ntop

ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. It has a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.

ntop has been designed to be simple, performant and easy to use. It has been developed, tested, and deployed by a large user community on various networks and environments.

ntop can use a web browser (e.g. Firefox) to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. 

ntop

License GNU GPL Developer Luca Deri Website www.ntop.org Requirements libpcap gdbm Support: ntop Documentation, Wiki, Mailing List Selected Reviews: HowtoForge

Features include:

• Sort network traffic according to many protocols
• Show network traffic sorted according to various criteria
• Display traffic statistics
• Store on disk persistent traffic statistics in RRD format
• Identify the indentity (e.g. email address) of computer users
• Passively (i.e. withou sending probe packets) identify the host OS
• Show IP traffic distribution among the various protocols
• Analyse IP traffic and sort it according to the source/destination
• Display IP Traffic Subnet matrix (who's talking to who?)
• Report IP protocol usage sorted by protocol type
• Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
• Produce RMON-like network traffic statistics 
• VoIP support (SIP, Cisco SCCP and Asterisk IAX)
• NetFlow (including v5 and v9) and IPFIX support
• Network Flows
• Local Traffic Analysis
• Multithread and MP (MultiProcessor) support on both Unix and Win32
• Perl/PHP/Python lightweight API for accessing ntop from remote
• Support of both NetFlow andsFlow as flow collector. ntop can collect simultaneously from multiple probes.
• Traffic statistics are saved into RRD databases for long-run traffic analysis.
• Internet Domain, AS (Autonomous Systems), VLAN (Virtual LAN) Statistics
• Network assets discovery and categorization according to their OS and users
• Protocol decoders for most of known P2P (Peer to Peer) protocols
• Advanced 'per user' HTTP password protection with encrypted passwords
• RRD support for persistently storing per-host traffic information
• Passive remote host fingerprint (Courtesy of ettercap)
• HTTPS (Secure HTTP via OpenSSL)
• Virtual/multiple network interfaces support
• Graphical Charts (via gdchart)
• WAP support

Last Updated Saturday, May 03 2008 @ 08:40 AM EDT