Snort mailing list archives

Re: ntop

From: Robert van der Meulen <rvdm () cistron nl>
Date: Wed, 26 Sep 2001 00:25:45 +0200

Hi,

Quoting Florin Andrei (florin () sgi com):

of its documentation i've got the impression that it's more like a
network traffic monitor with _some_ IDS capabilities glued together.
Can anyone (who's familiar with both tools) give me some actual
differences (things that are missing from ntop)?

'ntop' is a network statistics gatherer:
"ntop is a Network Top program. It displays a summary of network usage by
 machines on your network in a format reminicent of the unix top utility.
 It can also be run in web mode, which allows the display to be browsed with
 a web browser."

This is useful (tough i would prefer other software for this), but doesn't
have that much to do with an IDS.
Snort checks content of traffic passing to (or trough, or past) an ethernet
interface, checks it for matches against a signature database of known
attacks/events/interesting things, and logs that to a database or file.

Greets,
        Robert


-- 
                              Linux Generation
   encrypted mail preferred. finger rvdm () debian org for my GnuPG/PGP key.
                       <Fluor> Mijn muck is ook wit!

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ntop Florin Andrei (Sep 25)
- Re: ntop Robert van der Meulen (Sep 25)
  - Re: ntop Florin Andrei (Sep 25)
- <Possible follow-ups>
- RE: ntop Fraser Hugh (Sep 26)