[Snort-users] ntop

Robert van der Meulen rvdm at ...1262...
Tue Sep 25 15:28:03 EDT 2001


Quoting Florin Andrei (florin at ...3506...):
> of its documentation i've got the impression that it's more like a
> network traffic monitor with _some_ IDS capabilities glued together.
> Can anyone (who's familiar with both tools) give me some actual
> differences (things that are missing from ntop)?
'ntop' is a network statistics gatherer:
"ntop is a Network Top program. It displays a summary of network usage by
 machines on your network in a format reminicent of the unix top utility.
 It can also be run in web mode, which allows the display to be browsed with
 a web browser."

This is useful (tough i would prefer other software for this), but doesn't
have that much to do with an IDS.
Snort checks content of traffic passing to (or trough, or past) an ethernet
interface, checks it for matches against a signature database of known
attacks/events/interesting things, and logs that to a database or file.


			      Linux Generation
   encrypted mail preferred. finger rvdm at ...1015... for my GnuPG/PGP key.
		       <Fluor> Mijn muck is ook wit!

More information about the Snort-users mailing list