【网络流量监控工具Ntop】

ntop (stylized as ntop) is computer software that probes a computer network to show network use in a way similar to what the program top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a web server, creating a HTML dump of the network status. It supports a NetFlow-sFlow emitter-collector, a Hypertext Transfer Protocol (HTTP) based client interface for creating ntop-centric monitoring applications, and RRDtool (RRD) for persistently storing traffic statistics.

 

 

ntopng is the next generation version of the original ntop, a network traffic probe that monitors network usage. ntopng is based on libpcapand it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Windows as well.

ntopng – yes, it’s all lowercase – provides a intuitive, encrypted web user interface for the exploration of realtime and historical traffic information.

 

Main Features

• Sort network traffic according to many criteria including IP address, port, L7 protocol, throughput, Autonomous Systems (ASs)
• Show realtime network traffic and active hosts
• Produce long-term reports for several network metrics including throughput and application protocols
• Top talkers (senders/receivers), top ASs, top L7 applications
• Monitor and report live throughput, network and application latencies, Round Trip Time (RTT), TCP statistics (retransmissions, out of order packets, packet lost), and bytes and packets transmitted
• Store on disk persistent traffic statistics to allow future explorations and post-mortem analyses
• Geolocate and overlay hosts in a geographical map
• Discover application protocols (Facebook, YouTube, BitTorrent, etc) by leveraging on nDPI, ntop Deep Packet Inspection (DPI) technology
• Characterise HTTP traffic by leveraging on characterisation services provided by Google and HTTP Blacklist.
• Analyse IP traffic and sort it according to the source/destination.
• Report IP protocol usage sorted by protocol type
• Produce HTML5/AJAX network traffic statistics.
• Full support for IPv4 and IPv6
• Full Layer-2 support (including ARP statistics)
• GTP/GRE detunnelling
• Support for MySQL, ElasticSearch and LogStash export of monitored data
• Interactive historical exploration of monitored data exported to MySQL
• Alerts engine to capture anomalous and suspicious hosts
• SNMP v1/v2c support and continuous monitoring of SNMP devices