Ntopng is a high-speed web-based traffic analysis and collection tool. Ntopng is a new generation of ntop, and the official ntop version is no longer updated. You can use a web browser to view traffic information on the network to analyze network bottlenecks.
1. Environment Description:
This article uses the operating system centos6.4-64bit, using the source code method to install, This article uses the ntop-1.1 version, ntopng: ntopng download http://www.ntop.org/get-started/download /.
2. Install Dependencies
Rpm-IVH epel-release-6-8.noarch.rpm use epel source to install Dependencies
Yum-y install libpcap-devel libpng gdbm-devel glib libxml2-devel pango-devel GD geoip-devel geoip redis
3. Install ntopng
Extract
Tar-zxvf ntopng-1.1_6932.tgz-C ./
Compile and install
./Configure
Gmake
Make install
4. Configure ntopng, create the directory ntopng under/etc, create ntopng. conf, and configure the following content
Mkdir/etc/ntopng
Vim/etc/ntopng. conf
-G =/var/tmp/ntopng. GID
-- Local-networks = 10.2.16.0/24, 10.2.20./ 24, 10.2.18.0/24, 10.2.19.0/24 # specify the Intranet address segments to listen
-- Interface = eth0 # specify the listening network card. Use multiple lines to specify multiple network cards.
-- Interface = eth1.16
-- Interface = eth1.17
-- Interface = eth1.18
-- Interface = eth1.19
-- User = Nobody # specify the running user
-- Http-Port = 3000 # specify the http port of the ntop listener
5. Start ntopng
Service redis start starts the ntopng-dependent Storage System
Ntopng/etc/ntopng. conf & enable ntopng in the background
6. Access the ntopng page
Http: // 10.20..1: 30000 enter the default username and password: admin/admin
View the current traffic information. The bottom pointer of the figure is the current real-time download rate.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/38/2D/wKiom1OzfpvA-rkqAAL_PWAM3ns499.jpg "style =" float: none; "Title =" qq20140702112938.png "alt =" wKiom1OzfpvA-rkqAAL_PWAM3ns499.jpg "/>
View Current active traffic information
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/38/2C/wKioL1OzfxyD5nOLAAZb7uOhx_Y251.jpg "Title =" view local client host Traffic Information "alt =" wkiol1ozfxyd5nolaazb7uohx_y251.jpg "/>
View traffic information of the local host
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/38/2E/wKiom1OzgBuBYGZKAAVfSyUxpw0282.jpg "Title =" qq20140702113900.png "alt =" wkiom1ozgbubygzkaavfsyuxpw0282.jpg "/>
View network interface traffic information
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/38/2C/wKioL1OzfnGyqXEJAALu0rI9Njg753.jpg "style =" float: none; "Title =" qq20140702113111.png "alt =" wkiol1ozfngyqxejaalu0ri9njg753.jpg "/>
##### If you do not want to view the accumulated traffic but want to view the current real-time traffic, you can delete the data collected by ntopng, the default directory is/var/tmp/ntopng/eth1. This method is very effective for collecting IP addresses in the current network with large traffic volumes.
This article is from the "fate" blog, please be sure to keep this source http://czybl.blog.51cto.com/4283444/1433431