Forensicswiki.org has moved to this site, forensicswiki.xyz. For information, please join the Google Group forensicswiki-reborn
|Maintainer:||Luca Deri and others|
ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.
ntop users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status.
What ntop can do for me?
- Sort network traffic according to many protocols
- Show network traffic sorted according to various criteria
- Display traffic statistics
- Store on disk persistent traffic statistics in RRD format
- Identify the indentity (e.g. email address) of computer users
- Passively (i.e. without sending probe packets) identify the host OS
- Show IP traffic distribution among the various protocols
- Analyse IP traffic and sort it according to the source/destination
- Display IP Traffic Subnet matrix (who’s talking to who?)
- Report IP protocol usage sorted by protocol type
- Act as a NetFlow/sFlowcollector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
- Produce RMON-like network traffic statistics
- Unix (including Linux, *BSD, Solaris, and MacOSX)
- Win32 (Win95 and above including Vista
- Ethernet (including 802.11Q)
- Token Ring
- Raw IP
- ...and many more
- It depends on the ntop configuration, number of hosts, and number of active TCP sessions. In general it ranges from a few MB (little LAN) to 100 MB for a WAN.
- It depends on the ntop configuration, and traffic conditions. On a modern PC and large LAN, it is less than 10% of overall CPU load.
- …and many more
- Fully User Configurable
- VoIP support (SIP, Cisco SCCP and Asterisk IAX)
- NetFlow (including v5 and v9) and IPFIX support
- Network Flows
- Local Traffic Analysis
- Multithread and MP (MultiProcessor) support on both Unix and Win32
- Python lightweight API for extending ntop via scripts
- Support of both NetFlow andsFlowas flow collector. ntop can collect simultaneously from multiple probes.
- Traffic statistics are saved into RRDdatabases for long-run traffic analysis.
- Internet Domain, AS (Autonomous Systems), VLAN (Virtual LAN) Statistics
- Network assets discovery and categorization according to their OS and users
- Protocol decoders for many internet protocols
- Advanced ‘per user’ HTTP password protection with encrypted passwords
- RRDsupport for persistently storing per-host traffic information
- Passive remote host fingerprint (Courtesy of ettercap)
- HTTPS (Secure HTTP via OpenSSL)
- Virtual/multiple network interfaces support
- Graphical ntop launcher (Win32 only)