Installation of network monitoring tool ntopng on Linux

In today's world, people's computers are interconnected and interconnected. Small to your Home area network (LAN), the largest one is what we call the Internet. When you manage a networked computer, you are managing one of the most critical components. Because most of the developed applications are network-based, the network connects these key points.

That's why we need network monitoring tools. NTOP is one of the best network monitoring tools. Knowledge from Wikipedia "NTOP is a network probe that displays network usage in a way similar to the top display process. In interactive mode, it shows the status of the network on the user's terminal. In Web page mode, it acts as a network server, creating an HTML dump file of network status. It supports Netflow/sflowemitter/collector, an HTTP-based client interface for creating NTOP-centric monitoring applications and using RRD to continuously store communications data ".

15 years from now, you will see ntopng--next generation ntop.

What is Ntopng?

Ntopng is a web-based, communication analyzer and traffic collector. Ntopng is based on NTOP, which runs on all UNIX platforms, MacOS x, and Windows.

Characteristics

From the Ntopng website, we can see that they say it has many features. Some of them are listed here:

• Sort network traffic by various protocols
• Active hosts that display network traffic and IPV4/V6
• Constant storage of the location host's communication data to disk in the RRD format
• Discover application protocols through the Ndpi,ntop DPI framework
• Shows the distribution of IP traffic between various protocols
• Analyze IP traffic and sort by source/destination Address
• Shows the matrix of IP communication subnets (who is communicating with whom?) ）
• Report IP protocol usage by protocol type
• Generating Html5/ajax network communication data

Prerequisites for Installation

NTOP has pre-compiled packages for CentOS and 64-bit ubuntu, and you can find these packages on their download page. For 32-bit operating systems, you must compile from source code. This article was tested on the CentOS 6.4 32-bit version. However, it can also work on other Linux versions that are based on centos/redhat. Let's get started.

Development tools

You have to make sure that you have all the development tools you need to compile ntopng, and to install development tools, you can use the Yum command:

1. # yum groupinstall ‘Development Tools’

Installing TCL

1. # yum install tcl

Installing Libpcap

1. # yum install libpcap libcap-devel

Installing Redis

1. # wget http://redis.googlecode.com/files/redis-2.6.13.tar.gz
2. # tar zxfv redis-2.6.13.tar.gz
3. # cd redis-2.6.13
4. # make 32bit
5. # make test
6. # make install

Install Ntopng Method 1:

1. # wget http://sourceforge.net/projects/ntop/files/ntopng/ntopng-1.1_6932.tgz/download
2. # tar zxfv ntopng-1.1_6932.tgz
3. # cd ntopng-1.1_6932
4. # ./configure
5. # make
6. # make install

Method 2:

On my CentOS 6.4, I received an error message using Method 1 o'clock, with the following error message:

1. ./third-party/LuaJIT-2.0.2/src/libluajit.a : could not read symbols : File in wrong format

So, I switched to SVN to install it. For this method, you need to connect to the following steps:

1. # svn co https://svn.ntop.org/svn/ntop/trunk/ntopng/
2. # ./autogen.sh
3. # ./configure
4. # make
5. # make install

Since Ntopng is a web-based application, your system must have a well-functioning Web server installed

Create a configuration file for Ntopng

If everything has been installed, then we should run it. By default, if we do not explicitly modify the installation folder in the./configure step, Redis and Ntopng will be installed to the/usr/local/folder. Next, we need to create a configuration file for Ntopng. In this article, we use VI as a text editor. You can also use your favorite text editor to create a ntopng profile.

1. # cd /usr/local/etc
2. # mkdir ntopng
3. # cd ntopng
4. # vi ntopng.start

Put these lines:

1. --local-network "10.0.2.0/24"
2. --interface 1

1. # vi ntopng.pid

Put this line:

1. -G=/var/run/ntopng.pid

Save the files, and then proceed to the next step.

Run Ntopng

We assume that you have installed the network server correctly, so the next step is to run the Redis server.

1. # /usr/local/bin/redis-server

Then, run the Ntopng

1. # /usr/local/bin/ntopng

Test Ntopng

Now you can test the Ntopng app by visiting http://yourserver.name:3000, and you'll see the ntopng login page. For the first time login, you can use the user 'admin' and password 'admin'.

The dashboard is fairly concise. When you're logged in, you'll see the top traffic Communicator page.

If you click on the Traffic menu at the top of the right, Ntopng will show more details about the active traffic.

On the host menu , you can see all the hosts connected to the stream.

If you click on host > Interactive , ntop will display a nice interactive infographic between the hosts.

Dashboard Menu components:

Top-level Host (send + receive)

Top-level application protocols

The Interface Menu will guide you through the more in-house menus. The Package menu will show you the size distribution of the package.

The Protocol menu shows you how many protocols are used and their percentage of usage.

You can also view activity by using the History activity menu .

The last point is that you can also manage which users can access the Ntopng through the settings menu on the right-hand side of the top (the one on the gear icon).

Ntopng offers a wide range of timelines, from 5 minutes to 1 years. You just need to click on the timeline you want to display. The chart itself can be clicked, and you can click it to zoom in.

Of course, Ntopng can do more than the above picture shows. You can also integrate location and e-map services. On Ntopng's own website, there are paid modules available for use, such as nprobe can extend the information ntopng can provide to you. For more information about Ntopng, you can visit the Ntopng website.

Installation of network monitoring tool ntopng on Linux