HOWTO:Installing and running NTOP

From EnGardeWiki

Jump to: navigation, search

Contents

[edit]

What's Ntop?

According to its author's words, Luca Deri of University of Pisa, ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. Ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform.

In this article we'lls see how we can monitor the usage and get more statistics about our Network with Ntop. In this brief howto we'll learn of to install it on EnGarde Secure Linux.

[edit]

How Ntop Works ?

Ntop users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. The use of:

  • a web interface
  • limited configuration and administration via the web interface
  • reduced CPU and memory usage (they vary according to network size and traffic).
[edit]

Ntop building and configuration

Since in Engarde's repositories there still aren't any Extra Packages for Ntop you have to download and build it from sources. You can download it from the official home page here You can choose to download it in varius format, .exe included.

You can download the sources somewhere in your Engarde Machine by following our simple commands.

Once you logged in as root since there is no SELinux Policy loaded for Ntop and you're not allowed by default using WGET you have to switch into permissive mode by typing the following commands: 

    # newrole -r sysadm_r
    # setenforce 0

The permissive mode now allows you to use wget: 

    # wget http://heanet.dl.sourceforge.net/sourceforge/ntop/ntop-3.2.tgz

Now you have to install a couple of additional packages to get Ntop working. You can use apt: 

    # [root@ciaglia ntop-3.2]# apt-get install gcc gcc-c++ make libpcap libpcap-devel gdbm-devel libgd-devel libpng-devel libtool libtool-libs
    Reading Package Lists... Done
    Building Dependency Tree... Done
    [...]
    Do you want to continue? [Y/n]

After that you're really ready to run the building commands: 

    # tar xzf ntop-3.2.tgz
    # cd ntop-3.2/
    # ./configure 
    # make 
    # make install
[edit]

Using Ntop

This is a very simple procedure. Run this command in the bash shell: 

    # ntop -P /etc/ntop -W4242 -d

What does it means ? Well, -P option reads the configuration files in the “/etc/ntopâ€? directory. The -W option enables the port on which we want to access Ntop through our web browser. If you don't specify this option the default port is 3000. Finally the -d option enables Ntop in daemon mode. This means that Ntop will work until the system runs and works.

Once is started in web mode Ntop enables its web server and allow us to view and use its statistics through any web browser by using the web address http://host:portnumber/.

The example on our test machine: 

    # http://192.168.0.6:4242/

Finally remember to allow TCP/UDP traffic on the 4242 port of your firewall. You can simple use the Firewall Configuration in WebTool.

Retrieved from "http://wiki.engardelinux.org/index.php/HOWTO:Installing_and_running_NTOP"
Personal tools