Snort mailing list archives
Re: ntop
From: Robert van der Meulen <rvdm () cistron nl>
Date: Wed, 26 Sep 2001 00:25:45 +0200
Hi, Quoting Florin Andrei (florin () sgi com):
of its documentation i've got the impression that it's more like a network traffic monitor with _some_ IDS capabilities glued together. Can anyone (who's familiar with both tools) give me some actual differences (things that are missing from ntop)?
'ntop' is a network statistics gatherer: "ntop is a Network Top program. It displays a summary of network usage by machines on your network in a format reminicent of the unix top utility. It can also be run in web mode, which allows the display to be browsed with a web browser." This is useful (tough i would prefer other software for this), but doesn't have that much to do with an IDS. Snort checks content of traffic passing to (or trough, or past) an ethernet interface, checks it for matches against a signature database of known attacks/events/interesting things, and logs that to a database or file. Greets, Robert -- Linux Generation encrypted mail preferred. finger rvdm () debian org for my GnuPG/PGP key. <Fluor> Mijn muck is ook wit! _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users