最简单的安装方法应该是从Linux的安装光盘中安装，因为它比较小只有2～3MB；很多Linux都包含这个软件。在SuSE Linux 10.1中可以找到ntop-3.2-17。
NTOP is helpful as an “emergency” tool. When you are experiencing response time delays or you suspect that something is wrong with your network, NTOP allows you to easily monitor the protocols running on your LAN and to determine the utilization of each.
NTOP comes very well when suspicious behavior is found on your network. Suppose you have a set of local clients accessing a database on your LAN. They claim that time response is very poor. You embark on a search to determine who or what is to blame. You generally have 2 options: the application or the network. You ask the application engineer(s) to determine that the application is OK. They determine that it is. You move on to the network engineers who come to find out that you have a very high retransmission packet rate caused by the server’s faulty network card (a problem to be detected by the sysadmin using standard linux/unix commands). In a situation like this, it is likely that they were able to determine this by using a tool like NTOP. Without the help of NTOP and similar tools, finding the cause of the problem could have been extremely tedious.
Some very useful sections of NTOP include:
‘Active TCP Sessions” - shows what is taking place on your network at that specific moment. For example:
Client Server Data Sent Data Rcvd Active Since Last Seen Duration
18.104.22.168 mail_server 3.6 MB 3.8 MB 12/08/99 19:40:01 12/20/99 20:47:31 12 day(s) 1:07:02
All this information can be accessed using any standard web browser. To have enough information to work on, you may wish to run NTOP for at least a couple of days (non-stop) in a production environment. (This may vary depending on the size of your network. For a medium departmental LAN, a couple of days should be fine).
‘Connection Matrix’ - shows which station is talking to what
server and the amount of traffic being exchanged
Monitoring of the most intensive bandwidth senders and receivers - Heavy traffic is not only caused by physical media but also by other system intensive actions (e.g. users downloading large files). This can cause severe bottlenecks to your LAN.
The NTOP data presentation is impressive. Bar and Pie charts are used to demonstrate protocol utilization and packet size distribution. Data gathered from the monitoring can be logged in a file for posterior plotting using any spreadsheet application such as Sun’s Star Office. If you want to keep all of the information stored for future structured retrieval, NTOP gives you the option to store it in a SQL database.