NTOP 介绍
NTOP是一个工具,显示网络使用情况,类似于流行的顶级Unix命令一样。 NTOP基于pcapture(ftp://ftp.ee.lbl.gov/pcapture.tar.Z),它已被写入在便携式方式以几乎所有的Unix平台上运行。
NTOP可以在两个交互式或web模式下使用。在第一种情况下,NTOP显示而在网络模式下的Web浏览器(如Netscape),即可连接到NTOP(充当Web服务器),并获取网络状态转储到用户终端上的网络状况。在后一种情况下,NTOP可以被看作是一个简单远程监控类试剂具有嵌入式Web界面。
NTOP使用libpcap的,对于用户级数据包捕获系统无关的接口。
资料来源:NTOP自述
NTOP 首页
NTOP 源代码版本库
- 作者:Luca Deri
- 许可:GPLv2
包含在NTOP里的工具
NTOP - 在Web浏览器中显示网络使用情况
:~# ntop -h
Welcome to ntop v.4.99.3 (32 bit)
[Configured on Mar 2 2013 6:00:33, built on Mar 2 2013 06:01:55]
Copyright 1998-2012 by Luca Deri <deri@ntop.org>
Get the freshest ntop from http://www.ntop.org/
Usage: ntop [OPTION]
Basic options:
[-h --help] Display this help and exit
[-u <user>|--user <user>] Userid/name to run ntop under (see man page)
[-t <number>|--trace-level <number>] Trace level [0-6]
[-P <path>|--db-file-path <path>] Path for ntop internal database files
[-Q <path>|--spool-file-path <path>] Path for ntop spool files
[-w <port>|--http-server <port>] Web server (http:) port (or address:port)
to listen on
Advanced options:
[-4 --ipv4] Use IPv4 connections
[-6 --ipv6] Use IPv6 connections
[-a <file>|--access-log-file <file>] File for ntop web server access log
[-b --disable-decoders] Disable protocol decoders
[-c --sticky-hosts] Idle hosts are not purged from memory
[-d --daemon] Run ntop in daemon mode
[-e <number>|--max-table-rows <number>] Maximum number of table rows to report
[-f <file>|--traffic-dump-file <file>] Traffic dump file (see tcpdump)
[-g --track-local-hosts] Track only local hosts
[-i <name>|--interface <name>] Interface name or names to monitor
[-j --create-other-packets] Create file ntop-other-pkts.XXX.pcap file
[-l <path>|--pcap-log <path>] Dump packets captured to a file (debug only!)
[-m <addresses>|--local-subnets <addresses>] Local subnetwork(s) (see man page)
[-n <mode>|--numeric-ip-addresses <mode>]
Numeric IP addresses DNS resolution mode:
0 - No DNS resolution at all
1 - DNS resolution for local hosts only
2 - DNS resolution for remote hosts only
[-p <list>|--protocols <list>] List of IP protocols to monitor (see man page)
[-q --create-suspicious-packets] Create file ntop-suspicious-pkts.XXX.pcap file
[-r <number>|--refresh-time <number>] Refresh time in seconds, default is 120
[-s --no-promiscuous] Disable promiscuous mode
[-x <max num hash entries> ] Max num. hash entries ntop can handle (default 8192)
[-z --disable-sessions] Disable TCP session tracking
[-A] Ask admin user password and exit
[--set-admin-password=<pass>] Set password for the admin user to <pass>
[--w3c] Add extra headers to make better html
[-B <filter> --filter-expression] Packet filter expression, like tcpdump (for
all interfaces)You can also set per-interface filter:eth0=tcp,eth1=udp ....
[-C <rate> --sampling-rate] Packet capture sampling rate default: 1 (no sampling)
[-D <name>|--domain <name>] Internet domain name
[-F <spec>|--flow-spec <specs>] Flow specs (see man page)
[-K --enable-debug] Enable debug mode
[-L] Do logging via syslog
[--use-syslog=<facility>] Do logging via syslog, facility ('=' is REQUIRED)
[-M --no-interface-merge] Don't merge network interfaces (see man page)
[-O <path>|--pcap-file-path <path>] Path for log files in pcap format
[-U <URL> --mapper <URL>] URL (mapper.pl) for displaying host location
[-V --version] Output version information and exit
[-X <max num TCP sessions>] Max num. TCP sessions ntop can handle (default 32768)
[--disable-instantsessionpurge] Disable instant FIN session purge
[--disable-mutexextrainfo] Disable extra mutex info
[--disable-stopcap] Capture packets even if there's no memory left
[--disable-ndpi] Disable nDPI for protocol discovery
[--disable-python] Disable Python interpreter
[--instance <name>] Set log name for this ntop instance
[--p3p-cp] Set return value for p3p compact policy, header
[--p3p-uri] Set return value for p3p policyref header
[--skip-version-check] Skip ntop version check
[--known-subnets <networks>] List of known subnets (separated by), If the
argument starts with @ it is assumed it is a file path ,
E.g. 192.168.0.0/14=home,172.16.0.0/16=private
NOTE
* You can configure further ntop options via the web
interface [Menu Admin -> Config].
* The command line options are not permanent, i.e. they
are not persistent across ntop initializations.
NTOP 用法示例
显示网络使用,过滤特定的IP地址(-B“SRC主机192.168.1.1”):
:~# ntop -B "src host 192.168.1.1"