NTOP

NTOP 介绍

NTOP是一个工具，显示网络使用情况，类似于流行的顶级Unix命令一样。 NTOP基于pcapture（ftp://ftp.ee.lbl.gov/pcapture.tar.Z），它已被写入在便携式方式以几乎所有的Unix平台上运行。

NTOP可以在两个交互式或web模式下使用。在第一种情况下，NTOP显示而在网络模式下的Web浏览器（如Netscape），即可连接到NTOP（充当Web服务器），并获取网络状态转储到用户终端上的网络状况。在后一种情况下，NTOP可以被看作是一个简单远程监控类试剂具有嵌入式Web界面。

NTOP使用libpcap的，对于用户级数据包捕获系统无关的接口。

资料来源：NTOP自述
NTOP 首页
 NTOP 源代码版本库

作者：Luca Deri
许可：GPLv2

包含在NTOP里的工具

NTOP - 在Web浏览器中显示网络使用情况

:~# ntop -h

Welcome to ntop v.4.99.3 (32 bit)

[Configured on Mar  2 2013  6:00:33, built on Mar  2 2013 06:01:55]

Copyright 1998-2012 by Luca Deri <deri@ntop.org>



Get the freshest ntop from http://www.ntop.org/



Usage: ntop [OPTION]



Basic options:

    [-h  --help]        Display this help and exit

    [-u <user>|--user <user>]         Userid/name to run ntop under (see man page)

    [-t <number>|--trace-level <number>]      Trace level [0-6]

    [-P <path>|--db-file-path <path>]       Path for ntop internal database files

    [-Q <path>|--spool-file-path <path>]     Path for ntop spool files

    [-w <port>|--http-server <port>]        Web server (http:) port (or address:port) 

                                             to listen on



Advanced options:

    [-4  --ipv4]                             Use IPv4 connections

    [-6  --ipv6]                             Use IPv6 connections

    [-a <file>|--access-log-file <file>]      File for ntop web server access log

    [-b  --disable-decoders]                 Disable protocol decoders

    [-c  --sticky-hosts]                     Idle hosts are not purged from memory

    [-d  --daemon]                           Run ntop in daemon mode

    [-e <number>|--max-table-rows <number>]   Maximum number of table rows to report

    [-f <file>|--traffic-dump-file <file>]         Traffic dump file (see tcpdump)

    [-g  --track-local-hosts]                Track only local hosts

    [-i <name>|--interface <name>]             Interface name or names to monitor

    [-j  --create-other-packets]            Create file ntop-other-pkts.XXX.pcap file

    [-l <path>|--pcap-log <path>]       Dump packets captured to a file (debug only!)

    [-m <addresses>|--local-subnets <addresses>]   Local subnetwork(s) (see man page)

    [-n <mode>|--numeric-ip-addresses <mode>] 

                   Numeric IP addresses DNS resolution mode:

                                            0 - No DNS resolution at all

                                            1 - DNS resolution for local hosts only

                                            2 - DNS resolution for remote hosts only

    [-p <list>|--protocols <list>]     List of IP protocols to monitor (see man page)

    [-q --create-suspicious-packets]   Create file ntop-suspicious-pkts.XXX.pcap file

    [-r <number>|--refresh-time <number>]    Refresh time in seconds, default is 120

    [-s  --no-promiscuous]                   Disable promiscuous mode

    [-x <max num hash entries> ]  Max num. hash entries ntop can handle (default 8192)

    [-z  --disable-sessions]                 Disable TCP session tracking

    [-A]                                     Ask admin user password and exit

    [--set-admin-password=<pass>]        Set password for the admin user to <pass>

    [--w3c]                              Add extra headers to make better html

    [-B <filter> --filter-expression]    Packet filter expression, like tcpdump (for 

           all interfaces)You can also set per-interface filter:eth0=tcp,eth1=udp ....

    [-C <rate> --sampling-rate] Packet capture sampling rate default: 1 (no sampling)

    [-D <name>|--domain <name>]              Internet domain name

    [-F <spec>|--flow-spec <specs>]          Flow specs (see man page)

    [-K  --enable-debug]                     Enable debug mode

    [-L]                                     Do logging via syslog

    [--use-syslog=<facility>]       Do logging via syslog, facility ('=' is REQUIRED)

    [-M  --no-interface-merge]         Don't merge network interfaces (see man page)

    [-O <path>|--pcap-file-path <path>]        Path for log files in pcap format

    [-U <URL> --mapper <URL>]          URL (mapper.pl) for displaying host location

    [-V  --version]                          Output version information and exit

    [-X <max num TCP sessions>] Max num. TCP sessions ntop can handle (default 32768)

    [--disable-instantsessionpurge]                 Disable instant FIN session purge

    [--disable-mutexextrainfo]                      Disable extra mutex info

    [--disable-stopcap]               Capture packets even if there's no memory left

    [--disable-ndpi]                  Disable nDPI for protocol discovery

    [--disable-python]                Disable Python interpreter

    [--instance <name>]         Set log name for this ntop instance

    [--p3p-cp]                        Set return value for p3p compact policy, header

    [--p3p-uri]                       Set return value for p3p policyref header

    [--skip-version-check]            Skip ntop version check

    [--known-subnets <networks>]       List of known subnets (separated by)， If the 
 
                            argument starts with @ it is assumed it is a file path ， 
 
                            E.g. 192.168.0.0/14=home,172.16.0.0/16=private



NOTE

    * You can configure further ntop options via the web

      interface [Menu Admin -> Config].

    * The command line options are not permanent, i.e. they

      are not persistent across ntop initializations.

NTOP 用法示例

显示网络使用，过滤特定的IP地址（-B“SRC主机192.168.1.1”）：

:~# ntop -B "src host 192.168.1.1"