Ntop

From Christoph's Personal Wiki
Revision as of 07:25, 5 September 2007 by Christoph (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.

Install

  • Dependencies:
    • xorg-x11-devel
    • libgdbm

Using svn is probably the easiest way to download the source:

mkdir my_ntop_goes_here
cd my_ntop_goes_here
svn co https://svn.ntop.org/svn/ntop/trunk/ntop

Now you need to compile ntop:

cd ntop
./autogen.sh
make
make install  # as root

Usage

Note:After installing ntop one must provide an admin password (first run only). Once ntop is installed, you must provide an administrative password on the first run.

  • Run ntop directly:
ntop -A

This will start ntop, ask you for the admin password, and then exit. After that, you can start ntop and begin monitoring network traffic.

  • basic invocation:
ntop -P /var/lib/ntop

This will start ntop and write the database files to the directory /var/lib/ntop (note: You must start ntop as root, however, you can give users permission as well).

Instead of running ntop as root all the time, run it as a dedicated user. To create the user ntop, execute:

groupadd ntop
useradd -M -s /bin/false -d /var/lib/ntop -c "ntop user" -g ntop ntop

These two commands will create the user and group for ntop (you can also add the group to /etc/group).

Finally, start ntop and tell which user to drop privileges:

ntop -P /var/lib/ntop -u ntop
  • have ntop listen to port 4000 and only accept HTTPS traffic
ntop -w 0 -W 4000
  • have ntop listen on port 3000 for HTTP traffic and port 4000 for HTTPS traffic
ntop -w 3000 -W 4000.

To have ntop start at boot and constantly watch traffic, add the following to /etc/init.d/rc.local (or a similar script that is started at boot, depending on your distribution):

ntop -P /var/lib/ntop -u ntop -d

Specifying the -d option tells ntop to daemonise and fork to the background.

External links