ntop – network traffic software

ntop is an open source network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way. It includes support for popular tools and protocols such as NetFlow, sFlow, and RRD.

ntop is a hybrid layer 2 / layer 3 network monitor, that is by default it uses the layer 2 Media Access Control (MAC) addresses AND the layer 3 TCP/IP addresses.

ntop users can use a a web browser (e.g. Firefox) to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In interactive mode, it displays the network status on the user’s terminal. In Web mode, it acts as a web server, creating a HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, a HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.

Features include:

  • Sort network traffic according to many protocols including IPv4, IPv6, IPX, DecNet, AppleTalk, Netbios, OSI, DLC, (R)ARP, TCP/UDO, Fibre Channel, and more.
  • Show network traffic sorted according to various criteria.
  • Display traffic statistics.
  • Traffic statistics are saved into RRD databases for long-run traffic analysis.
  • Identify the identity (e.g. email address) of computer users.
  • Passively (i.e. withou sending probe packets) identify the host OS.
  • Show IP traffic distribution among the various protocols.
  • Analyse IP traffic and sort it according to the source/destination.
  • Display IP Traffic Subnet matrix (who’s talking to who?).
  • Report IP protocol usage sorted by protocol type.
  • Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks).
  • Internet Domain, AS (Autonomous Systems), VLAN (Virtual LAN) Statistics.
  • Produce RMON-like network traffic statistics.
  • Multithread and MP (MultiProcessor) support.
  • Advanced ‘per user’ HTTP password protection with encrypted passwords.
  • Python lightweight API for extending ntop via scripts.
  • HTTPS (Secure HTTP via OpenSSL).
  • VoIP support (SIP, Cisco SCCP and Asterisk IAX).
  • NetFlow (including v5 and v9) and IPFIX support.
  • Passive remote host fingerprint (courtesy of ettercap).

Website: www.ntop.org
Developer: Luca Deri and contributors
License: GNU GPL v3


ntop is written in C. Learn C with our recommended free books and free tutorials.

Return to Console Based Network ‘top’ Tools Home Page

Make a Donation
Click the button to make a donation via flattr. Donations help us to maintain and improve the site. You can also donate via PayPal.

Read our complete collection of recommended free and open source software. The collection covers all categories of software.

The software collection forms part of our series of informative articles for Linux enthusiasts. There's tons of in-depth reviews, alternatives to Google, fun things to try, hardware, free programming books and tutorials, and much more.
Share this article

Share your Thoughts

This site uses Akismet to reduce spam. Learn how your comment data is processed.