nTop
|
nTop is a network traffic probe that will show you the network usage. It is very similar to the popular top Unix command and it is a network traffic probe that will show you the network usage. nTop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.
ntop users can use a a web browser (e.g. netscape) to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface.
The use of:
1. a web interface
2. limited configuration and administration via the web interface
3. reduced CPU and memory usage (they vary according to network size and traffic)
nTop Features:
1. Sort network traffic according to many protocols
2. Show network traffic sorted according to various criteria
3. Display traffic statistics
4. Store on disk persistent traffic statistics in RRD format
5. Identify the indentity (e.g. email address) of computer users
6. Passively (i.e. withou sending probe packets) identify the host OS
7. Show IP traffic distribution among the various protocols
8. Analyse IP traffic and sort it according to the source/destination
9. Display IP Traffic Subnet matrix (who's talking to who?)
10. Report IP protocol usage sorted by protocol type
11. Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
12. Produce RMON-like network traffic statistics
SYNOPSIS:
ntop [@filename] [-a|--access-log-file <path>] [-b|--disable-decoders] [-c|--sticky-hosts] [-e|--max-table-rows] [-f|--traffic-dump-file file>] [-g|--track-local-hosts] [-h|--help] [-j|--create-other-packets] [-l|--pcap-log <path>] [-m|--local-subnets <addresses>] [-n|--numeric-ip-addresses] [-o|--no-mac] [-p|--protocols <list>] [-q|--create-suspicious-packets] [-r|--refresh-time <number>] [-s|--no-promiscuous] [-t|--trace-level <number>] [-x <max_num_hash_entries>] [-w|--http-server <port>] [-z|--disable-sessions] [-A|--set-admin-password password] [-B|--filter-expression expression] [-C <configmode>] [-D|--domain <name>] [-F|--flow-spec <specs>] [-M|--no-interface-merge] [-N|--wwn-map <path>] [-O|----output-packet-path <path>] [-P|--db-file-path <path>] [-Q|--spool-file-path <path>] [-U|--mapper <URL>] [-V|--version] [-X <max_num_TCP_sessions>] [--disable-instantsessionpurge] [--disable-mutexextrainfo] [--fc-only] [--instance] [--no-fc] [--no-invalid-lun] [--p3p-cp] [--p3p-uri] [--skip-version-check] [--w3c] [-4|--ipv4] [-6|--ipv6]
Unix options:
[-d|--daemon] [-i|--interface <name>] [-u|--user <user>] [-K|--enable-debug] [-L] [--pcap_setnonblock] [--use-syslog= <facility>] [--webserver-queue <number>]
Windows option:
[-i|--interface <number|name>]
OpenSSL options:
[-W|--https-server <port>] [--ssl-watchdog]
ntop shows the current network usage. It displays a list of hosts that are currently using the network and reports information concerning the (IP and non-IP) traffic generated and received by each host. ntop may operate as a front-end collector (sFlow and/or netFlow plugins) or as a stand-alone collector/display program. A web browser is needed to access the information captured by the ntop program.
ntop is a hybrid layer 2 / layer 3 network monitor, that is by default it uses the layer 2 Media Access Control (MAC) addresses AND the layer 3 tcp/ip addresses. ntop is capable of associating the two, so that ip and non-ip traffic (e.g. arp, rarp) are combined for a complete picture of network activity.
The Windows version makes use of WinPcap (libpcap for Windows)
The license of this software is Free, you can free download and free use this network monitoring software.