Information, tools and how-to's for the new intrusion analyst. Mentoring by blogging.
Monday, July 1, 2013
New NTOP
The primary author of ntop, Luca Deri has announced that a new, rewritten from the ground up version of ntop has been released. Renamed ntopng, info and download links are available here. If you're not familiar with this great open-source tool, ntop monitors traffic on an interface (or multiple interfaces) and tracks connections, bandwidth usage, protocols, top talkers and the like and supports taking netflows from infrastructure equipment (supports sFlow, NetFlow and IPFIX). Putting an ntop instance on your packet audit box can be a great tool for tracking hosts from EOI's and can show you changes in traffic patterns that might indicate increased interest in your network from the outside. It can also quickly show you all the hosts an infected box talked to and how much traffic was passed, which might give you an indication of data leakage. It's not specifically designed as a NetSec tool, but it certainly fills the role as a good correlation tool. You can also feed it your pcaps to get a snapshot in time of network traffic you're interested in.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment