Submitted by Jeffrey Botts

ntop From the developers website:

What is NTop-XTRA?

When all is said and done, network traffic is a collection of computers talking to each other. ntop will show you - in an easy to digest form - a detailed breakdown of the conversations.

You’ll be able to see which computer is talking to which other computer, and what protocol(s) they are using. If you want to know who is utilizing your server the most then ntop is perfect for you. Do you have a WAN link that is full up and you don’t know why? Use ntop to break the traffic down so that you will see instantly where the bandwith is going.

Whether you are running on a 10Mb network or a gigabit Ethernet network you will find ntop scales well to suit your needs.

The great thing about ntop is that it decodes your network traffic for you, giving you the information you need without all of the technical detail you don’t need.

ntop is a high quality, scalable and reliable’ll wonder how you ever managed without it.

NTop-XTRA Features

  • ntop sports a web based interface for browsing network traffic information as well as limited configuration and administration functionality.
  • ntop runs as a service under Microsoft Windows so that you do not need to be logged in for it to work.
  • Network traffic may be filtered so that only the traffic you specified is analyzed. So, for instance, if you’re only interested in the IP traffic you can filter out all other traffic. The filter language is the same as the packet capture filter language used by Ethereal and tcpdump.

ntop is a full featured tool, with hundreds of features, here is a summary of what ntop can do for you

  • Display traffic statistics
  • Breakdown the network protocols running on your network
  • Store traffic statistics in RRDTool format for historical analysis and trending
  • Assist with identifying your users
  • Identify host operating systems without disturbing your network
  • Breakdown IP traffic by conversation
  • Breakdown IP traffic statistics by port
  • Breakdown IP traffic by subnet
  • Act as a NetFlow/sFlow probe and collector (as supported by Cisco, Juniper and Foundry devices

I prefer the OSSIM (Open Source Security Information Management) implementation of NTop because of its comprehensive network flow control and security scanning but it runs on Linux.

Subscribe to 4sysops newsletter!


  1. WRJ 15 years ago

    NTOP-XTRA is a quick way to get some network information out of a windows server/client in a pinch. I agree with the author that once one hits unix or linux worlds there are better packages of ntop.

  2. Leonardo 15 years ago

    Haven’t seen that name in ages… I thought that by some alchemy they had “solved” the switched network “issue”… My switches are too stupid to be told what to do.

  3. Jacky 15 years ago

    the tool is terrific! i download and used it’s so great! thank you very much.

  4. Jeff 15 years ago

    Hi Jacky,

    I’m glad that you like it. I felt the same way about it when I found it.

    If you like this, you should check out OSSIM. It is a Network Traffic Monitoring/ Network Security system that installs on any linux distro. There is an sutomated installer that installs everything for you on Debain. I changed to this once I found it, and run it as a VM in ESX.

    It includes:

    * Arpwatch, used for mac anomaly detection.
    * P0f, used for passive OS detection and os change analisys.
    * Pads, used for service anomaly detection.
    * Nessus, used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
    * Snort, the IDS, also used for cross correlation with nessus.
    * Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
    * Tcptrack, used for session data information which can grant useful information for attack correlation.
    * Ntop, which builds an impressive network information database from which we can get aberrant behaviour anomaly detection.
    * Nagios. Being fed from the host asset database it monitors host and service availability information.
    * Osiris, a great HIDS.
    * OCS-NG, Cross-Platform inventory solution.
    * OSSEC, integrity, rootkit, registry detection and more.



  5. Jacky 15 years ago

    Hi Jeff,
    Thanks for your advice. but i’m not familiar with linux now.maybe i need to learn it more.
    your blog is so valuable, i used to have a look at it.
    BTW, i’m from china, happy labor day!

  6. Ronin Vladiamhe 15 years ago

    I’m always looking to admin tools to add to my 8GB Toolkit (flash drive). Does NTop-XTRA fill the bill, or does it require a permanent hard drive home?

  7. Jeff 15 years ago

    Hi Ronin,

    Ntop-XTRA must be installed on a hard disk. You could use a USB Linux distro like Damn Small Linux with the persistent option and install the Linux version of Ntop on it and be able to run from a USB flash drive. It works quite well.


  8. Ronin Vladiamhe 15 years ago

    “NOTE: This package is no longer updated or supported by OPENXTRA.” What’s the 411 with that?

  9. hanu_blr 15 years ago

    ntop-xtra is no more available on the home page, now where can i find a copy of it for win32. hv been googling but no luck, any wrking url plz..


  10. st3rling 15 years ago

    Found this one is still alive. Just click on Big Green button to download. Once downloaded, extract it. The actual ntop-extra is inside another .exe file.

  11. st3rling 15 years ago

    Oops, sorry forgot to paste the link:

  12. st3rling, thanks! I hope you checked the file with an anti-virus software. 😉

  13. st3rling 15 years ago

    I did check it for viruses. Several times. Using different scans 🙂 Anyway, I already installed it and it works great!

  14. Ronin Vladiamhe 15 years ago

    With it support from it makes nonexistent, I’m a little hesitant about downloading it from the link provided by st3rling, and the nightmares that might be lurking. Of course, I’ll probablly download it and give it a look anyway.

  15. PowerOp 14 years ago

    the one that @st3rling provided need to extract one more time, so maybe we could use this one:

    Already uploaded to VirusTotal
    all the 41 antivirus software reported clean 🙂

    You can check out mine upload result report or upload again by yourself:

  16. Nabilios 13 years ago

    Hi Guys,

    I am going implement an nTop on my network,but i am confused about which platform is good (Linux or Windows),and please can you tell me why?

    I am looking forward to your reply.

    Many Thanks


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account