NTOP包装说明
NTOP是一个工具,显示网络使用情况,类似于流行的顶级Unix命令一样。 NTOP基于pcapture(ftp://ftp.ee.lbl.gov/pcapture.tar.Z),它已被写入在便携式方式以几乎所有的Unix平台上运行。 NTOP可以在两个交互式或web模式下使用。在第一种情况下,NTOP显示而在网络模式下的Web浏览器(如Netscape),即可连接到NTOP(充当Web服务器),并获取网络状态转储到用户终端上的网络状况。在后一种情况下,NTOP可以被看作是一个简单远程监控类试剂具有嵌入式Web界面。 NTOP使用libpcap的,对于用户级数据包捕获系统无关的接口。 资料来源:NTOP自述
- 作者:卢卡DERI
- 许可:GPL第二版
0x01 包含在NTOP包工具
NTOP - 在Web浏览器中显示网络使用情况:~# ntop -h Welcome to ntop v.4.99.3 (32 bit) [Configured on Mar 2 2013 6:00:33, built on Mar 2 2013 06:01:55] Copyright 1998-2012 by Luca Deri < > Get the freshest ntop from http://www.ntop.org/ Usage: ntop [OPTION] Basic options: [-h | --help] Display this help and exit [-u <user> | --user <user>] Userid/name to run ntop under (see man page) [-t <number> | --trace-level <number>] Trace level [0-6] [-P <path> | --db-file-path <path>] Path for ntop internal database files [-Q <path> | --spool-file-path <path>] Path for ntop spool files [-w <port> | --http-server <port>] Web server (http:) port (or address:port) to listen on Advanced options: [-4 | --ipv4] Use IPv4 connections [-6 | --ipv6] Use IPv6 connections [-a <file> | --access-log-file <file>] File for ntop web server access log [-b | --disable-decoders] Disable protocol decoders [-c | --sticky-hosts] Idle hosts are not purged from memory [-d | --daemon] Run ntop in daemon mode [-e <number> | --max-table-rows <number>] Maximum number of table rows to report [-f <file> | --traffic-dump-file <file>] Traffic dump file (see tcpdump) [-g | --track-local-hosts] Track only local hosts [-i <name> | --interface <name>] Interface name or names to monitor [-j | --create-other-packets] Create file ntop-other-pkts.XXX.pcap file [-l <path> | --pcap-log <path>] Dump packets captured to a file (debug only!) [-m <addresses> | --local-subnets <addresses>] Local subnetwork(s) (see man page) [-n <mode> | --numeric-ip-addresses <mode>] Numeric IP addresses DNS resolution mode: 0 - No DNS resolution at all 1 - DNS resolution for local hosts only 2 - DNS resolution for remote hosts only [-p <list> | --protocols <list>] List of IP protocols to monitor (see man page) [-q | --create-suspicious-packets] Create file ntop-suspicious-pkts.XXX.pcap file [-r <number> | --refresh-time <number>] Refresh time in seconds, default is 120 [-s | --no-promiscuous] Disable promiscuous mode [-x <max num hash entries> ] Max num. hash entries ntop can handle (default 8192) [-z | --disable-sessions] Disable TCP session tracking [-A] Ask admin user password and exit [ | --set-admin-password=<pass>] Set password for the admin user to <pass> [ | --w3c] Add extra headers to make better html [-B <filter>] | --filter-expression Packet filter expression, like tcpdump (for all interfaces) You can also set per-interface filter: eth0=tcp,eth1=udp .... [-C <rate>] | --sampling-rate Packet capture sampling rate [default: 1 (no sampling)] [-D <name> | --domain <name>] Internet domain name [-F <spec> | --flow-spec <specs>] Flow specs (see man page) [-K | --enable-debug] Enable debug mode [-L] Do logging via syslog [ | --use-syslog=<facility>] Do logging via syslog, facility ('=' is REQUIRED) [-M | --no-interface-merge] Don't merge network interfaces (see man page) [-O <path> | --pcap-file-path <path>] Path for log files in pcap format [-U <URL> | --mapper <URL>] URL (mapper.pl) for displaying host location [-V | --version] Output version information and exit [-X <max num TCP sessions> ] Max num. TCP sessions ntop can handle (default 32768) [--disable-instantsessionpurge] Disable instant FIN session purge [--disable-mutexextrainfo] Disable extra mutex info [--disable-stopcap] Capture packets even if there's no memory left [--disable-ndpi] Disable nDPI for protocol discovery [--disable-python] Disable Python interpreter [--instance <name>] Set log name for this ntop instance [--p3p-cp] Set return value for p3p compact policy, header [--p3p-uri] Set return value for p3p policyref header [--skip-version-check] Skip ntop version check [--known-subnets <networks>] List of known subnets (separated by ,) If the argument starts with @ it is assumed it is a file path E.g. 192.168.0.0/14=home,172.16.0.0/16=private NOTE * You can configure further ntop options via the web interface [Menu Admin -> Config]. * The command line options are not permanent, i.e. they are not persistent across ntop initializations.0x02 NTOP用法示例
显示网络使用,过滤特定的IP地址 (-B“SRC主机192.168.1.1”):
:~# ntop -B "src host 192.168.1.1"
原文来自https://www.hackfun.org/kali-tools/ntop_zh.html。转载请注明原出处,商用请联系原作者授权。