ntop ~ Web-based network traffic monitor

安装方法：
最简单的安装方法应该是从Linux的安装光盘中安装，因为它比较小只有2～3MB；很多Linux都包含这个软件。在SuSE Linux 10.1中可以找到ntop-3.2-17。

配置使用：
安装之后参考说明文档做首次初始化运行，如果是通过rpm从Linux光盘中安装；相关的系统服务也已经帮你安装。在SuSE里运行rcntop start就可以启动后台进程。访问ntop的界面http://myserver:3000/。

Tips：
ntop会吃掉比较多的内存资源，不建议在生产机上安装。它工作在第二层，采用实时抓包的方式；ntop像是网络探针来捕获和分析网络活动，产生一些分析报表，部署时需要考虑它的部署位置。

于其它系统的集成：
该系统界面的访问比较的直接，没有用户认证过程。所有报表和分析结果的按两个方式保存和呈现：host和协议。它通过rdd存储数据，通过web页面展示图片；本身不需要依赖web server。准备尝试把它集成到Nagios和OpenNMS中。

ntop的英文说明
From: http://www.ntop.org/Monitoring.html
NTOP is helpful as an "emergency" tool. When you are experiencing response time delays or you suspect that something is wrong with your network, NTOP allows you to easily monitor the protocols running on your LAN and to determine the utilization of each.

NTOP comes very well when suspicious behavior is found on your network. Suppose you have a set of local clients accessing a database on your LAN. They claim that time response is very poor. You embark on a search to determine who or what is to blame. You generally have 2 options: the application or the network. You ask the application engineer(s) to determine that the application is OK. They determine that it is. You move on to the network engineers who come to find out that you have a very high retransmission packet rate caused by the server's faulty network card (a problem to be detected by the sysadmin using standard linux/unix commands). In a situation like this, it is likely that they were able to determine this by using a tool like NTOP. Without the help of NTOP and similar tools, finding the cause of the problem could have been extremely tedious.

Some very useful sections of NTOP include:

'Active TCP Sessions" - shows what is taking place on your network at that specific moment. For example:

Client Server Data Sent Data Rcvd Active Since Last Seen Duration
123.231.213.1 mail_server 3.6 MB 3.8 MB 12/08/99 19:40:01 12/20/99 20:47:31 12 day(s) 1:07:02

All this information can be accessed using any standard web browser. To have enough information to work on, you may wish to run NTOP for at least a couple of days (non-stop) in a production environment. (This may vary depending on the size of your network. For a medium departmental LAN, a couple of days should be fine).

'Connection Matrix' - shows which station is talking to what
server and the amount of traffic being exchanged

Monitoring of the most intensive bandwidth senders and receivers - Heavy traffic is not only caused by physical media but also by other system intensive actions (e.g. users downloading large files). This can cause severe bottlenecks to your LAN.

The NTOP data presentation is impressive. Bar and Pie charts are used to demonstrate protocol utilization and packet size distribution. Data gathered from the monitoring can be logged in a file for posterior plotting using any spreadsheet application such as Sun's Star Office. If you want to keep all of the information stored for future structured retrieval, NTOP gives you the option to store it in a SQL database.