Network Traffic Monitoring ntopng

Network Traffic Monitoring ntopng

Ntopng
Outline
I. Introduction
Ii. Functions
Iii. Installation
Iv. Configuration
V. Test

I. Introduction

1. ntopng is the next-generation ntop version. It monitors and displays network traffic in real time. Ntop is based on Libpcap and it is written in a portable way to run on UNIX platforms. MacOSX is the same as Win32.

2. ntopng users can use the NTOP (Web Server) traffic information browsed by a Web browser and get the network status dump. In the latter case, we can see that ntop has an embedded network interface as a simple remote monitoring agent. Usage:

One Network Interface
Limited Web interface configuration and management
Reduce CPU and memory usage (varies depending on the network size and traffic)

Configure the Web-based network traffic monitoring system ntopng on Linux

Ntopng of Linux real-time network traffic monitoring tool

Ii. Functions

Automatically identifies useful information from the network;

Converts intercepted data packets into a format that is easy to recognize;

Analyzes communication failures in the network environment;

Measure the test taker's knowledge about the time and process of network communication.

Monitoring Engine for clean Separation

Reporting Facility.

Sturdy, collision engine (NTOP is not true ).

Platform extension or script writing

· No restart is required during running.

The Real-time Monitoring Tool collects data (5 minutes) and submits the data when it is too late.

Many new features, including HTML5-based dynamic graphic user interfaces, classification, DPI.

All software packages used in this article

FTP address: ftp://ftp1.bkjia.com

Username: ftp1.bkjia.com

Password: www.bkjia.com

On June 14, 2014, LinuxIDC.com \ June 14, June, \ Network Traffic Monitoring ntopng

For the download method, see

------------------------------------------ Split line ------------------------------------------

Iii. Installation

1. upgrade the Library File

Note that the new version of ntopng mainly depends on two library files one is the glibc-2.7 version or later, the other is libstdc4.3.2 or later. (Glibc compilation and installation, libstdc is installed with RPM packages, and glibc compilation and installation takes a little longer .)

[Root @ ntopng src] # ls

Glibc-2.19.tar.gz libstdc ++-4.9.0-8. fc21.1.x86 _ 64.rpm

[Root @ ntopng src] # rpm-ivh libstdc ++-4.9.0-8. fc21.1.x86 _ 64.rpm

Error: Failed dependencies:

Libc. so.6 (GLIBC_2.14) (64bit) is needed by libstdc ++-4.9.0-8. fc21.1.x86 _ 64

Libc. so.6 (GLIBC_2.17) (64bit) is needed by libstdc ++-4.9.0-8. fc21.1.x86 _ 64

[Root @ ntopng src] # rpm-ivh libstdc ++-4.9.0-8. fc21.1.x86 _ 64.rpm -- nodeps -- force

Preparing... ######################################## ### [100%]

1: libstdc ++ ##################################### ###### [100%]

Note: ntopng mainly depends on GLIBCXX_3.4.9.

[Root @ ntopng src] # strings/usr/lib64/libstdc ++. so.6 | grep GLIBC

GLIBCXX_3.4

GLIBCXX_3.4.1

GLIBCXX_3.4.2

GLIBCXX_3.4.3

GLIBCXX_3.4.4

GLIBCXX_3.4.5

GLIBCXX_3.4.6

GLIBCXX_3.4.7

GLIBCXX_3.4.8

GLIBCXX_3.4.9

GLIBCXX_3.4.10

GLIBCXX_3.4.11

GLIBCXX_3.4.12

GLIBCXX_3.4.13

GLIBCXX_3.4.14

GLIBCXX_3.4.15

GLIBCXX_3.4.16

GLIBCXX_3.4.17

GLIBCXX_3.4.18

GLIBCXX_3.4.19

GLIBCXX_3.4.20

GLIBC_2.3

GLIBC_2.2.5

GLIBC_2.14

GLIBC_2.4

GLIBC_2.17

GLIBC_2.3.2

GLIBCXX_DEBUG_MESSAGE_LENGTH

[Root @ ntopng src] # yum-y install gcc-c ++ make

[Root @ ntopng src] # tar xf glibc-2.19.tar.gz

[Root @ ntopng src] # cd glibc-2.19

[Root @ ntopng glibc-2.19] # mkdir glibc_build

[Root @ ntopng glibc-2.19] # cd glibc_build/

[Root @ ntopng glibc_build] # ../configure -- prefix =/usr/

[Root @ ntopng glibc_build] # make & make install

2. Install the ntopng dependency package

[Root @ ntopng ~] # Rpm-ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Retrieving http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Warning:/var/tmp/rpm-tmp.1VdEVr: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY

Preparing... ######################################## ### [100%]

1: epel-release ##################################### ###### [100%]

[Root @ ntopng ~] # Yum install-y GeoIP-devel GeoIP redis

[Root @ ntopng ~] # Service redis start

Starting redis-server: [OK]

3. Install ntopng

Note: Both the source code compilation and installation and the rpm package are installed at the same time, because an error will be reported when ntopng is started.

