Ntop shows the current network usage. It displays a list of hosts that are currently using the network and reports information concerning the IP (Internet Protocol) and Fibre Channel (FC) traffic generated by each host. The traffic is sorted according to host and protocol. Protocols (user configurable) include:

  • TCP/UDP/ICMP
  • (R)ARP
  • IPX
  • DLC
  • Decnet
  • AppleTalk

  • Netbios
  • TCP/UDP
    • o FTP o HTTP o DNS o Telnet o SMTP/POP/IMAP o SNMP o NFS o X11
  • Fibre Channel
    • o Control Traffic - SW2, GS3, ELS o SCSI

(In human-readable, this means you can very comprehensively monitor your network traffic, connections & bandwidth via a web output)

Installation

Packages needed for installation are:

ntop

You can just type the following to install it (make sure you enable the Universe repositories): https://help.ubuntu.com/7.10/add-applications/C/extra-repositories.html

sudo apt-get install ntop -y

Compiling ntop from source or SVN

The ntop source can be retrieved from Ubuntu's servers using a command like:

apt-get source ntop

which will unpack the source package into the current working directory with a name like ntop-3.3.10. You can also follow the instructions at ntop.org to retrieve the latest version from SVN (trunk):

svn co https://svn.ntop.org/svn/ntop/trunk/ntop

Most of the packages which will be required to build ntop from source on an Ubuntu 9.10 (Karmic) can be retrieved with the following command:

sudo apt-get install libpcap-dev libgdbm-dev libevent-dev librrd-dev python-dev libgeoip-dev

You must first run ./autogen.sh in the ntop directory to create the configure script, Makefiles, and such, as described here. The configure script is pretty good about telling you which dependencies are missing, if any. Don't forget you can pass configure options to autogen.sh, as in:

./autogen.sh --prefix=/usr/local/stow/ntop-svn

References:

  1. http://www.ntop.org/download.html

  2. http://www.gnu.org/software/stow/ - helps manage source packages without sullying /usr/bin, /usr/share, and so on

Configuration

When first installing & configuring the ntop application you need to set an admin password.

sudo ntop --set-admin-password

restart the service with

sudo /etc/init.d/ntop restart

Fixing "Physical Host Location" feature (mapper.pl)

The link to http://www.ntop.org/cgi-bin/mapper.pl for physical host locations (the compass icon in traffic listings) is broken (Error 404) as of this writing (2010-07-01). This affects ntop package version 3.3-11ubuntu1 for Karmic (9.10).

Check this space for a workaround using a local http server and links to relevant Launchpad bug reports.

Status of host location mapping in SVN (reported as of SVN revision 4304)

The issue with the dead mapper.pl link is resolved in the latest SVN, as of this writing (2010-07-02). The host location results com from http://geotool.servehttp.com instead, a service of MaxMind, who provide the libgeoip1 library also used in ntop.

Access

On yur local machine

To access your network statistics via the web visit the web address:

http://localhost:3000

Access from an external network with apache reverse proxy

Attention: Only for experienced users. It has cost me two days to find a completely working solutions, and in some parts, I still can't figure out why exactely this configuration is working.

If you do not want to open port 3000 in your firewall, you can use apache's reverse proy module to allow access to ntop.

Enable the proxy module:

sudo a2enmod proxy_http

Edit your site's configuration in /etc/apache2/sites-enabled/your-site and add this code (don't forget to replace all occurences of your.domain.com with your real domain).

<VirtualHost *:80>
    # keep the existing entries
    ...

    # add here
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    ProxyRequests       Off
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} your.domain.com/ntop
    RewriteCond %{REQUEST_URI} !^/ntop/
    RewriteRule ^/(.*)$ https://your.domain.com/ntop/$1 [L,R=permanent]

    RewriteCond %{REQUEST_URI} ^/ntop/
    RewriteRule ^/ntop/(.*)$ http://localhost:3000/$1 [L,P]

    <Location /ntop>
        ProxyPass          http://localhost:3000
        ProxyPassReverse   http://localhost:3000
    </Location>
</VirtualHost>

Restart your server

sudo service apache2 restart

And it should work.

Links

http://www.ntop.org/

Segfaults

The packaged version of ntop in Lucid 10.04 is plagued with segfaults. You will be using ntop and it just cuts out in the middle of your session. There is luckily a way around this, that is easier than the SVN method.

Thanks to Sylvain Garcia who has packaged the newest version of ntop in a PPA to install just do the following from a terminal:

sudo apt-add repository ppa:sylvain-garcia

note: aptitude, used in the following set of commands, is no longer included in the default install of Ubuntu due to trying to fit into a 700mb cd. You can easily install aptitude with

apt-get install aptitude

If you have already installed ntop:

sudo aptitude update && sudo aptitude safe-upgrade

If you haven't yet installed ntop:

sudo aptitude update && sudo aptitude install ntop

Next there is one setting missing in the Ubuntu build of ntop. It's easy enough to change. (note nano is the default editor for Ubuntu. You may use of course any editor you prefer.)

sudo nano /etc/init.d/ntop

CTRL+_ 96 (that's an underscore, the command in nano to go to a specific line)

In the line that reads:

  • start-stop-daemon --start --quiet --name $NAME --exec $DAEMON -- \ -d -L -u $USER -P $HOMEDIR \

add -b so that it now reads:

  • start-stop-daemon --start --quiet --name $NAME --exec $DAEMON -- \

    -d -b -L -u $USER -P $HOMEDIR \

CTRL+O CTRL+X (save and quit in nano)

sudo service ntop restart

now browse to localhost:3000 and have fun with ntop

Reference: https://bugs.launchpad.net/ubuntu/+source/ntop/+bug/588049


CategoryNetworking

Ntop (last edited 2012-02-22 12:25:39 by geg)