ntop - network top

What is ntop?

ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.

ntop users can use a a web browser (e.g. netscape) to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. The use of:

a web interface
limited configuration and administration via the web interface
reduced CPU and memory usage (they vary according to network size and traffic)

make ntop easy to use and suitable for monitoring various kind of networks.

What ntop can do for me?

Sort network traffic according to many protocols
Show network traffic sorted according to various criteria
Display traffic statistics
Store on disk persistent traffic statistics in RRD format
Identify the indentity (e.g. email address) of computer users
Passively (i.e. withou sending probe packets) identify the host OS
Show IP traffic distribution among the various protocols
Analyse IP traffic and sort it according to the source/destination
Display IP Traffic Subnet matrix (who's talking to who?)
Report IP protocol usage sorted by protocol type
Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
Produce RMON-like network traffic statistics

Platforms	Unix (including Linux, *BSD, Solaris, and MacOSX) Win32 (Win95 and above including Vista)
Media	Loopback Ethernet (including 802.11Q) Token Ring PPP/PPPoE Raw IP FDDI FibreChannel ...and many more
Requirements	Memory Usage It depends on the ntop configuration, number of hosts, and number of active TCP sessions. In general it ranges from a few MB (little LAN) to 100 MB for a WAN. CPU Usage It depends on the ntop configuration, and traffic conditions. On a modern PC and large LAN, it is less than 10% of overall CPU load.
Protocols	IPv4/IPv6 IPX DecNet AppleTalk Netbios OSI DLC ...and many more
IP Protocols	Fully User Configurable
Additional Features	VoIP support (SIP, Cisco SCCP and Asterisk IAX) NetFlow (including v5 and v9) and IPFIX support Network Flows Local Traffic Analysis Multithread and MP (MultiProcessor) support on both Unix and Win32 Perl/PHP/Python lightweight API for accessing ntop from remote Support of both NetFlow andsFlow as flow collector. ntop can collect simultaneously from multiple probes. Traffic statistics are saved into RRD databases for long-run traffic analysis. Internet Domain, AS (Autonomous Systems), VLAN (Virtual LAN) Statistics Network assets discovery and categorization according to their OS and users Protocol decoders for most of known P2P (Peer to Peer) protocols Advanced 'per user' HTTP password protection with encrypted passwords RRD support for persistently storing per-host traffic information Passive remote host fingerprint (Courtesy of ettercap) HTTPS (Secure HTTP via OpenSSL) Virtual/multiple network interfaces support Graphical Charts (via gdchart) WAP support U3 support and graphical GUI (Win32 only)