On 12/19/11 7:15 PM, John Case wrote: > First of all, your test is for servers that are answering on TCP 3000, > which could very well be anything. Perhaps ntop, perhaps nethack. Who > knows. The IP show are running Ntop, detected from HTTP User Agent by nmap:
root@server /tmp # grep -i ntop ntop.out Host: 46.105.26.14 (vps18077.ovh.net) Ports: 3000/open/tcp//ntop-http//Ntop web interface 4.0.3/ It detect also the Ntop version. However you are right, it doesn't mean it's running a sniffer to "extract" the content, maybe it's just statistical network analysis. -naif _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