[Root @ ntopng ~] # Service ntopng start

Starting ntopng

[Root @ ntopng ~] #/Usr/local/bin/ntopng: error while loading shared libraries: librrd. so.4: cannot open shared object file: No such file or directory

The solution is to install the source code + rpm, because the installation source code package does not have a configuration file, and the rpm package has a configuration file installed, which is the best combination of the two.

[Root @ ntopng ~] # Yum-y install libpcap * libxml2 libxml2-devel glib2-devel libglib2.0-dev

[Root @ ntopng src] # tar xf ntopng-1.1_6932.tgz

[Root @ ntopng ntopng-1.1_6932] #./configure -- prefix =/usr/local/ntopng

[Root @ ntopng ntopng-1.1_6932] # gmake

[Root @ ntopng ntopng-1.1_6932] # make install

[Root @ ntopng src] # rpm-ivh ntopng-1.1.3_7750-7750.x86_64.rpm -- nodeps

Warning: ntopng-1.1.3_7750-7750.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 7921df34: NOKEY

Preparing... ######################################## ### [100%]

1: ntopng ####################################### #### [100%]

Setting up redis auto startup

[Root @ ntopng src] # rpm-ivh ntopng-data-1.1.3_7750-7750.x86_64.rpm -- nodeps

Warning: ntopng-data-1.1.3_7750-7750.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 7921df34: NOKEY

Preparing... ######################################## ### [100%]

1: ntopng-data ##################################### ###### [100%]

[Root @ ntopng src] # cd/etc/ntopng/

[Root @ ntopng] # ll

Total 8

-Rw-r --. 1 root 23 Jun 11 21:12 ntopng. conf. sample # configuration file

-Rw-r --. 1 root 49 Jun 11 ntopng. start # start File

[Root @ ntopng] # cat ntopng. conf. sample

-G =/var/tmp/ntopng. gid # specify the running process ID file

[Root @ ntopng] # cat ntopng. start

-- Local-networks "192.168.1.0" # local subnet segment

-- Interface 0 # Listen for traffic on the NIC

Iv. Configuration

[Root @ ntopng] # cp ntopng. conf. sample ntopng. conf

[Root @ ntopng] # vim ntopng. conf

-G =/var/tmp/ntopng. gid

-- Local-networks "192.168.0.0/24"

-- Interface eth1 # network card on which the listener is located

-- User nobody

-- Http-port 8000 # The default value is 3000.

# Start the ntopng Service

Note: before running ntopng, make sure to start the redis service first. redis provides key-value storage for ntopng. Restart the redis service.

[Root @ ntopng ~] # Service ntopng start # The library file is missing in the rpm package installation package

Starting ntopng

[Root @ ntopng ~] #/Usr/local/bin/ntopng: error while loading shared libraries: librrd. so.4: cannot open shared object file: No such file or directory

[Root @ ntopng ~] # Service ntopng start # After source code compilation and installation, note not to uninstall ntopng installed in the rpm package

Starting ntopng

 

[Root @ ntopng] # service ntopng restart

Stopping ntopng

Waiting ntopng to shutdown and flush data...

Starting ntopng

[Root @ ntopng] # netstat-tnlp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

Tcp 0 0 127.0.0.1: 6379 0.0.0.0: * LISTEN 63713/redis-server

Tcp 0 0 0.0.0.0: 22 0.0.0.0: * LISTEN 1041/sshd

Tcp 0 0 127.0.0.1: 25 0.0.0.0: * LISTEN 1117/master

Tcp 0 0 0.0.0.0: 8000 0.0.0.0: * LISTEN 63793/ntopng

Tcp 0 0: 22: * LISTEN 1041/sshd

Tcp 0 0: 1: 25: * LISTEN 1117/master

For more details, please continue to read the highlights on the next page:

1 2 Next Page