas nmap shows its a Windows Box. [nmap is probably right as the protocol for transferring data is NetBios-IP].

2) The college-university uplink is a Gigabit link, but the utilization hardly ever exceeds 8-10MBps. Hence, I connected a machine with a 10/100 NIC to the port mirroring the uplink. The ntop page shows a 3.2% packet loss by libpcap, with 0% packet loss by ntop. I was hoping if anyone could explain the significance of that.

Thanks,

Lui

P.S: The machine sending large amounts of data to various machines on our network --- students copying movies from one place to another... wonder what are the rules about that at other colleges/universities