Robert van der Meulen
rvdm at ...1262...
Tue Sep 25 15:28:03 EDT 2001
Quoting Florin Andrei (florin at ...3506...):
> of its documentation i've got the impression that it's more like a
> network traffic monitor with _some_ IDS capabilities glued together.
> Can anyone (who's familiar with both tools) give me some actual
> differences (things that are missing from ntop)?
'ntop' is a network statistics gatherer:
"ntop is a Network Top program. It displays a summary of network usage by
machines on your network in a format reminicent of the unix top utility.
It can also be run in web mode, which allows the display to be browsed with
a web browser."
This is useful (tough i would prefer other software for this), but doesn't
have that much to do with an IDS.
Snort checks content of traffic passing to (or trough, or past) an ethernet
interface, checks it for matches against a signature database of known
attacks/events/interesting things, and logs that to a database or file.
encrypted mail preferred. finger rvdm at ...1015... for my GnuPG/PGP key.
<Fluor> Mijn muck is ook wit!
More information about the Snort-users