「ntopng」

  LINUX MANUAL PAGES

ntopng,高速的基于Web的流量分析和收集工具。

ntopng is the next generation version of the original ntop, a network
traffic probe that shows the network usage, similar to what the popular
top Unix command does. ntop is based on libpcap and it has been written
in a portable way in order to virtually run on every Unix platform,
MacOSX and on Win32 as well.
.
ntopng users can use a web browser to navigate through ntop (that acts as a
web server) traffic information and get a dump of the network status. In the
latter case, ntop can be seen as a simple RMON-like agent with an embedded web
interface. The use of:
.
* a web interface
* limited configuration and administration via the web interface
* reduced CPU and memory usage (they vary according to network size and
traffic)
.
What ntopng can do:
* Sort network traffic according to many protocols
* Show network traffic and IPv4/v6 active hosts
* Store on disk persistent traffic statistics in RRD format
* Geolocate hosts
* Discover application protocols by leveraging on nDPI, ntop’s DPI

framework

* Characterise HTTP traffic by leveraging on characterisation services

provided by block.si. ntopng comes with a demo characterisation key, but if

you need a permanent one, please mail
info@block.si

* Show IP traffic distribution among the various protocols

* Analyse IP traffic and sort it according to the source/destination

* Display IP Traffic Subnet matrix (who’s talking to who?)

* Report IP protocol usage sorted by protocol type

* Act as a NetFlow/sFlow collector for flows generated by routers (e.g.

Cisco and Juniper) or switches (e.g. Foundry Networks) when used together

with nProbe

* Produce HTML5/AJAX network traffic statistics

参考文献