ntop ~ Web-based network traffic monitor

安装方法:最简单的安装方法应该是从 Linux 的安装光盘中安装,因为它比较小只有 2 ~ 3MB;很多 Linux 都包含这个软件。在 SuSE Linux 10.1 中可以找到 ntop-3.2-17。配置使用:安装之后参考说明文档做首次初始化运行,如果是通过 rpm 从 Linux 光盘中安装;相关的系统服务也已经帮你安装。在 SuSE 里运行 rcntop start 就可以启动后台进程。访问 ntop 的界面http://myserver:3000/。Tips:ntop 会吃掉比较多的内存资源,不建议在生产机上安装。它工作在第二层,采用实时抓包的方式;ntop 像是网络探针来捕获和分析网络活动,产生一些分析报表,部署时需要考虑它的部署位置。于其它系统的集成:该系统界面的访问比较的直接,没有用户认证过程。所有报表和分析结果的按两个方式保存和呈现:host 和协议。它通过 rdd 存储数据,通过 web 页面展示图片;本身不需要依赖 web server。准备尝试把它集成到 Nagios 和 OpenNMS 中。ntop 的英文说明From: http://www.ntop.org/Monitoring.htmlNTOP is helpful as an “emergency” tool. When you are experiencing response time delays or you suspect that something is wrong with your network, NTOP allows you to easily monitor the protocols running on your LAN and to determine the utilization of each.NTOP comes very well when suspicious behavior is found on your network. Suppose you have a set of local clients accessing a database on your LAN. They claim that time response is very poor. You embark on a search to determine who or what is to blame. You generally have 2 options: the application or the network. You ask the application engineer(s) to determine that the application is OK. They determine that it is. You move on to the network engineers who come to find out that you have a very high retransmission packet rate caused by the server’s faulty network card (a problem to be detected by the sysadmin using standard linux/unix commands). In a situation like this, it is likely that they were able to determine this by using a tool like NTOP. Without the help of NTOP and similar tools, finding the cause of the problem could have been extremely tedious.Some very useful sections of NTOP include:‘Active TCP Sessions" - shows what is taking place on your network at that specific moment. For example:Client Server Data Sent Data Rcvd Active Since Last Seen Duration123.231.213.1 mail_server 3.6 MB 3.8 MB 12/08/99 19:40:01 12/20/99 20:47:31 12 day(s) 1:07:02All this information can be accessed using any standard web browser. To have enough information to work on, you may wish to run NTOP for at least a couple of days (non-stop) in a production environment. (This may vary depending on the size of your network. For a medium departmental LAN, a couple of days should be fine).‘Connection Matrix’ - shows which station is talking to whatserver and the amount of traffic being exchangedMonitoring of the most intensive bandwidth senders and receivers - Heavy traffic is not only caused by physical media but also by other system intensive actions (e.g. users downloading large files). This can cause severe bottlenecks to your LAN.The NTOP data presentation is impressive. Bar and Pie charts are used to demonstrate protocol utilization and packet size distribution. Data gathered from the monitoring can be logged in a file for posterior plotting using any spreadsheet application such as Sun’s Star Office. If you want to keep all of the information stored for future structured retrieval, NTOP gives you the option to store it in a SQL database.

署名-非商业性使用-禁止演绎 4.0 (CC BY-NC-ND 4.0)
comments powered by Disqus
本博客始于 2007 年
Built with Hugo
主题 StackJimmy 设计