ابزار ntop فعالیت های شبکه در لینوکس را نمایش میدهد، مانند دستور top در لینوکس. این ابزار بر اساس pcapture و به صورت portable نوشته شده تا روی هر سیستم عامل لینوکسی با هر توزیعی قابل اجرا باشد. این ابزار می تواند هم به صورت کامندی و هم به صورت Web Based در دسترس باشد. این ابزار برای Capture نمودن پکت ها از libpcap استفاده می کند.
لینک منبع: http://www.ntop.org
لایسنس: GPLv2
سازنده: Luca Deri
نمونه ای از دستور مورد استفاده:
[email protected]:~# ntop -h Welcome to ntop v.4.99.3 (32 bit) [Configured on Mar 2 2013 6:00:33, built on Mar 2 2013 06:01:55] Copyright 1998-2012 by Luca Deri <[email protected]> Get the freshest ntop from http://www.ntop.org/ Usage: ntop [OPTION] Basic options: [-h | --help] Display this help and exit [-u | --user ] Userid/name to run ntop under (see man page) [-t | --trace-level ] Trace level [0-6] [-P | --db-file-path ] Path for ntop internal database files [-Q | --spool-file-path ] Path for ntop spool files [-w | --http-server ] Web server (http:) port (or address:port) to listen on Advanced options: [-4 | --ipv4] Use IPv4 connections [-6 | --ipv6] Use IPv6 connections [-a | --access-log-file ] File for ntop web server access log [-b | --disable-decoders] Disable protocol decoders [-c | --sticky-hosts] Idle hosts are not purged from memory [-d | --daemon] Run ntop in daemon mode [-e | --max-table-rows ] Maximum number of table rows to report [-f | --traffic-dump-file ] Traffic dump file (see tcpdump) [-g | --track-local-hosts] Track only local hosts [-i | --interface ] Interface name or names to monitor [-j | --create-other-packets] Create file ntop-other-pkts.XXX.pcap file [-l | --pcap-log ] Dump packets captured to a file (debug only!) [-m | --local-subnets ] Local subnetwork(s) (see man page) [-n | --numeric-ip-addresses ] Numeric IP addresses DNS resolution mode: 0 - No DNS resolution at all 1 - DNS resolution for local hosts only 2 - DNS resolution for remote hosts only [-p | --protocols ] List of IP protocols to monitor (see man page) [-q | --create-suspicious-packets] Create file ntop-suspicious-pkts.XXX.pcap file [-r | --refresh-time ] Refresh time in seconds, default is 120 [-s | --no-promiscuous] Disable promiscuous mode [-x ] Max num. hash entries ntop can handle (default 8192) [-z | --disable-sessions] Disable TCP session tracking [-A] Ask admin user password and exit [ | --set-admin-password=] Set password for the admin user to [ | --w3c] Add extra headers to make better html [-B ] | --filter-expression Packet filter expression, like tcpdump (for all interfaces) You can also set per-interface filter: eth0=tcp,eth1=udp .... [-C ] | --sampling-rate Packet capture sampling rate [default: 1 (no sampling)] [-D | --domain ] Internet domain name [-F | --flow-spec ] Flow specs (see man page) [-K | --enable-debug] Enable debug mode [-L] Do logging via syslog [ | --use-syslog=] Do logging via syslog, facility ('=' is REQUIRED) [-M | --no-interface-merge] Don't merge network interfaces (see man page) [-O | --pcap-file-path ] Path for log files in pcap format [-U | --mapper ] URL (mapper.pl) for displaying host location [-V | --version] Output version information and exit [-X ] Max num. TCP sessions ntop can handle (default 32768) [--disable-instantsessionpurge] Disable instant FIN session purge [--disable-mutexextrainfo] Disable extra mutex info [--disable-stopcap] Capture packets even if there's no memory left [--disable-ndpi] Disable nDPI for protocol discovery [--disable-python] Disable Python interpreter [--instance ] Set log name for this ntop instance [--p3p-cp] Set return value for p3p compact policy, header [--p3p-uri] Set return value for p3p policyref header [--skip-version-check] Skip ntop version check [--known-subnets ] List of known subnets (separated by ,) If the argument starts with @ it is assumed it is a file path E.g. 192.168.0.0/14=home,172.16.0.0/16=private
نمونه دستور کاربردی:
در این دستور فیلتر بر روی آدرس 192.168.1.1 قرار داده شده تا تنها ترافیک های مربوط به آن نمایش داده شود.
[email protected]:~# ntop -B "src host 192.168.1.1"
استاد شما یکی از بهترین استاد ها در حوزه امنیت هستید و امیدوارم هنیشه موفق باشید من بسیار خرسندم که با شما آشنا شدم.
ممنون میعاد جان