|
|
| Line 1: |
Line 1: |
| − | {{Infobox_Software |
| + | Satori performs passive OS identification on any packets it sees. It can parse and utilize the following packet types: DHCP, TCP (syn and syn/ack), ICMP, SMB, CDP, plus many others. It can be found at http://myweb.cableone.net/xnih |
| − | name = ntop |
| + | |
| − | maintainer = Luca Deri and others |
| + | |
| − | os = {{Linux}}, {{Windows}} |
| + | |
| − | genre = Network forensics |
| + | |
| − | license = {{GPL}} |
| + | |
| − | website = [http://www.ntop.org/ www.ntop.org] |
| + | |
| − | }}
| + | |
| − | | + | |
| − | == Overview ==
| + | |
| − | | + | |
| − | '''ntop''' is a network traffic probe that shows the network usage, similar to what the popular [[top]] [[Unix]] command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every [[Unix]] platform and on [[Windows | Win32]] as well.
| + | |
| − | | + | |
| − | ntop users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status.[http://www.ntop.org/products/ntop/]
| + | |
| − | | + | |
| − | == What ntop can do for me? ==
| + | |
| − | * Sort network traffic according to many protocols
| + | |
| − | * Show network traffic sorted according to various criteria
| + | |
| − | * Display traffic statistics
| + | |
| − | * Store on disk persistent traffic statistics in RRD format
| + | |
| − | * Identify the indentity (e.g. email address) of computer users
| + | |
| − | * Passively (i.e. without sending probe packets) identify the host OS
| + | |
| − | * Show IP traffic distribution among the various protocols
| + | |
| − | * Analyse IP traffic and sort it according to the source/destination
| + | |
| − | * Display IP Traffic Subnet matrix (who’s talking to who?)
| + | |
| − | * Report IP protocol usage sorted by protocol type
| + | |
| − | * Act as a NetFlow/sFlowcollector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
| + | |
| − | * Produce RMON-like network traffic statistics
| + | |
| − | | + | |
| − | | + | |
| − | == Platforms ==
| + | |
| − | * Unix (including Linux, *BSD, Solaris, and MacOSX)
| + | |
| − | * Win32 (Win95 and above including Vista
| + | |
| − | | + | |
| − | | + | |
| − | == Media ==
| + | |
| − | * Loopback
| + | |
| − | * Ethernet (including 802.11Q)
| + | |
| − | * Token Ring
| + | |
| − | * PPP/PPPoE
| + | |
| − | * Raw IP
| + | |
| − | * FDDI
| + | |
| − | * FibreChannel
| + | |
| − | * ...and many more
| + | |
| − | | + | |
| − | | + | |
| − | == Requirements ==
| + | |
| − | | + | |
| − | === Memory Usage ===
| + | |
| − | * It depends on the ntop configuration, number of hosts, and number of active TCP sessions. In general it ranges from a few MB (little LAN) to 100 MB for a WAN.
| + | |
| − | | + | |
| − | === CPU Usage ===
| + | |
| − | * It depends on the ntop configuration, and traffic conditions. On a modern PC and large LAN, it is less than 10% of overall CPU load.
| + | |
| − | | + | |
| − | == Protocols ==
| + | |
| − | * IPv4/IPv6
| + | |
| − | * IPX
| + | |
| − | * DecNet
| + | |
| − | * AppleTalk
| + | |
| − | * Netbios
| + | |
| − | * OSI
| + | |
| − | * DLC
| + | |
| − | * …and many more
| + | |
| − | | + | |
| − | == IP Protocols ==
| + | |
| − | * Fully User Configurable
| + | |
| − | | + | |
| − | == Additional Features ==
| + | |
| − | * VoIP support (SIP, Cisco SCCP and Asterisk IAX)
| + | |
| − | * NetFlow (including v5 and v9) and IPFIX support
| + | |
| − | * Network Flows
| + | |
| − | * Local Traffic Analysis
| + | |
| − | * Multithread and MP (MultiProcessor) support on both Unix and Win32
| + | |
| − | * Python lightweight API for extending ntop via scripts
| + | |
| − | * Support of both NetFlow andsFlowas flow collector. ntop can collect simultaneously from multiple probes.
| + | |
| − | * Traffic statistics are saved into RRDdatabases for long-run traffic analysis.
| + | |
| − | * Internet Domain, AS (Autonomous Systems), VLAN (Virtual LAN) Statistics
| + | |
| − | * Network assets discovery and categorization according to their OS and users
| + | |
| − | * Protocol decoders for many internet protocols
| + | |
| − | * Advanced ‘per user’ HTTP password protection with encrypted passwords
| + | |
| − | * RRDsupport for persistently storing per-host traffic information
| + | |
| − | * Passive remote host fingerprint (Courtesy of ettercap)
| + | |
| − | * HTTPS (Secure HTTP via OpenSSL)
| + | |
| − | * Virtual/multiple network interfaces support
| + | |
| − | * Graphical ntop launcher (Win32 only)
| + | |
| − | | + | |
| − | == External Links ==
| + | |
| − | | + | |
| − | * [http://www.ntop.org/get-started/download/ Get ntop]
| + | |
| − | | + | |
| − | == Sources ==
| + | |
| − | [http://www.ntop.org/products/ntop/ ntop.org]
| + | |
| − | | + | |
| − | [[Category:Network Forensics]] [[Category: tools]]
| + | |
Satori performs passive OS identification on any packets it sees. It can parse and utilize the following packet types: DHCP, TCP (syn and syn/ack), ICMP, SMB, CDP, plus many others. It can be found at http://myweb.cableone.net/xnih
