What is ntop?
ntop is a network traffic probe that shows the network usage, similar to what the popular top GNU/Linux or Unix commands does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Linux or Unix platform and on Win32 as well.
Download ntop for GNU/Linux
Install ntop in debian
#apt-get install ntop
During the setup it will ask you to select the interface nTop will listen on (i.e. put in promiscuous mode). Note that it says that you can enter a comma-separated list of interfaces so you could install multiple NICs in a system and monitor multiple LAN segments on the same system.
Accept the ntop user name by hitting Enter. After the program is set up you’ll see the message:
device eth0 entered promiscuous mode
A few seconds later you’ll see the message:
device eth0 left promiscuous mode
The NIC dropping out of promiscuous mode indicates a problem. Here the “problem” is that we need to set a password for the nTop account we created during the nTop installation
(that the daemon uses). To do that, enter the command
# ntop –set-admin-password
The uppercase A switch is for setting the program’s Admin password. After entering (and re-entering) a password, restart the process.nTop runs as a daemon.
Now that nTop is configured and running, just point a Web browser
at port 3000 on the Debian system. For example, if the Debian system’s IP address is 10.2.0.20 then you’d type in the following in the address bar of a browser running on a system on the same network:
If you want to start and stop ntop run the following commands
If have any problems you need to check the readme file located at /usr/share/doc/ntop/README.Debian this file details as follows
ntop admin password need to be set:
When ntop is installed at the first time, you MUST set the administration
password for ntop (user ‘admin’). You do that by running ntop with the option
-A (or –set-admin-password) as root.
# ntop –set-admin-password
It will prompt you for the password and then exit. Now start the ntop
# /etc/init.d/ntop start
Note that you can not run ntop as a user as it need full access to the
devices and only root have such access. After it has got that access it
will change user to ntop or whatever you have configured it to. You have
to make sure that the user have access files in /var/lib/ntop. This is
normally fixed by the installation script but it may fail.
Ntop will be started at every reboot when the admin password has been set.
ntop protocol list:
If you start ntop in daemon mode with the supplied init script it will
automatically use /etc/ntop/protocol.list to choose which TCP Protocols
should be monitored. The format of this file is simply:
where label is used to symbolically identify the . The
format of is [|], where
is either a valid protocol specified inside the /etc/services file or
a numeric port range (e.g. 80, or 6000-6500).
log and rotation:
Logs are placed in /var/log/ntop/ and will be rotated every week. The
log rotation will restart the ntop server which will reset the ntop
statistics. If you want to keep the statistics you have to edit or delete
the /etc/logrotate.d/ntop file.
Option names may have been changed between ntop versions. You can either
change them in /etc/default/ntop or rerun the configuration using