Difference between revisions of "Ntop"

From ForensicsWiki
Jump to: navigation, search
(New page: {{Infobox_Software | name = ntop | maintainer = Luca Deri and others | os = {{Linux}}, {{Windows}} | genre = Network forensics | license = {{GPL}} | website = [http://www.ntop....)
 
 
(4 intermediate revisions by the same user not shown)
Line 12: Line 12:
 
'''ntop''' is a network traffic probe that shows the network usage, similar to what the popular [[top]] [[Unix]] command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every [[Unix]] platform and on [[Windows | Win32]] as well.
 
'''ntop''' is a network traffic probe that shows the network usage, similar to what the popular [[top]] [[Unix]] command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every [[Unix]] platform and on [[Windows | Win32]] as well.
  
ntop users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status.
+
ntop users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status.[http://www.ntop.org/products/ntop/]
 +
 
 +
== What ntop can do for me? ==
 +
* Sort network traffic according to many protocols
 +
* Show network traffic sorted according to various criteria
 +
* Display traffic statistics
 +
* Store on disk persistent traffic statistics in RRD format
 +
* Identify the indentity (e.g. email address) of computer users
 +
* Passively (i.e. without sending probe packets) identify the host OS
 +
* Show IP traffic distribution among the various protocols
 +
* Analyse IP traffic and sort it according to the source/destination
 +
* Display IP Traffic Subnet matrix (who’s talking to who?)
 +
* Report IP protocol usage sorted by protocol type
 +
* Act as a NetFlow/sFlowcollector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
 +
* Produce RMON-like network traffic statistics
 +
 
 +
 
 +
== Platforms ==
 +
* Unix (including Linux, *BSD, Solaris, and MacOSX)
 +
* Win32 (Win95 and above including Vista
 +
 
 +
 
 +
== Media ==
 +
* Loopback
 +
* Ethernet (including 802.11Q)
 +
* Token Ring
 +
* PPP/PPPoE
 +
* Raw IP
 +
* FDDI
 +
* FibreChannel
 +
* ...and many more
 +
 
 +
 
 +
== Requirements ==
 +
 
 +
=== Memory Usage ===
 +
* It depends on the ntop configuration, number of hosts, and number of active TCP sessions. In general it ranges from a few MB (little LAN) to 100 MB for a WAN.
 +
 
 +
=== CPU Usage ===
 +
* It depends on the ntop configuration, and traffic conditions. On a modern PC and large LAN, it is less than 10% of overall CPU load.
 +
 
 +
== Protocols ==
 +
* IPv4/IPv6
 +
* IPX
 +
* DecNet
 +
* AppleTalk
 +
* Netbios
 +
* OSI
 +
* DLC
 +
* …and many more
 +
 
 +
== IP Protocols ==
 +
* Fully User Configurable
 +
 
 +
== Additional Features ==
 +
* VoIP support (SIP, Cisco SCCP and Asterisk IAX)
 +
* NetFlow (including v5 and v9) and IPFIX support
 +
* Network Flows
 +
* Local Traffic Analysis
 +
* Multithread and MP (MultiProcessor) support on both Unix and Win32
 +
* Python lightweight API for extending ntop via scripts
 +
* Support of both NetFlow andsFlowas flow collector. ntop can collect simultaneously from multiple probes.
 +
* Traffic statistics are saved into RRDdatabases for long-run traffic analysis.
 +
* Internet Domain, AS (Autonomous Systems), VLAN (Virtual LAN) Statistics
 +
* Network assets discovery and categorization according to their OS and users
 +
* Protocol decoders for many internet protocols
 +
* Advanced ‘per user’ HTTP password protection with encrypted passwords
 +
* RRDsupport for persistently storing per-host traffic information
 +
* Passive remote host fingerprint (Courtesy of ettercap)
 +
* HTTPS (Secure HTTP via OpenSSL)
 +
* Virtual/multiple network interfaces support
 +
* Graphical ntop launcher (Win32 only)
  
 
== External Links  ==
 
== External Links  ==
  
* [http://www.ntop.org/overview.html What is ntop?]
+
* [http://www.ntop.org/get-started/download/ Get ntop]
 +
 
 +
== Sources ==
 +
[http://www.ntop.org/products/ntop/ ntop.org]
  
[[Category:Network Forensics]]
+
[[Category:Network Forensics]] [[Category: tools]]

Latest revision as of 17:28, 13 March 2013

ntop
Maintainer: Luca Deri and others
OS: Linux,Windows
Genre: Network forensics
License: GPL
Website: www.ntop.org

Overview

ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.

ntop users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status.[1]

What ntop can do for me?

  • Sort network traffic according to many protocols
  • Show network traffic sorted according to various criteria
  • Display traffic statistics
  • Store on disk persistent traffic statistics in RRD format
  • Identify the indentity (e.g. email address) of computer users
  • Passively (i.e. without sending probe packets) identify the host OS
  • Show IP traffic distribution among the various protocols
  • Analyse IP traffic and sort it according to the source/destination
  • Display IP Traffic Subnet matrix (who’s talking to who?)
  • Report IP protocol usage sorted by protocol type
  • Act as a NetFlow/sFlowcollector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
  • Produce RMON-like network traffic statistics


Platforms

  • Unix (including Linux, *BSD, Solaris, and MacOSX)
  • Win32 (Win95 and above including Vista


Media

  • Loopback
  • Ethernet (including 802.11Q)
  • Token Ring
  • PPP/PPPoE
  • Raw IP
  • FDDI
  • FibreChannel
  • ...and many more


Requirements

Memory Usage

  • It depends on the ntop configuration, number of hosts, and number of active TCP sessions. In general it ranges from a few MB (little LAN) to 100 MB for a WAN.

CPU Usage

  • It depends on the ntop configuration, and traffic conditions. On a modern PC and large LAN, it is less than 10% of overall CPU load.

Protocols

  • IPv4/IPv6
  • IPX
  • DecNet
  • AppleTalk
  • Netbios
  • OSI
  • DLC
  • …and many more

IP Protocols

  • Fully User Configurable

Additional Features

  • VoIP support (SIP, Cisco SCCP and Asterisk IAX)
  • NetFlow (including v5 and v9) and IPFIX support
  • Network Flows
  • Local Traffic Analysis
  • Multithread and MP (MultiProcessor) support on both Unix and Win32
  • Python lightweight API for extending ntop via scripts
  • Support of both NetFlow andsFlowas flow collector. ntop can collect simultaneously from multiple probes.
  • Traffic statistics are saved into RRDdatabases for long-run traffic analysis.
  • Internet Domain, AS (Autonomous Systems), VLAN (Virtual LAN) Statistics
  • Network assets discovery and categorization according to their OS and users
  • Protocol decoders for many internet protocols
  • Advanced ‘per user’ HTTP password protection with encrypted passwords
  • RRDsupport for persistently storing per-host traffic information
  • Passive remote host fingerprint (Courtesy of ettercap)
  • HTTPS (Secure HTTP via OpenSSL)
  • Virtual/multiple network interfaces support
  • Graphical ntop launcher (Win32 only)

External Links

Sources

ntop.org