Hi, Listers,
I love the network traffic measurement features of ntop. However, somtime,
it costs time to find the desired information, since too much info has been
put in.
It would be very useful if ntop display a network map with nodes and links
like OpenView, and shows the information when user click on nodes and links.
I have seen and tried EtherApe on SourceForge.net which display colored link
having thickness propotional with traffic => at a glance, anyone can know
how many host are active and what it is doing. Also, www.nlanr.net have
released their Cichild visualization tools, which looked cool, too. ( But
they run high speed network)
I think adding a map with data from hash table would not slow down ntop too
much, especially if ntop write Html in a dynamic way, only when receive Html
request..( and not all users can see the map)
Anyway, ntop is the greatest among the free tools I have seen and tried.
Regards,
Hung.
> Hello,
>
> I share the view expressed by Eric. Ntop is a network traffic
> monitoring, snort is an IDS.
>
> They both have their place and are very complementary tools. It would
> be a tremendous task to turn ntop into an IDS a la snort because for
> once ntop does not implement the rule engine.
>
> More stability under Linux and FreeBSD (I will try Solaris some time),
> more analysis of the traffic, more data loggin (to database) should be
> the direction of development in my opinion.
>
> Best regards,
>
> Olivier
>
>
