ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.
Using svn is probably the easiest way to download the source:
mkdir my_ntop_goes_here cd my_ntop_goes_here svn co https://svn.ntop.org/svn/ntop/trunk/ntop
Now you need to compile ntop:
cd ntop ./autogen.sh make make install # as root
ntop one must provide an admin password (first run only).
ntop is installed, you must provide an administrative password on the first run.
This will start
ntop, ask you for the admin password, and then exit. After that, you can start
ntop and begin monitoring network traffic.
- basic invocation:
ntop -P /var/lib/ntop
This will start
ntop and write the database files to the directory
/var/lib/ntop (note: You must start
ntop as root, however, you can give users permission as well).
Instead of running
ntop as root all the time, run it as a dedicated user. To create the user ntop, execute:
groupadd ntop useradd -M -s /bin/false -d /var/lib/ntop -c "ntop user" -g ntop ntop
These two commands will create the user and group for
ntop (you can also add the group to
ntop and tell which user to drop privileges:
ntop -P /var/lib/ntop -u ntop
ntoplisten to port 4000 and only accept HTTPS traffic
ntop -w 0 -W 4000
ntoplisten on port 3000 for HTTP traffic and port 4000 for HTTPS traffic
ntop -w 3000 -W 4000.
ntop start at boot and constantly watch traffic, add the following to
/etc/init.d/rc.local (or a similar script that is started at boot, depending on your distribution):
ntop -P /var/lib/ntop -u ntop -d
-d option tells
ntop to daemonise and fork to the background.