Difference between pages "Ntop" and "Satori"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(New page: Satori performs passive OS identification on any packets it sees. It can parse and utilize the following packet types: DHCP, TCP (syn and syn/ack), ICMP, SMB, CDP, plus many others. It ...)
 
Line 1: Line 1:
{{Infobox_Software |
+
Satori performs passive OS identification on any packets it sees. It can parse and utilize the following packet types: DHCP, TCP (syn and syn/ack), ICMP, SMB, CDP, plus many others. It can be found at http://myweb.cableone.net/xnih
  name = ntop |
+
  maintainer = Luca Deri and others |
+
  os = {{Linux}}, {{Windows}} |
+
  genre = Network forensics |
+
  license = {{GPL}} |
+
  website = [http://www.ntop.org/ www.ntop.org] |
+
}}
+
 
+
== Overview ==
+
 
+
'''ntop''' is a network traffic probe that shows the network usage, similar to what the popular [[top]] [[Unix]] command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every [[Unix]] platform and on [[Windows | Win32]] as well.
+
 
+
ntop users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status.[http://www.ntop.org/products/ntop/]
+
 
+
== What ntop can do for me? ==
+
* Sort network traffic according to many protocols
+
* Show network traffic sorted according to various criteria
+
* Display traffic statistics
+
* Store on disk persistent traffic statistics in RRD format
+
* Identify the indentity (e.g. email address) of computer users
+
* Passively (i.e. without sending probe packets) identify the host OS
+
* Show IP traffic distribution among the various protocols
+
* Analyse IP traffic and sort it according to the source/destination
+
* Display IP Traffic Subnet matrix (who’s talking to who?)
+
* Report IP protocol usage sorted by protocol type
+
* Act as a NetFlow/sFlowcollector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
+
* Produce RMON-like network traffic statistics
+
 
+
 
+
== Platforms ==
+
* Unix (including Linux, *BSD, Solaris, and MacOSX)
+
* Win32 (Win95 and above including Vista
+
 
+
 
+
== Media ==
+
* Loopback
+
* Ethernet (including 802.11Q)
+
* Token Ring
+
* PPP/PPPoE
+
* Raw IP
+
* FDDI
+
* FibreChannel
+
* ...and many more
+
 
+
 
+
== Requirements ==
+
 
+
=== Memory Usage ===
+
* It depends on the ntop configuration, number of hosts, and number of active TCP sessions. In general it ranges from a few MB (little LAN) to 100 MB for a WAN.
+
 
+
=== CPU Usage ===
+
* It depends on the ntop configuration, and traffic conditions. On a modern PC and large LAN, it is less than 10% of overall CPU load.
+
 
+
== Protocols ==
+
* IPv4/IPv6
+
* IPX
+
* DecNet
+
* AppleTalk
+
* Netbios
+
* OSI
+
* DLC
+
* …and many more
+
 
+
== IP Protocols ==
+
* Fully User Configurable
+
 
+
== Additional Features ==
+
* VoIP support (SIP, Cisco SCCP and Asterisk IAX)
+
* NetFlow (including v5 and v9) and IPFIX support
+
* Network Flows
+
* Local Traffic Analysis
+
* Multithread and MP (MultiProcessor) support on both Unix and Win32
+
* Python lightweight API for extending ntop via scripts
+
* Support of both NetFlow andsFlowas flow collector. ntop can collect simultaneously from multiple probes.
+
* Traffic statistics are saved into RRDdatabases for long-run traffic analysis.
+
* Internet Domain, AS (Autonomous Systems), VLAN (Virtual LAN) Statistics
+
* Network assets discovery and categorization according to their OS and users
+
* Protocol decoders for many internet protocols
+
* Advanced ‘per user’ HTTP password protection with encrypted passwords
+
* RRDsupport for persistently storing per-host traffic information
+
* Passive remote host fingerprint (Courtesy of ettercap)
+
* HTTPS (Secure HTTP via OpenSSL)
+
* Virtual/multiple network interfaces support
+
* Graphical ntop launcher (Win32 only)
+
 
+
== External Links  ==
+
 
+
* [http://www.ntop.org/get-started/download/ Get ntop]
+
 
+
== Sources ==
+
[http://www.ntop.org/products/ntop/ ntop.org]
+
 
+
[[Category:Network Forensics]] [[Category: tools]]
+

Revision as of 21:58, 27 November 2008

Satori performs passive OS identification on any packets it sees. It can parse and utilize the following packet types: DHCP, TCP (syn and syn/ack), ICMP, SMB, CDP, plus many others. It can be found at http://myweb.cableone.net/xnih