I've been trying to use ntop at my organization for a while and have had nothing but problems with it. The system I run it on is a fairly vanilla Redhat 5 system (Sun X4140) and ntop seems to run for a couple of days and then crashes. We've had to script automatic restarts of ntop, but when the crashes combine with the fact that ntop doesn't persist most of its metrics it becomes a dealbreaker for us.
What are the big competitors for ntop? I've played with a few of the other open source tools, and most seem to not match the features (and the majority seem to have not been updated in a long time). Are there any commercial replacements for ntop, or even hardware devices that can provide the same functionality?
You can use an RMON2 probe and setup your switch to mirror all the traffic to some (free) port. This can be done in hardware or software (appliance/roll your own). This way you see what's really happening across your whole network, not only locally. Different approach than ntop, but may help anyways.
I went with a combination of fprobe, nfdump, and nfsen -- mostly because ntop didn't give me the information I wanted. My issue seemed to be that the quantity of traffic overwhelmed ntop, with the result that the web interface would generate garbage links into itself that didn't work.