I just started to run ntop. It's very nice. Among other things it identifies the OS of the nodes on our net using something called fingerprininting. For like 100 out of 500 systems on our net it is able to do this.
How does fingerprinting work and how can I get ntop to identify the OS on the remaining 400 nodes?