Ntop shows the current network usage. It displays a list of hosts that are currently using the network and reports information concerning the IP (Internet Protocol) and Fibre Channel (FC) traffic generated by each host. The traffic is sorted according to host and protocol. Protocols (user configurable) include:
- TCP/UDP/ICMP
- (R)ARP
- IPX
- DLC
- Decnet
- Netbios
- TCP/UDP
- o FTP o HTTP o DNS o Telnet o SMTP/POP/IMAP o SNMP o NFS o X11
- Fibre Channel
- o Control Traffic - SW2, GS3, ELS o SCSI
(In human-readable, this means you can very comprehensively monitor your network traffic, connections & bandwidth via a web output)
Installation
Packages needed for installation are:
ntop
You can just type the following to install it (make sure you enable the Universe repositories): https://help.ubuntu.com/7.10/add-applications/C/extra-repositories.html
sudo apt-get install ntop -y
Compiling ntop from source or SVN
The ntop source can be retrieved from Ubuntu's servers using a command like:
apt-get source ntop
which will unpack the source package into the current working directory with a name like ntop-3.3.10. You can also follow the instructions at ntop.org to retrieve the latest version from SVN (trunk):
svn co https://svn.ntop.org/svn/ntop/trunk/ntop
Most of the packages which will be required to build ntop from source on an Ubuntu 9.10 (Karmic) can be retrieved with the following command:
sudo apt-get install libpcap-dev libgdbm-dev libevent-dev librrd-dev python-dev libgeoip-dev
You must first run ./autogen.sh in the ntop directory to create the configure script, Makefiles, and such, as described here. The configure script is pretty good about telling you which dependencies are missing, if any. Don't forget you can pass configure options to autogen.sh, as in:
./autogen.sh --prefix=/usr/local/stow/ntop-svn
References:
http://www.gnu.org/software/stow/ - helps manage source packages without sullying /usr/bin, /usr/share, and so on
Configuration
When first installing & configuring the ntop application you need to set an admin password.
sudo ntop --set-admin-password
restart the service with
sudo /etc/init.d/ntop restart
Fixing "Physical Host Location" feature (mapper.pl)
The link to http://www.ntop.org/cgi-bin/mapper.pl for physical host locations (the compass icon in traffic listings) is broken (Error 404) as of this writing (2010-07-01). This affects ntop package version 3.3-11ubuntu1 for Karmic (9.10). Check this space for a workaround using a local http server and links to relevant Launchpad bug reports.
Status of host location mapping in SVN (reported as of SVN revision 4304)
The issue with the dead mapper.pl link is resolved in the latest SVN, as of this writing (2010-07-02). The host location results com from http://geotool.servehttp.com instead, a service of MaxMind, who provide the libgeoip1 library also used in ntop.
Access
On yur local machine
To access your network statistics via the web visit the web address:
Access from an external network with apache reverse proxy
Attention: Only for experienced users. It has cost me two days to find a completely working solutions, and in some parts, I still can't figure out why exactely this configuration is working.
If you do not want to open port 3000 in your firewall, you can use apache's reverse proy module to allow access to ntop.
Enable the proxy module:
sudo a2enmod proxy_http
Edit your site's configuration in /etc/apache2/sites-enabled/your-site and add this code (don't forget to replace all occurences of your.domain.com with your real domain).
<VirtualHost *:80>
# keep the existing entries
...
# add here
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
RewriteEngine On
RewriteCond %{HTTP_REFERER} your.domain.com/ntop
RewriteCond %{REQUEST_URI} !^/ntop/
RewriteRule ^/(.*)$ https://your.domain.com/ntop/$1 [L,R=permanent]
RewriteCond %{REQUEST_URI} ^/ntop/
RewriteRule ^/ntop/(.*)$ http://localhost:3000/$1 [L,P]
<Location /ntop>
ProxyPass http://localhost:3000
ProxyPassReverse http://localhost:3000
</Location>
</VirtualHost>Restart your server
sudo service apache2 restart
And it should work.
Links
Segfaults
The packaged version of ntop in Lucid 10.04 is plagued with segfaults. You will be using ntop and it just cuts out in the middle of your session. There is luckily a way around this, that is easier than the SVN method.
Thanks to Sylvain Garcia who has packaged the newest version of ntop in a PPA to install just do the following from a terminal:
sudo apt-add repository ppa:sylvain-garcia
note: aptitude, used in the following set of commands, is no longer included in the default install of Ubuntu due to trying to fit into a 700mb cd. You can easily install aptitude with
apt-get install aptitude
If you have already installed ntop:
sudo aptitude update && sudo aptitude safe-upgrade
If you haven't yet installed ntop:
sudo aptitude update && sudo aptitude install ntop
Next there is one setting missing in the Ubuntu build of ntop. It's easy enough to change. (note nano is the default editor for Ubuntu. You may use of course any editor you prefer.)
sudo nano /etc/init.d/ntop
CTRL+_ 96 (that's an underscore, the command in nano to go to a specific line)
In the line that reads:
- start-stop-daemon --start --quiet --name $NAME --exec $DAEMON -- \ -d -L -u $USER -P $HOMEDIR \
add -b so that it now reads:
- start-stop-daemon --start --quiet --name $NAME --exec $DAEMON -- \
-d -b -L -u $USER -P $HOMEDIR \
CTRL+O CTRL+X (save and quit in nano)
sudo service ntop restart
now browse to localhost:3000 and have fun with ntop
Reference: https://bugs.launchpad.net/ubuntu/+source/ntop/+bug/588049