Use NTOP in RHEL5 to monitor network traffic

NTOP is a flexible and fully functional tool for monitoring and solving LAN problems. It also provides command line input and Web interfaces and can be used for Embedded Web Services. This article describes how to build an NTOP Monitoring System in RHEL5.1. Install software packages required by the NTOP Monitoring System: 1. to install the NTOP software package, you must support libpcap, libcap-devel, libpng, gdbm, gd, and other soft packages. First, check whether these packages are installed in your RHEL5 system. If they are not installed, you only need to mount the RHEL5 system CD to install the corresponding RPM package: [root @ linux5234 ~] # Rpm-qa | grep libpcap
[Root @ linux5234 ~] # Rpm-qa | grep libpcap-devel
[Root @ linux5234 ~] # Rpm-qa | grep libpng
[Root @ linux5234 ~] # Rpm-qa | grep gdbm
[Root @ linux5234 ~] # Rpm-qa | grep gd
Check whether the above package is installed. If it is not installed, mount the RHEL5 CD to install 2.install the rrdtooldrawing tool package (rrdtool-1.2.27.tar.gz): [root @ linux5234 ~] # Tar zxf rrdtool-1.2.27.tar.gz
[Root @ linux5234 ~] # Cd rrdtool-1.2.27
[Root @ linux5234 ~] #./Configure -- prefix =/usr/local
[Root @ linux5234 ~] # Make & make install 3.compile and install the ntopsoftware package ntop-3.3.7.tar.gz): [root @ linux5234 ~] # Tar zxf ntop-3.3.7.tar.gz
[Root @ linux5234 ~] # Cd ntop-3.3.7
[Root @ linux5234 ntop-3.3.7] #./autogen. sh -- with-tcpwrap
[Root @ linux5234 ntop-3.3.7] # make & make install configuration -- with-tcpwrap option is used to support TCP Wrappers Access Control2. Configure the NTOP Monitoring System: 1. sets the NTOP data storage directory. By default, the NTOP system runs as a low-Permission user nobody. To enable ntop to read and write data, you need to adjust the permission of the default storage directory/usr/local/var/ntop: [root @ linux5234 ~] # Chown-R nobody/usr/local/var/ntop 2. Set the password for the NTOP administrator. The default Administrator for NTOP is admin. To ensure security, you need to set a password for it. In addition, when modifying the NTOP settings or disabling the NTOP service through the web page, you must use the administrator user name and password for verification: [root @ linux5234 ~] # Ntop-
Tue Oct 19 10:05:15 2010 NOTE: Interface merge enabled by default
Tue Oct 19 10:05:15 2010 Initializing gdbm databases
Ntop startup-waiting for user response!
Please enter the password for the admin user: // enter the password
Please enter the password again: // enter the password again
Tue Oct 19 10:05:43 2010 Admin user password has been set
3. Set the TCP Wrapper permission. When compiling ntop, we use the -- with-tcpwrap configuration item. Therefore, we can use the TCP Wrapper policy to control ntop access: [root @ linux5234 ~] # Echo 'ntop: 192.168.0.88 '>/etc/hosts. allow // only allow the host 192.168.0.88 to access the ntop Service
[Root @ linux5234 ~] # Echo 'ntop: all'>/etc/hosts. deny // ALL other users refuse 4. Run the ntop service: [root @ linux5234 ~] # Ntop-d-I eth0
// Future daemon method-d) run the NTOP service and monitor the traffic connected to the eth0 Nic. If multiple NICs exist, run the following command to connect to different LAN segments: [root @ linux5234 ~] # Ntop-d-I eth0, eth1-M. In addition, the options of the ntop program can be written into the configuration file with one option per line ), then, start the service in the form of "ntop @ Configuration File. The following are common ntop Program Options:

Option name	Description
-C/-- sticky-hosts	Record of inactive hosts
-P/-- db-file-path	Specify new data storage records
-U/-- user	Identity of the user who runs the program
-B/-- disable-decoders	Disable protocol Decoder
-N/-- numeric-ip-address	Use a digital host ID without NDS resolution)
-W/-- http-server	The default port for listening to HTTP access is 3000)

  3. Use NTOP to monitor network traffic 1. enter "http: // 192.168.0.66: 3000" in the browser to access the NTOP server: 650) this. width = 650; "onclick = 'window. open ("http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0ZU41333-0.jpg "/> 2. view the total network Throughput of each host in the LAN: On the NTOP page that appears, move the cursor to "ALL Protocols" on the top of the page and click "Throughput" in the drop-down menu, as shown in: 650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php?refimg= "+ This. src) 'border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0ZU44W9-1.jpg "/> 3. view the bandwidth usage of each host by time period: On the NTOP web interface, move the cursor to "All Protocols" on the top of the page, and click "Activity" in the drop-down menu to: 650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php?refimg= "+ This. src) 'border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0ZU42001-2.jpg "/> 4. view the traffic statistics of each host by application layer protocol. On the NTOP web page, move the cursor to "IP" at the top of the page and click "Summary" in the drop-down menu ", "Traffic" is enough: 650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php?refimg= "+ This. src) 'border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0ZU43308-3.jpg "/> 5. disable NTOP: On the NTOP web interface, move the cursor to "Admin" at the top of the page and click "Shutdown" in the drop-down menu ", in the displayed dialog box, enter the administrator username and password: 650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php?refimg= "+ This. src) 'border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0ZU44U8-4.jpg "/>

This article from the "Do not go, come to chase" blog, please be sure to keep this source http://netslyz.blog.51cto.com/1006247/407510