Ntop
ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.
Install
Using svn is probably the easiest way to download the source:
mkdir my_ntop_goes_here cd my_ntop_goes_here svn co https://svn.ntop.org/svn/ntop/trunk/ntop
Now you need to compile ntop:
cd ntop ./autogen.sh make make install # as root
Usage
Note:After installing ntop
one must provide an admin password (first run only).
Once ntop
is installed, you must provide an administrative password on the first run.
- Run
ntop
directly:
ntop -A
This will start ntop
, ask you for the admin password, and then exit. After that, you can start ntop
and begin monitoring network traffic.
- basic invocation:
ntop -P /var/lib/ntop
This will start ntop
and write the database files to the directory /var/lib/ntop
(note: You must start ntop
as root, however, you can give users permission as well).
Instead of running ntop
as root all the time, run it as a dedicated user. To create the user ntop, execute:
groupadd ntop useradd -M -s /bin/false -d /var/lib/ntop -c "ntop user" -g ntop ntop
These two commands will create the user and group for ntop
(you can also add the group to /etc/group
).
Finally, start ntop
and tell which user to drop privileges:
ntop -P /var/lib/ntop -u ntop
- have
ntop
listen to port 4000 and only accept HTTPS traffic
ntop -w 0 -W 4000
- have
ntop
listen on port 3000 for HTTP traffic and port 4000 for HTTPS traffic
ntop -w 3000 -W 4000.
To have ntop
start at boot and constantly watch traffic, add the following to /etc/init.d/rc.local
(or a similar script that is started at boot, depending on your distribution):
ntop -P /var/lib/ntop -u ntop -d
Specifying the -d
option tells ntop
to daemonise and fork to the background.