ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics. License: GNU General Public License (GPL) Changes:
Fixes were made for detecting buffer overflows. Fixes were made for avoiding a crash in case of low memory. Tiny icon change was done. Embedded perl fixes were made. GeoIP installation was added into the makefile. Win32 fixes were made.
I have been asked to place 2 (1 NTOP & 1 SNORT) boxes within our network as part of our tool kit for network monitoring and Intrusion detection. Out network is very simplistic and it layed out like this:
internet
|
|
Cisco 1811 Router (8x Layer 2 switch ports)
... (0 Replies)
I have installed version of ntop 4.0.3 by guide.
But I can't start ntop daemon/service. I didn't find a service file for starting.
During the installation there was no problem only want to RRDTool so I installed that. Now there is no necessary package required.
I didn't find in /etc/init.d/... (9 Replies)
Hi folks,
Any folk has experience on ntop/Nmon
ntop - network top
and its spinoff NMON
Welcome to nmon.net
Nmon
Nmon - Wikipedia, the free encyclopedia
nmon for AIX and Linux Performance Monitoring
IBM Wikis - AIX 5L Wiki - nmon
A free tool to analyze AIX and Linux... (5 Replies)
IFPPS(8) netsniff-ng toolkit IFPPS(8)NAME
ifpps - top-like networking and system statistics
SYNOPSIS
ifpps { [options] | [device] }
DESCRIPTION
ifpps is a small utility which periodically provides top-like networking and system statistics from the kernel. ifpps gathers its data
directly from procfs files and does not make use of any user space monitoring libraries which would falsify statistics under high load.
For instance, consider the following scenario: two directly connected Linux machines with Intel Core 2 Quad Q6600 2.40GHz CPUs, 4 GB RAM,
and an Intel 82566DC-2 Gigabit Ethernet NIC are used for performance evaluation. One machine generates 64 byte network packets by using
the kernel space packet generator pktgen with a maximum possible packet rate. The other machine displays statistics about incoming network
packets by using i) iptraf(8) and ii) ifpps.
iptraf which incorporates pcap(3) shows an average packet rate of 246,000 pps while on the other hand ifpps shows an average packet rate of
1,378,000 pps. Hence, due to packet copies and deferring statistics creation into user space, a measurement error of approximately 460 per-
cent occurs. Tools like iptraf might display much more information such as TCP per flow statistics (hence the use of the pcap library).
This is not possible with ifpps, because overall networking statistics are its focus; statistics, which are also fairly reliable under high
packet load.
ifpps also periodically displays CPU load, interrupt, software interrupt data per sample interval as well as total interrupts, all per CPU.
In case the number of CPUs exceeds 5 or the number specified by the user with the "-n" command line option, ifpps will only display this
number top heavy hitters. The topmost heavy hitter CPU will be marked with "+". The least heavy hitter will always be displayed and is
marked with "-". In addition, the average for all the above per-CPU data is shown. Optionally the median values can be displayed using the
"-m" command line option.
ifpps also supports directly the gnuplot(1) data sample format. This facilitates creation of gnuplot figures from ifpps time series.
OPTIONS -d <netdev>, --dev <netdev>
Networking device to fetch statistics from, for example eth0, wlan0.
-n, --num-cpus
Set maximum number of top hitter CPUs (in terms of time spent in system/user mode) to display in ncurses mode, default is 10.
-t <time>, --interval <time>
Statistics refresh interval in milliseconds, default is 1000ms.
-c, --csv
Output (once) the ncurses data to the terminal as gnuplot(1)-ready data.
-l, --loop
Continuously output the terminal data after a refresh interval. This option is only available, if option "-c" is given. For "-l" it is usu-
ally recommended to redirect the output into a file that is to be be processed later with gnuplot(1).
-m, --median
Show median values across all CPUs for CPU load, interrupts (per interval and absolute) and software interrupts.
-p, --promisc
Turn on promiscuous mode for the given networking device.
-W, --no-warn
Suppress possible warnings in the ncurses output, e.g. about a too low sampling interval that could cause performance regression.
-v, --version
Show version information.
-h, --help
Show user help.
USAGE EXAMPLE
ifpps eth0
Default ncurses output for the eth0 device.
ifpps -pd eth0
Ncurses output for the eth0 device in promiscuous mode.
ifpps -lpcd wlan0 > plot.dat
Continuous terminal output for the wlan0 device in promiscuous mode.
NOTE
On 10Gbit/s cards or higher, receive and transmit statistics are usually accumulated at a higher duration interval than 1 second. Thus, it
might be advisable to alter the timing to a higher accumulation interval for such cards.
LEGAL
ifpps is licensed under the GNU GPL version 2.0.
HISTORY
ifpps was originally written for the netsniff-ng toolkit by Daniel Borkmann. It is currently maintained by Tobias Klauser <tklauser@dis-
tanz.ch> and Daniel Borkmann <dborkma@tik.ee.ethz.ch>.
SEE ALSO netsniff-ng(8), trafgen(8), mausezahn(8), bpfc(8), flowtop(8), astraceroute(8), curvetun(8)AUTHOR
Manpage was written by Daniel Borkmann.
COLOPHON
This page is part of the Linux netsniff-ng toolkit project. A description of the project, and information about reporting bugs, can be
found at http://netsniff-ng.org/.
Linux 03 March 2013 IFPPS(8)