ntop: Showing the real network performance on end user level

An overview of the main features

ntop is open source (GPL) network traffic tool that shows network usage in real time. The solution supports various management activities, including network optimization and planning, and detection of network security violations. ntop users can use a web browser to navigate through the solution (that acts as a web server) and get a dump of the network status.

The ntop project has been initiated in 1998 by Luca Deri, a University professor from Pisa, and it is now maintained by a wider group of developers.


ntop users are able to:

  • Sort network traffic according to many protocols, i.e. IPv4/IPv6, IPX, DecNet, AppleTalk, Netbios, OSI eDLC
  • Show network traffic sorted according to various additional criteria
  • Display traffic statistics
  • Store on disk persistent traffic statistics in RRD format
  • Identify the identity (e.g. email address) of computer users
  • Passively (i.e. without sending probe packets) identify the host OS
  • Show IP traffic distribution among the various protocols
  • Analyse IP traffic and sort it according to the source/destination
  • Display IP Traffic Subnet matrix (who's talking to who?)
  • Report IP protocol usage sorted by protocol type
  • Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
  • Produce RMON-like network traffic statistics

Supported platforms

  • Unix (including Linux, *BSD, Solaris, and MacOSX)
  • Win32 (Win95 and above including Vista)

Supported media

  • Loopback
  • Ethernet (including 802.11Q)
  • Token Ring
  • Raw IP
  • FDDI
  • FibreChannel ...and many more

Supported protocols

  • IPv4/IPv6
  • IPX
  • DecNet
  • AppleTalk
  • Netbios
  • OSI
  • DLC

Additional features

  • VoIP support (SIP, Cisco SCCP and Asterisk IAX)
  • NetFlow (including v5 and v9) and IPFIX support
  • Network Flows
  • Local Traffic Analysis
  • Multithread and MP (MultiProcessor) support on both Unix and Win32
  • Python lightweight API for extending ntop via scripts
  • Support of both NetFlow and Flow as flow collector. ntop can collect simultaneously from multiple probes.
  • Traffic statistics are saved into RRD databases for long-run traffic analysis.
  • Internet Domain, AS (Autonomous Systems), VLAN (Virtual LAN) Statistics
  • Network assets discovery and categorization according to their OS and users
  • Protocol decoders for many internet protocols
  • Advanced 'per user' HTTP password protection with encrypted passwords
  • RRD support for persistently storing per-host traffic information
  • Passive remote host fingerprint (Courtesy of ettercap)
  • HTTPS (Secure HTTP via OpenSSL)
  • Virtual/multiple network interfaces support
  • Graphical ntop launcher (Win32 only)
Teilen & Drucken :