Ntop is a network probe which uses a NIC in "promiscuous" mode, attached
to the network through a hub, a monitoring port on a switch, or a
network tap. It basically sees all network traffic on that segment of
the network. You wouldn't want to run it on your firewall, as it is
resource intensive and not sufficiently stable for such a device.
How to build a passive ethernet tap: http://www.snort.org/docs/tap/
Chris Mason (Lists) wrote:
> Benjamin H. Henry wrote:
>> Take a look at ntop: http://ntop.org. It gives you so much info about
>> every node on your network it's scary. An easy way to try ntop is by
>> using the Network Security Toolkit http://nst.sourceforge.net/nst/, a
>> bootable Live CD which includes ntop.
> How would this work? If the application is not running on the firewall,
> how would ntop know what packets were going through the firewall?