Linux network traffic monitoring tool installation implementation and function Introduction

MRTG is a common tool used to monitor network traffic. Here we will introduce another tool-NTOP. Using NTOP to display network usage is more intuitive and detailed than MRTG. NTOP can even list the network bandwidth utilization of each node computer. The following describes the installation and functions of the Linux network traffic monitoring tool.

Linux NTOP network traffic monitoring function

The Linux network traffic monitoring tool NTOP provides the following functions:
◆ Automatically identifies useful information from the network;
◆ Convert intercepted data packets into a format that is easy to recognize;
◆ Analyze communication failures in the network environment;
◆ Detect communication bottlenecks in the network environment;
◆ Record the time and process of network communication.

The Linux network traffic monitoring tool can analyze network traffic to identify various problems on the network. It can also be used to determine whether a hacker is attacking the network system; it also allows you to easily display detailed information such as specific network protocols, hosts occupying a large amount of bandwidth, target hosts for various communications, transmission time of data packets, and delay of transmitted data packets. By understanding this information, the network manager can respond to faults in a timely manner and optimize and adjust the network to ensure the efficiency and security of network operation.

Install NTOP

Compared with MRTG, NTOP is easier to install and configure without using the Apache server. Install NTOP on the network management workstation to monitor the network performance of small and medium-sized Linux heterogeneous networks.
First go to The http://optusnet.dl.sourceforge.net/...top/ntop-2.2.gz to download the latest NTOP source code, and then to the release.

Install libpcap before NTOP:
# Rpm-ivh libpcap-0.6.2-12.i386.rpm
# Tar zxvf ntop-2.2.tgz
# Cd ntop/gdchart0.94c
#./Configure
......

When configuring NTOP, the system will prompt you to compile the gd and zlib modules first.
Do not forget to build:
1. gd-1.8.3/libpng-1.2.1
2. zlib-1.1.4/

After compiling gd and zlib, return to the NTOP directory to re-compile and install:
# Cd gd-1.8.3/libpng-1.2.1/
# Cp scripts/makefile. LinuxMakefile
# Make
# Cd.../zlib-1.1.4
#./Configure
# Make
# Cd ..
# Make
# Cd ../ntop/
#./Configure
# Make; make install

The Linux network traffic monitoring tool creates a log directory:
# Mkdir/var/log/ntop/
After completing the preceding steps, you can start NTOP:
# Ntop-P/var/log/ntop/-u nobody &

Linux network traffic monitoring tool precise monitoring

NTOP supports Simple Network Management Protocol, SNMP), and displays PNG format images in HTML format, so that Network administrators can monitor Network device switches and routers). Open your browser and enter http: // IP: 3000 "IP" in the address bar to open the NTOP management interface. During the first running, the administrator password is required. The default password is "admin". You do not need to enter the password again after the second start.

1. view the overall network traffic
To view the overall network Traffic, click the Stats tab and click the Traffic option. Network Traffic is displayed in a cylindrical diagram and a detailed table.

2. View host traffic
To view the network Traffic of a computer on a specific node, click the "IP Traffic" tab and click the "Host" option.

3. Monitor the network protocol used by the host
As shown in figure 3, a computer with the Host Name "CAO" sends a large amount of data. its IP address is "192.168.0.5" and its MAC address is "52: 54: AB: 34: 5B: 09 ". If you want to know the data transmitted by the computer, double-click the host name to analyze the types of network transmission protocols used by the user and their proportions of bandwidth respectively.

4. view port usage
NTOP can associate the port usage with the application, which is similar to the effect of using the "netstat-an" command, and displays the port opening time, port traffic, and other details. For example, you can associate the TCP/UDP Ports opened on the local machine with the application, click "IP Traffic" → "L-L" → "TCP/UDP Servers/Ports Usage"

Summary

Through the Linux network traffic monitoring tool NTOP, all inbound and outbound network data is basically invisible. NTOP is an excellent tool for monitoring networks and preparing network conditions reports. However, the nature of NTOP network "sniffer" determines that it is a "double-edged sword". It is worth noting that how to protect this information is provided only to authorized persons.