ntop 3.2 review

by rbytes.net on

ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on

License: GPL (GNU General Public License)
File size: 0K
Developer: Luca Deri
0 stars award from rbytes.net

ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does.

ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.

ntop users can use a a web browser (e.g. netscape) to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status.

In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. The use of:

a web interface
limited configuration and administration via the web interface
reduced CPU and memory usage (they vary according to network size and traffic)

make ntop easy to use and suitable for monitoring various kind of networks.

Here are some key features of "ntop":
Sort network traffic according to many protocols
Show network traffic sorted according to various criteria
Display traffic statistics
Store on disk persistent traffic statistics in RRD format
Identify the indentity (e.g. email address) of computer users
Passively (i.e. withou sending probe packets) identify the host OS
Show IP traffic distribution among the various protocols
Analyse IP traffic and sort it according to the source/destination
Display IP Traffic Subnet matrix (who's talking to who?)
Report IP protocol usage sorted by protocol type
Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
Produce RMON-like network traffic statistics

Additional features of "ntop":
Network Flows
Local Traffic Analysis
Multithread and MP (MultiProcessor) support on both Unix and Win32
Perl/PHP/Python lightweight API for accessing ntop from remote
Support of both NetFlow andsFlow as flow collector. ntop can collect simultaneously from multiple probes.
Traffic statistics are saved into RRD databases for long-run traffic analysis.
Internet Domain, AS (Autonomous Systems), VLAN (Virtual LAN) Statistics
Network assets discovery and categorization according to their OS and users
Protocol decoders for most of known P2P (Peer to Peer) protocols
Advanced 'per user' HTTP password protection with encrypted passwords
RRD support for persistently storing per-host traffic information
Passive remote host fingerprint (Courtesy of ettercap)
HTTPS (Secure HTTP via OpenSSL)
Virtual/multiple network interfaces support
Graphical Charts (via gdchart)
WAP support

Memory Usage
It depends on the ntop configuration, number of hosts, and number of active TCP sessions. In general it ranges from a few MB (little LAN) to 100 MB for a WAN.
CPU Usage
It depends on the ntop configuration, and traffic conditions. On a modern PC and large LAN, it is less than 10% of overall CPU load.

What's New in This Release:
This release adds VoIP support, NetFlow v9/IPFIX enhancements, a performance boost, more statistics, and stability improvements.

ntop 3.2 keywords