ntop is a powerful network traffic tool that displays network usage, in similar fashion to the "top" command available in Unix environments.
ntop is based on libpcap and is portable, so you can run it on both Windows and unix platforms.
In order to navigate the traffic information, ntop uses a web browser and gets a dump of the network status.
Here are some key features of "ntop":
· Sort network traffic according to many protocols
· Show network traffic sorted according to various criteria
· Display traffic statistics
· Store on disk persistent traffic statistics in RRD format
· Identify the indentity (e.g. email address) of computer users
· Passively (i.e. withou sending probe packets) identify the host OS
· Show IP traffic distribution among the various protocols
· Analyse IP traffic and sort it according to the source/destination
· Display IP Traffic Subnet matrix (who's talking to who?)
· Report IP protocol usage sorted by protocol type
· Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
· Produce RMON-like network traffic statistics
· VoIP support (SIP, Cisco SCCP and Asterisk IAX)
· NetFlow (including v5 and v9) and IPFIX support
· Network Flows
· Local Traffic Analysis
· Multithread and MP (MultiProcessor) support on both Unix and Win32
· Perl/PHP/Python lightweight API for accessing ntop from remote
· Support of both NetFlow andsFlow as flow collector. ntop can collect simultaneously from multiple probes.
· Traffic statistics are saved into RRD databases for long-run traffic analysis.
· Internet Domain, AS (Autonomous Systems), VLAN (Virtual LAN) Statistics
· Network assets discovery and categorization according to their OS and users
· Protocol decoders for most of known P2P (Peer to Peer) protocols
· Advanced 'per user' HTTP password protection with encrypted passwords
· RRD support for persistently storing per-host traffic information
· Passive remote host fingerprint (Courtesy of ettercap)
· HTTPS (Secure HTTP via OpenSSL)
· Virtual/multiple network interfaces support
· Graphical Charts (via gdchart)
· WAP support
· Memory Usage - depends on the ntop configuration, number of hosts, and number of active TCP sessions. In general it ranges from a few MB (little LAN) to 100 MB for a WAN.
· CPU Usage - depends on the ntop configuration, and traffic conditions. On a modern PC and large LAN, it is less than 10% of overall CPU load.
What's New in This Release: [ read full changelog ]
· This is a maintenance release.
· Legacy code and protocols were removed.
· Support was added for modern "protocols" such as Facebook and Twitter.
· Memory usage was reduced.
· Application stability was increased.