Install NTOP in RedHatEnterpriseLinux5.3

As Linux is widely used, a large number of network servers use the Linux operating system. To comprehensively measure the network running status, you must be able to perform more detailed and accurate measurements on the network status. The total data traffic of the network server and the packet transfer rate (or traffic) of TCP and UDP are important for network administrators, because when the traffic is too high, find the network bottleneck. Therefore, in terms of network management, it is necessary to understand the status of various network services for each host in the network, and limit or increase bandwidth based on traffic.

As Linux is widely used, a large number of network servers use the Linux operating system. To comprehensively measure the network running status, you must be able to perform more detailed and accurate measurements on the network status. The total data traffic of the network server and the packet transfer rate (or traffic) of TCP and UDP are important for network administrators, because when the traffic is too high, find the network bottleneck. Therefore, in terms of network management, it is necessary to understand the status of various network services for each host in the network, and limit or increase bandwidth based on traffic. We will introduce the next complete GUI network detection tool ntop in Linux.

NTOP provides the following features:
① Automatically identifies useful information from the network;
② Convert intercepted data packets into a format that is easy to recognize;
③ Analyze communication failures in the network environment;
④ Detect communication bottlenecks in the network environment;
⑤ Record the network communication time and process;
⑥ Automatically identifies the operating system in use by the client;
7. You can run it in command line or Web.
 

Next, let's start the NTOP installation process.
Preparations;
(Note that we use the source code package for compilation and installation. Install the development environment first)
# Cd/opt
# Wget http://freshmeat.net/redir/ntop/7279/url_tgz/ntop-3.3.6.tar.gz
# Tar-zxvf ntop-3.3.6.tar.gz
 
Note that we must have installed RRDTOOl before this, and you also need to install libpcap
# Yum install libpcap-devel libpcap
 
Enter the following command to compile and install NTOP
# Cd ntop
#./Autoten. sh
 
# Make
 
# Make insatll
# Make install-data-
 
Create an ntop user
# Useradd-M-s/sbin/nologin-r ntop
 
Set Directory Permissions
# Chown ntop: root/usr/local/var/ntop/
# Chown ntop: ntop/usr/local/share/ntop/
 
Set your NTOP user administrator password
# Ntop-

500) this. width = 500; "border = 0>

Start your NTOP
 
#/Usr/local/bin/ntop-d-L-u ntop-P/usr/local/var/ntop -- skip-version-check -- use-syslog = daemon
 
If you have multiple Nic interfaces, run the following command to start
#/Usr/local/bin/ntop-I "eth0, eth1 "-d-L-u ntop-P/usr/local/var/ntop -- skip-version-check -- use-syslog = daemon
 
Where
-I indicates the network interface monitored by NTOP. Here we monitor eth0 and eth1.
-D run NTOP with a daemon
-L all log information is sent to the System log (/var/log/messages) and is not displayed on the screen.
-U ntop starts the ntop service as an NTOP user
-P/usr/local/var/ntop specifies where your NTOP database file is stored. You may need to back up your database as part of your disaster recovery plan.
-- Skip-version-check by default, NTOP for Remote File Access regularly checks whether the latest version is running. Disable this option and select.
-- Use-syslog = daemon use the system log daemon process
 
 
In this case, you can enter http: // localhost: 3000 or http: // server-ip: 3000/in the browser to access our NTOP.

500) this. width = 500; "border = 0>

If you have enabled iptables, open your port 3000.
# Vi/etc/sysconfig/iptables
Add the following line in it:
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 3000-j ACCEPT
# Service iptables restart (restart your iptables)
 
 
You do not need to open port 3000 to view the NTOP status.
Method: use SSL to set a simple tunnel and enter your local UNIX/linux Desktop System:
$ Ssh-L 3000: localhost: 3000-N-f user@server.yourcorp.com
 
Open the browser and enter the following command:
 
Http: // localhost: 3000
 
How do I set NTOP to start at startup?
# Vim/etc/rc. loacl
 
Append the following line:
/Usr/local/bin/ntop-I "eth0, eth1 "-d-L-u ntop-P/usr/local/var/ntop -- skip-version-check -- use-syslog = daemon
Save the file and exit.
 
How can I stop your NTOP?
You can disable NTOP by using Web pages, or by using the kill or killall command.

500) this. width = 500; "border = 0>

Or use killed:
# Killall ntop
 
The NTOP main interface has a total of 8 large la S and 33 options. It mainly includes the following content.
① About: online manual.
② Summary: Overall Network overview.
Traffic: Traffic.
Hosts: overview of all Hosts.
Network Load: Network Load for each time period.
Netflows: Network Traffic diagram.
③ IP Summary: traffic status and ranking details of each host.
Traffic: Traffic details of all hosts.
Multicast: multi-point transmission.
Domain: Domain name.
Distribution: traffic status.
Local> Local: Local traffic.
Local> Remote: external details of all hosts.
Remote> Local: traffic from the Remote host to the Local host.
Remote> Remote: traffic from the Remote host to the Remote host.
④ All Protocols: view the bandwidth occupied by each host and network user details for each time period.
Traffic: Traffic.
Throughput: The bandwidth usage list (click a host to view the detailed information and usage of the host ).
Activity: traffic status of all hosts in each time period (click a host to view the detailed information and Usage Status of the host ).
⑤ Local IP Address: the usage of each host in the Local network.
Routers: vro status.
Ports Used: port usage.
Active TCP Sessions: currently online.
Host Fingerprint: Host snapshot information.
Host Characterization: Host description.
Local Matrix: Traffic details between hosts in the Local network.
⑥ FC: optical network condition.
7. SCSI: SCSI device status.
Administrative Admin: adds NTOP users or restarts to stop NTOP.