NTOP是一个工具,显示网络使用情况,类似于流行的顶级Unix命令一样。 NTOP基于pcapture(ftp://ftp.ee.lbl.gov/pcapture.tar.Z),它已被写入在便携式方式以几乎所有的Unix平台上运行。 NTOP可以在两个交互式或web模式下使用。在第一种情况下,NTOP显示而在网络模式下的Web浏览器(如Netscape),即可连接到NTOP(充当Web服务器),并获取网络状态转储到用户终端上的网络状况。在后一种情况下,NTOP可以被看作是一个简单远程监控类试剂具有嵌入式Web界面。 NTOP使用libpcap的,对于用户级数据包捕获系统无关的接口。 资料来源:NTOP自述

NTOP首页 | 卡利NTOP回购

  • 作者:卢卡DERI
  • 许可:GPL第二版

    0x01 包含在NTOP包工具

    NTOP - 在Web浏览器中显示网络使用情况
    :~# ntop -h
    Welcome to ntop v.4.99.3 (32 bit)
    [Configured on Mar  2 2013  6:00:33, built on Mar  2 2013 06:01:55]
    Copyright 1998-2012 by Luca Deri <
    Get the freshest ntop from http://www.ntop.org/
    Usage: ntop [OPTION]
    Basic options:
      [-h             | --help]                             Display this help and exit
      [-u <user>      | --user <user>]                      Userid/name to run ntop under (see man page)
      [-t <number>    | --trace-level <number>]             Trace level [0-6]
      [-P <path>      | --db-file-path <path>]              Path for ntop internal database files
      [-Q <path>      | --spool-file-path <path>]           Path for ntop spool files
      [-w <port>      | --http-server <port>]               Web server (http:) port (or address:port) to listen on
    Advanced options:
      [-4             | --ipv4]                             Use IPv4 connections
      [-6             | --ipv6]                             Use IPv6 connections
      [-a <file>      | --access-log-file <file>]           File for ntop web server access log
      [-b             | --disable-decoders]                 Disable protocol decoders
      [-c             | --sticky-hosts]                     Idle hosts are not purged from memory
      [-d             | --daemon]                           Run ntop in daemon mode
      [-e <number>    | --max-table-rows <number>]          Maximum number of table rows to report
      [-f <file>      | --traffic-dump-file <file>]         Traffic dump file (see tcpdump)
      [-g             | --track-local-hosts]                Track only local hosts
      [-i <name>      | --interface <name>]                 Interface name or names to monitor
      [-j             | --create-other-packets]             Create file ntop-other-pkts.XXX.pcap file
      [-l <path>      | --pcap-log <path>]                  Dump packets captured to a file (debug only!)
      [-m <addresses> | --local-subnets <addresses>]        Local subnetwork(s) (see man page)
      [-n <mode>      | --numeric-ip-addresses <mode>]      Numeric IP addresses DNS resolution mode:
                                                            0 - No DNS resolution at all
                                                            1 - DNS resolution for local hosts only
                                                            2 - DNS resolution for remote hosts only
      [-p <list>      | --protocols <list>]                 List of IP protocols to monitor (see man page)
      [-q             | --create-suspicious-packets]        Create file ntop-suspicious-pkts.XXX.pcap file
      [-r <number>    | --refresh-time <number>]            Refresh time in seconds, default is 120
      [-s             | --no-promiscuous]                   Disable promiscuous mode
      [-x <max num hash entries> ]                          Max num. hash entries ntop can handle (default 8192)
      [-z             | --disable-sessions]                 Disable TCP session tracking
      [-A]                                                  Ask admin user password and exit
      [               | --set-admin-password=<pass>]        Set password for the admin user to <pass>
      [               | --w3c]                              Add extra headers to make better html
      [-B <filter>]   | --filter-expression                 Packet filter expression, like tcpdump (for all interfaces)
                                                            You can also set per-interface filter:
                                                            eth0=tcp,eth1=udp ....
      [-C <rate>]     | --sampling-rate                     Packet capture sampling rate [default: 1 (no sampling)]
      [-D <name>      | --domain <name>]                    Internet domain name
      [-F <spec>      | --flow-spec <specs>]                Flow specs (see man page)
      [-K             | --enable-debug]                     Enable debug mode
      [-L]                                                  Do logging via syslog
      [               | --use-syslog=<facility>]            Do logging via syslog, facility ('=' is REQUIRED)
      [-M             | --no-interface-merge]               Don't merge network interfaces (see man page)
      [-O <path>      | --pcap-file-path <path>]            Path for log files in pcap format
      [-U <URL>       | --mapper <URL>]                     URL (mapper.pl) for displaying host location
      [-V             | --version]                          Output version information and exit
      [-X <max num TCP sessions> ]                          Max num. TCP sessions ntop can handle (default 32768)
      [--disable-instantsessionpurge]                       Disable instant FIN session purge
      [--disable-mutexextrainfo]                            Disable extra mutex info
      [--disable-stopcap]                                   Capture packets even if there's no memory left
      [--disable-ndpi]                                      Disable nDPI for protocol discovery
      [--disable-python]                                    Disable Python interpreter
      [--instance <name>]                                   Set log name for this ntop instance
      [--p3p-cp]                                            Set return value for p3p compact policy, header
      [--p3p-uri]                                           Set return value for p3p policyref header
      [--skip-version-check]                                Skip ntop version check
      [--known-subnets <networks>]                          List of known subnets (separated by ,)
                                                            If the argument starts with @ it is assumed it is a file path
      * You can configure further ntop options via the web
        interface [Menu Admin -> Config].
      * The command line options are not permanent, i.e. they
        are not persistent across ntop initializations.

    0x02 NTOP用法示例

    显示网络使用,过滤特定的IP地址 (-B“SRC主机192.168.1.1”):
:~# ntop -B "src host"


results matching ""

    No results matching ""