Ntop’s options
Basic options:
-h | -help Display this help and exit
-u <user> | –user <user> Userid/name to run ntop under (see man page)
-t <number> | –trace-level <number> Trace level [0-6], 6常用于调试
-P <path> | –db-file-path <path> Path for ntop internal database files
-Q <path> | –spool-file-path <path> Path for ntop spool files
-w <port> | –http-server <port> Web server port to listen on
-W <port> | –https-server <port> Web server (https:) port to listen on
Advanced options:
-4 | –ipv4 Use IPv4 connections
-6 | –ipv6 Use IPv6 connections
-a <file>| –access-log-file <file> File for ntop web server access log
-b | –disable-decoders Disable protocol decoders
-c | –sticky-hosts Idle hosts are not purged from memory
-d | –daemon Run ntop in daemon mode
-e <number> | –max-table-rows <number>
Maximum number of table rows to report
-f <file> | –traffic-dump-file <file> Traffic dump file (see tcpdump)
-g | –track-local-hosts Track only local hosts
-i <name> | –interface <name> Interface name or names to monitor
-j | –create-other-packets Create file ntop-other-pkts.XXX.pcap file
-l <path> | –pcap-log <path> Dump packets captured to a file (debug only!)
-m <addresses> | –local-subnets <addresses> Local subnetwork(s) (see man page)
-n | –numeric-ip-addresses Numeric IP addresses – no DNS resolution
-o | –no-mac ntop will trust just IP addresses (no MACs)
-p <list> | –protocols <list> List of IP protocols to monitor (see man page)
-q | –create-suspicious-packets
Create file ntop-suspicious-pkts.XXX.pcap file
-r <number> | –refresh-time <number> Refresh time in seconds, default is 120
-s | –no-promiscuous Disable promiscuous mode
-x <max num hash entries> Max num. hash entries ntop can handle (8192)
-z | –disable-sessions Disable TCP session tracking
-A Ask admin user password and exit
| –set-admin-password=<pass> Set password for the admin
| –w3c] Add extra headers to make better html
-B <filter> | –filter-expression Packet filter expression, like tcpdump
-C <rate> | –sampling-rate Packet capture sampling rate [default: 1 (no sampling)]
-D <name> | –domain <name> Internet domain name
-F <spec> | –flow-spec <specs> Flow specs (see man page)
-K | –enable-debug Enable debug mode
-L Do logging via syslog
| –use-syslog=<facility> facility (‘=’ is REQUIRED)
-M | –no-interface-merge Don’t merge network interfaces (see man page)
-N | –wwn-map Map file providing map of WWN to FCID/VSAN
-O <path> | –pcap-file-path <path> Path for log files in pcap format
-U <URL> | –mapper <URL> URL (mapper.pl) for displaying host location
-V | –version Output version information and exit
-X <max num TCP sessions> Max num. TCP sessions ntop can handle(32768)
–disable-instantsessionpurge Disable instant FIN session purge
–disable-mutexextrainfo Disable extra mutex info
–disable-schedyield Turn off sched_yield() calls, if ntop is deadlocking on them
–disable-stopcap Capture packets even if there’s no memory left
–fc-only Display only Fibre Channel statistics
–no-fc Disable processing & Display of Fibre Channel
–instance &nb
sp; Set log name for this ntop instance
–no-invalid-lun Don’t display Invalid LUN information
–p3p-cp Set return value for p3p compact policy, header
–p3p-uri Set return value for p3p policyref header
–skip-version-check Skip ntop version check
–ssl-watchdog Use ssl watchdog (NS6 problem)
–known-subnets List of known subnets (separated by ,)
If the argument starts with @ it is assumed it is a file path
E.g. 192.168.0.0/14=home,172.16.0.0/16=private
–pcap-file-list <filename> Specify a filename containing a list of pcap files to read.
If you use this flag the -i option will be ignored.